Slashdot Mirror
Surreptitious Communication via Page Faults
Martin Pomije writes "This is a really interesting story illustrating how a shared resource can also be a communication channel. If you have any interest in software design or operating systems, the Multics web site is worth your time. Tom Van Vleck has obviously put a lot of time into this and deserves credit for making all of this information available. " It's like 10 years old, but it's really interesting.
This guys site is out of page views.. can someone provide him with some proper web hosting? proj@nwlnk.com
Ummm, XML existed in 1967 (about) when Multics was deployed? Damn, I'm really out of the loop.
Program A writes to a random thread.
ahh, the beauty of hidden forums on here. The trols could make their own forums and be in first p0$t heaven!
If someone did this today, they'd be flamed as script kiddie l00zerz, or if they cracked a major site, they'd be facing FBI guns and their hardware siezed (Feds don't care if you or I is cracked, just big corps).
Here it is, for anyone who doesn't want to wait a random number of hours: http://www.google.com/search?q=cache:www.multician s.org/timing-chn.html
mentions you would probably be alot more comfortable if you get your hand out of your ass.
PCC, in contrast, requires you to be able to prove your software works. Which no one has ever done for longer then trivial code. Danyel
tell me why feds should care if you're cracked
That's really fucked up trying to redirect people like that. Hope you didn't burn your hands flipping burgers today.
A woman shall not wear anything that pertains to man, nor shall a man wear a woman's garment; for whoever does these things is an abomination to the Lord. (Deuteronomy 22:5)
Still in MVS/OS 390 3 bits for key PLUS hardware protected low core PLUS a superviser to protect this= secure system
TEMPEST=CANCER techo said used acetone+ other nasty solvents, as all joins and butts had to be squeaky clean + no protective gear in those days. Sneaker net - walk the data over via floppy or rekey ... =waste of taxpayers money
I know, but it is good to see stupid cool hacks done for the fun of it, kinda like the textmode quake thing Besides, it's even better if stupid cool hacks further research in any area. (I'm just trying not to get kicked out of my CS PhD program)
Like, fer shure, ya know? An like, bag that Windows. It's like soooo grody! Grody to the max! Miltics is... omigawd... like totally awesome, like bitchin' ya know!
to see here, just trolling. Move along.
I don't quite see how you figure that. The means by which something is stored is largely irrelevant to legal proceedings, provided that means can be understood (otherwise, where's the case?). What you're talking about is *hiding* the DeCSS code. While hiding the code may made the MPAA's job harder, it doesn't make the distribution of such code any more legal. I could just as easily take the DeCSS code and tar it, then gzip it, then encrypt it with GPG, and finally name it "wordpad.exe". That would make it pretty hard for anybody (other than the intended recipient) to use the file, but that still doesn't make it "not DeCSS".
I don't have anything interesting to say, except that I'm opposed to Foogle in all its forms.
Why do you call yourself a troll? You're not worthy of the name
Yeah, sure, but even after 10 years you gotta consider - what's really all that different today? Binary is still binary? Sourcing loging as a data channel is kinda like pumping raspberries up your ass - fun for a while, but who has to clean up the mess? Your ugly girlfriend? I don't think so, I wore her out.
There have been two recent post regarding Multics on Slashdot. This is obviously an attempt by the clown to bring Multics back to prominence so that he can utilize its security weaknesses to keep track of me.
Your girlfriend is here. She says "harglumphhsgdf" because my engorged member is filling her mouth. heh. "engorged member."
He, he... Let's nuke Redmond!
Um, the fact that I posted it solely to get people who didn't realize I was trolling to reply to it probably made it a troll.
I have to say: this is totally excellent!
something like this worked under older unix too... it works well and makes breaking passwords a function of x + x + x + x + x instead of x*x*x*x*x
xml didn't exist, nor did html for that matter
Stan Chesnutt has spoken.
Hey bro, you should come up with me to Oklahoma where all porn is more illegal than child sex. And I've gots lots of movies aobut that.
If you can piss on your monitor and create a better slashdot, then why don't you shit on it and make a kuro5hin?
The trols could make their own forums and be in first p0$t heaven!
And you can quote me on that.
trolls truely do effectively point out how stupid people are. people like you for example.
Thats pretty fucked up man...
GO TO RAWTRUTH.COM FOR THE BEST NEWS SITE ON THE INTERNET!!! GO HERE!!
These types of timing channels were first written up back in about 1972. In fact, most of the forms of system penetrations that we see today were well known and understood back then. The depressing thing about computer security is that nothing has changed in ALL that time! The industry still ships code with exactly the same kinds of security holes in it that were common back then. Check out the following URL for some interesting historical computer security reports: http://seclab.cs.ucdavis.edu/projects/history
Oh, brother... this is SOO off-topic. The most significant difference between socialism and communism is the concept of individual property rights. Communism = no individual property. Neither system is workable, because people are inherently greedy and manipulative. Go back and reread Animal Farm, people... Socialism is all fine and good if you have your nice capitalist job to fund your socialist idealism.
