SC-31

SC-31 COVERT CHANNEL ANALYSIS

Overview

Number	Title	Impact	Priority	Subject Area
SC-31	Covert Channel Analysis		P0	System And Communications Protection

Instructions
The organization: SC-31a. Performs a covert channel analysis to identify those aspects of communications within the information system that are potential avenues for covert Selection (one or more): storage; timing channels; and SC-31b. Estimates the maximum bandwidth of those channels.

Guidance
Developers are in the best position to identify potential areas within systems that might lead to covert channels. Covert channel analysis is a meaningful activity when there is the potential for unauthorized information flows across security domains, for example, in the case of information systems containing export-controlled information and having connections to external networks (i.e., networks not controlled by organizations). Covert channel analysis is also meaningful for multilevel secure (MLS) information systems, multiple security level (MSL) systems, and cross-domain systems.

Guidance

Developers are in the best position to identify potential areas within systems that might lead to covert channels. Covert channel analysis is a meaningful activity when there is the potential for unauthorized information flows across security domains, for example, in the case of information systems containing export-controlled information and having connections to external networks (i.e., networks not controlled by organizations). Covert channel analysis is also meaningful for multilevel secure (MLS) information systems, multiple security level (MSL) systems, and cross-domain systems.

Enhancements

SC-31 (1) Test Covert Channels For Exploitability

The organization tests a subset of the identified covert channels to determine which channels are exploitable.

SC-31 (2) Maximum Bandwidth

Information system developers are in the best position to reduce the maximum bandwidth for identified covert storage and timing channels.

The organization reduces the maximum bandwidth for identified covert Selection (one or more); storage; timing channels to Assignment: organization-defined values.

SC-31 (3) Measure Bandwidth In Operational Environments

This control enhancement addresses covert channel bandwidth in operational environments versus developmental environments. Measuring covert channel bandwidth in operational environments helps organizations to determine how much information can be covertly leaked before such leakage adversely affects organizational missions/business functions. Covert channel bandwidth may be significantly different when measured in those settings that are independent of the particular environments of operation (e.g., laboratories or development environments).

The organization measures the bandwidth of Assignment: organization-defined subset of identified covert channels in the operational environment of the information system.