Which of the following can be used as a covert channel?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The Orange book requires protection against two types of covert channels, Timing and Storage.
The following answers are incorrect: Storage and low bits.
Is incorrect because, low bits would not be considered a covert channel.
Storage and permissions.
Is incorrect because, permissions would not be considered a covert channel.
Storage and classification.
Is incorrect because, classification would not be considered a covert channel.
A covert channel is a method of communication that is used to transmit information in a way that is hidden from detection or authorized access. These channels can be used to bypass security controls and allow unauthorized access to information or resources.
Out of the options given, A. Storage and timing, B. Storage and low bits, C. Storage and permissions, and D. Storage and classification, the correct answer is A. Storage and timing.
Storage and timing can be used as a covert channel because information can be hidden in the way data is stored or accessed. For example, an attacker may store information in unused areas of a file or in the metadata of a file, where it may go undetected by security tools. Timing can also be used as a covert channel by transmitting information at specific times or intervals, such as by delaying the transmission of data or using specific time intervals between packets.
Low bits, permissions, and classification can also be used as covert channels in certain situations, but they are not as commonly used or effective as storage and timing.
Low bits can be used as a covert channel by encoding information in the least significant bits of a file or data stream. Permissions can be used as a covert channel by modifying the permissions of a file or resource in a way that allows unauthorized access. Classification can be used as a covert channel by encoding information in the classification level of a file or resource, where it may be overlooked by security controls that are not designed to detect such channels.
Overall, storage and timing are the most common and effective covert channels, and organizations should be aware of these techniques in order to protect against them.