Sure, that should be possible. As long as you can recompile your programs to make sure they don't have any virii,and can compile your compiler to make sure it doesn't have any virii, and your original compiler doesn't automagically modify a compiler when it is being compiled, so that the new compiler will patch programs being compiled so as to leave security holes.
But yes, I can imagine changing the loader to check for some signature. Just means you have to be careful who you trust.
Also, the place where you store your key cannot be accessible to programs (say write it down, and type it in every time you want to sign something)
communication between posts that are moderated down to -1?
Even lamer... Message passing and shared memory, is obviously different views of the same phenomena. I guess any undergrad should be able to tell that...
--exa--
Not really.
Moderate this down to (Score:-1,Troll)
Trollz rool.
hmmm
First, because AFAIK, it was never actually used as an exploit: it was used to describe (in academic papers) a possible security hole. We admire the cleverness of seeing the useful features, the alternate designs, and the right and wrong paths that were taken. "Script kiddie l00zerz," in contrast, take well-known security holes and repeat them for no intellectual or social gain.
That's brilliant! How simple. When I was an undergrad, my roommate got a guy's password (using the "trust me" method.. ha) and changed it, then made him play hangman for the new password (would delete all the files if man got hanged). It was funny as shit because the guy won the game, which pissed my roommate off so much that he decided to delete the files anyway (he was unethical enough to screw with the password so why expect him play by the rules with the game). So they both go running off to the nearest computer terminal and when they both reached it at the same time they got into a fist fight for the keyboard while everyone is wondering WTF is going on! Damn those were great days. One of those guys is now an MBA scum... can you guess which one?
What are you talking about? Linux is not socialist or fascist, but rather embodies the ideal of the perfect communism, where everyone contributes what they can, and hopefully gets what they need. But since the barrier to entry is so much lower, information is essentially free to all, and distribution problems go to nil!
:)
...And do you really think the moderators will fall for something so simplistic?
[...]
Damn, I wish I had thought of this one first!
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
Now thats an interesting covert channel. Make a page somewhere and have the receiver look at is every minute. If the sender wants to send a 17 he makes sure that that the time limit is exceeded exactly 17 minuttes past the hour (by some hacked DDoS tool). Low bandwith sure, but a password is only a couple of hundred bits.
--
dinner: it's what's for beer
s/biff/mesg/
:)
Other than that, thumbs up. Never used Multics, so I can't say whether
that part's right, but it sounds plausible
#define X(x,y) x##y
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@cordes ,
So maybe the wave of Denial of Service attacks some weeks ago was transmitting some kind of message...
--
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
Under Windows, man exploits man. Under Linux, it is exactly the opposite.
I wrote parts of this stuff
This makes me wonder if any operating systems currently have signed executables and automatic verification of an executable's signature before execution. This could require the system administrator to sign an executable with his secret key passphrase before it would execute at a privileged level (i.e. root), for example.
fnord.
fnord.
Bummer !
I came in late and the page is already "closed". Looks like the ISP "Best" or whatever isn't that good - they close down page access just when it starts to get interesting.
Can anyone please post the original content of that page? I'd love to know the details.
Thanks in advance !!
Muchas Gracias, Señor Edward Snowden !
isn't this why they use TEMPEST?
ya the VMS thing is a common textbox story.
But what used to be real fun in VMS, was to
malloc a ton of memory and write it to a file.
You could catch peoples email, and files. Since
the system didn't zero the pages at that time.
No, it's not. Well, yeah, but that's the point.
/., and the acknowledgement of it being read was a page fault of Internet proportions. This was a signal which, once received, made the existence of the referenced site irrelevant.
See, the article was submitted to
Slashdotting can be thought of as a form of communication. It's also the sincerest form of flattery on the Internet.
-- What you do today will cost you a day of your life.
It's a question of only allowing programs that are supposed to access the info access to the info, and so forth. You can't just let any process read the page that another process is working with - what if the page contains sensitive data? (Well, you can if you don't care about data security) So in high security environments, you have to take this into account, and prevent this. Security is more than just control of the machine (ie. not getting rooted), it's also maintaining control of data and not losing data. So things like this are a security risk in the sense that someone could access something that they aren't supposed to - they might not be able to change it, but they can still read it.
itachi
-----------
"You can't shake the Devil's hand and say you're only kidding."
LINUS :
Logical Inquiry and Update System.
Isn't this pretty much what Java does, but with less effort required on the part of the code producer than proof-carrying code? So JavaOS is an OS which has the capabilities you're inquiring about.
