600.436 High-Assurance Systems
Fall 01/Operational Assurance
19
Covert Channel Analysis
¨The developer shall conduct a search for covert channels for each information flow control policy.
¨The developer shall provide covert channel analysis documentation that shall:
–identify covert channels and estimate their capacity
–describe the procedures used for determining the existence of covert channels, and the information needed to carry out the covert channel analysis
–describe all assumptions made during the covert channel analysis
–describe the method used for estimating channel capacity, based on worst case scenarios
–describe the worst case exploitation scenario for each identified covert channel