Hidden chanels in automated systems – the invisible part of the iceberg
UDC: 004.056
DOI: -
Authors:
TIMAKOV ALEKSEY A.
1,
SAFRIN YURY A.1,
PRAVIKOV DMITRY I.2
1 MIREA - Russian Technological University, Moscow, Russia
2 National University of Oil and Gas "Gubkin University", Moscow, Russia
Keywords: hidden channel, communication channel, information flow, information flow control, security policy, informational non-interference, technical channels of information leakage, side electromagnetic radiation
Annotation:
Hidden channels control is a crucial condition for trusting automated systems that process critical information, including the enterprises of the fuel and energy complex. The existing research is often focused on specific infrastructure layers like network or system. Besides, guiding documents go beyond such constraints, necessitating consideration of any information dissemination paths not foreseen by the system developers. By now a great number of studies of hidden channels in the system, application-oriented software and physical media has been carried out. The authors of the article aim at establishing a unified methodological foundation for developing information protection requirements that account for various types of hidden channels availability and a comprehensive strategy for their control in critical automated systems. Notably, the study relies on formal methods to verify system properties, providing evidence for the effectiveness of implemented protective measures. The study employs programming language theory and automata theory, methods for assessing the security of critical information infrastructure. A comprehensive approach to the formalized representation of technical information leakage channels and covert channels arising in automated systems with secure implementations is presented. The essence of this approach involves using a recommended general scheme for describing covert channels, including the documentation of risks associated with the occurrence of random, probabilistic, temporal, and certain other types of unauthorized information flows in software. The proposed approach simplifies the solution of security threat description and analysis tasks involving hidden and technical information leakage channels in automated systems.
Bibliography:
1. Timakov A.A. Sposob kontrolya rasprostraneniya chuvstvitel'nykh dannykh v programmnom obespechenii informatsionnykh sistem // Avtomatizatsiya i informatizatsiya TEK. – 2025. – № 4(621). – S. 54–61.
2. Porshnev S.V., Belyaev D.O. Skrytye tekhnicheskie kanaly utechki informatsii, obrabatyvaemoy v sredstvakh vychislitel'noy tekhniki: analiz deystvuyushchey normativnoy bazy, terminologiya // Vestnik UrFO. Bezopasnost' v informatsionnoy sfere. – 2021. – № 1(39). – S. 5–13. – DOI: 10.14529/secur210101
3. Russo A., Sabelfeld A., Li Keqin. Implicit flows in malicious and nonmalicious code // Logics and Languages for Reliability and Security. – IOS Press, 2010. – P. 301–322. – DOI: 10.3233/978-1-60750-100-8-301
4. An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications / D. Jang, R. Jhala, S. Lerner, H. Shacham // 17th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, October 4–8, 2010. – P. 270–283. – DOI: 10.1145/1866307.1866339
5. DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation / Kang Min Gyung, S. McCamant, P. Poosankam, Song Dawn // Network and Distributed System Security Symposium, San Diego, California, USA, February 6–9, 2011. – P. 11–25. – URL: https://scispace.com/pdf/dta-dynamic-taint-analysis-with-targeted-control-flow-35u4e33t87.pdf
6. Implicit flows: Can’t live with ‘em, can’t live without p‘em / D. King, B. Hicks, M. Hicks, T. Jaeger // Information Systems Security: 4th International Conference, Hyderabad, India, December 16–20, 2008. – Springer Berlin Heidelberg, 2008. – P. 56–70. – DOI: 10.1007/978-3-540-89862-7_4
7. An Empirical Study of Information Flows in Real-World JavaScript / C.-A. Staicu, D. Schoepe, M. Balliu [et al.] // 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security, London, United Kingdom, November 15, 2019. – New York, United States: Association for Computing Machinery, 2019. – P. 45–59. – DOI: 10.1145/3338504.335739
8. Sabelfeld A., Sands D. Probabilistic Noninterference for Multi-Threaded Programs // 13th IEEE Computer Security Foundations Workshop, Cambridge, England, July 3–5, 2000. – IEEE, 2000. – P. 200–214. – DOI: 10.1109/CSFW.2000.856937
9. Kozyri E., Chong S., Myers A.C. Expressing Information Flow Properties // Foundations and Trends® in Privacy and Security. – 2022. – Vol. 3, No. 1. – P. 1–102. – DOI: 10.1561/3300000008
10. Broberg N., van Delft B., Sands D. Paragon for Practical Programming with Information-Flow Control // Programming Languages and Systems: 11th Asian Symposium, APLAS 2013, Melbourne, VIC, Australia, December 9–11, 2013. – Springer International Publishing, 2013. – P. 217–232. – DOI: 10.1007/978-3-319-03542-0_16
11. Pullicino K. Jif: Language-based information-flow Security in Java. – 2014. – DOI: 10.48550/arXiv.1412.8639
12. Buzov G.A., Kalinin S.V., Kondrat'ev A.V. Zashchita ot utechki informatsii po tekhnicheskim kanalam: uchebnoe posobie. – M.: Goryachaya liniya – Telekom, 2005. – 416 s.
13. Pyatachkov A.G. Zashchita informatsii, obrabatyvaemoy vychislitel'noy tekhnikoy, ot utechki po tekhnicheskim kanalam. – M.: RTsIB "Fakel", 2007. – 196 s.
Back to issue