Technology Overview: The method can detect covert timing channels by: 1. reproducing the timing of every network output; 2. comparing the observed timing to the reproduced timing; and 3. issuing an alert if there is any discrepancy. Penn researchers have built a time deterministic replay prototype called Sanity. It reproduces timing to within 2% on commodity hardware. It can be used to detect a variety of existing and novel covert timing channels with perfect accuracy.
Advantages:
All detectors can detect IPCTC with perfect accuracy, existing detectors do worse for more sophisticated channels, and existing detectors cannot detect "Needle in a haystack" well. Sanity detects all channels with perfect accuracy! No false positives, no false negatives.
Intellectual Property:
US 10,437,993
Reference Media:
Chen, A. et al.; 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI '14), Broomfield, CO, October 2014. (pdf)
Desired Partnerships:
Docket # 15-7281