Preventing Protocol Switching Covert Channels
Network covert channels enable a policy-breaking network communication (e.g., within botnets). Within the last years, new covert channel techniques arose which are based on the capability of protocol switching. Such protocol switching covert channels operate within overlay networks and can (as a special case) contain their own internal control protocols. The authors present the first approach to effectively limit the bit-rate of such covert channels by introducing a new active warden. They present a calculation method for the maximum usable bit-rate of these channels in case the active warden is used. They discuss implementation details of the active warden and discuss results from experiments that indicate the usability in practice.