600.436 High-Assurance Systems
Fall 01/Operational Assurance
19
Covert Channel Analysis
¨The developer
shall conduct a search for covert channels
for each information flow control policy.
¨The developer
shall provide covert channel analysis documentation that shall:
–identify covert
channels and estimate their capacity
–describe the procedures used for determining the existence of covert channels, and the information needed to carry
out the covert channel
analysis
–describe all assumptions made during the covert channel analysis
–describe the method
used for estimating channel capacity, based on worst case scenarios
–describe
the worst case exploitation scenario for each identified covert channel