SC 31 COVERT CHANNEL ANALYSIS - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

SC-31 COVERT CHANNEL ANALYSIS

Control:

  • a. Perform a covert channel analysis to identify those aspects of communications within the system that are potential avenues for covert [ Selection (one or more): storage; timing ] channels; and
  • b. Estimate the maximum bandwidth of those channels.

Discussion: Developers are in the best position to identify potential areas within systems that might lead to covert channels. Covert channel analysis is a meaningful activity when there is the potential for unauthorized information flows across security domains, such as in the case of systems that contain export-controlled information and have connections to external networks (i.e., networks that are not controlled by organizations). Covert channel analysis is also useful for multilevel secure systems, multiple security level systems, and cross-domain systems.

Related Controls: AC-3 , AC-4 , SA-8 , SI-11.

Control Enhancements:

  • (1) COVERT CHANNEL ANALYSIS / TEST COVERT CHANNELS FOR EXPLOITABILITY
    Test a subset of the identified covert channels to determine the channels that are exploitable.

    Discussion: None.

    Related Controls: None.

  • (2) COVERT CHANNEL ANALYSIS / MAXIMUM BANDWIDTH
    Reduce the maximum bandwidth for identified covert [ Selection (one or more); storage; timing ] channels to [ Assignment: organization-defined values ].

    Discussion: The complete elimination of covert channels, especially covert timing channels, is usually not possible without significant performance impacts.

    Related Controls: None.

  • (3) COVERT CHANNEL ANALYSIS / MEASURE BANDWIDTH IN OPERATIONAL ENVIRONMENTS
    Measure the bandwidth of [ Assignment: organization-defined subset of identified covert channels ] in the operational environment of the system.

    Discussion: Measuring covert channel bandwidth in specified operational environments helps organizations determine how much information can be covertly leaked before such leakage adversely affects mission or business functions. Covert channel bandwidth may be significantly different when measured in settings that are independent of the specific environments of operation, including laboratories or system development environments.

    Related Controls: None.

References: None.

⚠️ **GitHub.com Fallback** ⚠️