GIT-CERCS-04-28
Abhishek Singh,
Eraser: An Exploit - Specific Monitor to Prevent Malicious Communication
Channel
Prevention of malicious communication channel has been the an important
issue in buiding secure networked system.
Malicious Communication channel can be established by using header fields
which follow particular semantics
or by using data fields, which donot follow any particular semantics.
There have been many
research directions to prevent the malicious flow of information in the
header fields.
This paper presents the design of a system which, has been designed to
prevent he
malicious covert channel using data fields. The proposed system consists
of two parts.
The first part is a E-Firewall . The E-firewall runs on the end hosts,
while the eraser runs at the Gateway. Eraser is a rule
or policy based system, which checks for the malicious content in the
payload.
Besides storing the test metrics of the applications,the E-Firewall also
stores the
dependencies amongst the applicatuions. This storage of dependencies
offers
incremental advantage over the existing firewall by providing information
about the
flow of information about the flow of information amongst the applications
inisde the
E-firewall.