摘要 |
The present invention discloses a method for auditing and controlling overt and covert communication traffic in a communication system. The present invention identifies and uses a few parameters to characterize system communication traffic: the volume (V), the frequency (F), the order (O), the (extrinsic) nature (N) of communication between a given pair of nodes and the length (L) (or duration) of transmission. Using one or a combination of the parameters V, F, O, N, L, the invention determines "baseline" system conditions, and audit the behavior and operations of overt and covert communication activity to detect "out-of-baseline" traffic patterns. To further prevent covert channel communications, the present invention introduces an adaptive transmission scheduling policy and a channel handling policy based upon a channel auditing mechanism. The covert channel handling policy of the invention controls the covert channel capacity for noiseless and noisy channels by changing the granularity of change of idle slots in the system. An auditability threshold is used to determine the range of system operations that is accepted as "normal or baseline." When a communication system under supervision is observed to be falling out of "normal or baseline" range, a system audit can be initiated to detect system faults and control overt and covert communication traffic.
|