The jvm takes the bytecodes when it loads them and runs them through a theorem-prover to verify that the code doesn't do anything illegal, and when the code gets run, the Java security model works so that any attempt by the code to access system resources is checked by the security manager before being permitted.
When you combine this with the fact that, as of jdk1.2, developers can easily create custom privileges for their apps and then can require mobile code which requires those privileges to be signed by a trusted party, you get a system that seems to me to be much more powerful and easy to use than the one in the paper on proof-carrying code.
GNU and Linux -- Oh no, Mr. Bill!
The ultmate covert channel exploit seems to be watching the pizza delivery dudes in Washington DC.
> A more practical alternative would be to have a
> supply of frozen pizzas and an oven, or even an
> in-house pizzeria. Sounds like a good > excuse to me.
But TEMPEST shielding does not cover pizza smells.
This means somewhere someone is spending lots of my tax money on TEMPER (Transient EMitted Pizza Essence Remover)
In the book, there is some narration that referres to strange messages that are being transmitted over the public TV channel. It isn't covert but impossible to break without the codebook (code keys).
The message about slashdot posting is more like this. Post a message in public that only the receiver will know what to do with.
We the Sheeple...
First, the classic book on Multics - The Multics System; An Examination of Its Structure by the late Elliott Irving Organick is a snap-shot of a work in progress. If you've read the book, you'll have a good feeling for what the group was doing, but not particularly of what Multics finally turned out to be.
Second, there is recurring discussion in the USENET news group alt.os.multics about a re-implementation of the Multics hardware environment (including tagged memory) on something like a PCI card. Then use the PC as the I/O system. This, of course, is possible because ASICs and DRAM are perpetually getting less and less expensive. The acutal ownership of Multics will have to be worked out before that can happen. Someone should enourage the present owners to GPL the source and binaries.
It always strikes me sad that Multics is old, but its O/S ideas are, in large part, state of the art. It says something pretty vile about contemporary O/S and architechture research, experimentation and design. VonNeuman CPUs and Unix are not horrible designs (thus they've been successfull), but if we want orders of magnitude improvements now, then it is time to re-evaluate the basics. Seymour Cray came up with the majority of the improvements (hacks if you will) to the Von Neuman architechture in the 1960s and 70s. Intel (et al) has been living off those ideas for two decades. It's time for new ideas (yes, perhaps like the late Intel ipex-432).
Finally, I wish Linus had read about Multics, before he re-implmented Unix. We'd all be in better shape if that were the case. Then Linux could genuinely be said to be state of the art, not just state of the practice.
I can't currently get to the US mirror either, so I am not including the link here.
That's simply not true. Just take the Socialist Worker's Party or the Socialist Party, both in Britain. Both "revolutionary", although the first believes in violence, the latter in getting elected.
Unfortunately, both words have become extremely corrupted and debased this century by Cuba, the Soviet Union and China, who were and are not truly socialist (my definition of socialism includes participatory democracy). Even more unfortunately, there isn't a better word for the political view that I support than socialism.
Female Prison Rape in NY
Yes. That was a system (VMS?) which has privledged shared libraries. There was a priveledged method in one of those libraries that verified the password. Its implementation read the password passed one character at a time until it got to the end or found a mismatch (passwords were stored in the clear)... So by placing the "trial" password buffer over a page boundary, you could determine when you had all characters before the boundary correct.
This particular exploit actually used the "page faults per process" metric provided by the OS, rather than the timing information, IIRC.
An acquaintance of mine told me that he had broken into a multics system by writing a driver which a) did the driver's job and b) read the password file and communicated it one bit at a time to a user-space program via toggling rwx bits in some file known to both driver and user program.
He was smart enough that it was probably true.
"The Constitution, the WHOLE Constitution, and nothing but the CONSTITUTION."
Yeah, does anyone know what his ISP has set for the limit? This seems kinda dumb to me... is this a common thing to see for many sites or is this site just trying to do the Internet in a cheap way?
Wheeeee
Not VMS, but TENEX. VMS ran on VAX, TENEX on
:)
PDP-10 (the 36-bit line of PDP's).
Actually, this can also be found in AST's
Minix Book
NOSPAM@REMOVETHIS.NO.SPAM - you'll find the real address somewhere
How is this a security risk in a UNIX-ish environment? Can't processes talk to each other as much as they want anyway??
/tmp). If you have a program that reads important data, and it is set up so that it passes data around in some covert way, you're screwed anyway. It doesn't matter if it's one of these things or a /bin/login that mails passwords to a remote host.
Yup. IPC and all that (not to mention just leaving a file with any kind of data you want in
Steff
Back when I was in college (three months ago), I remember a course on OSs that mentioned this "security problem" of using resources as data channels. Any enlightened souls care to explain what the bid deal is? How is this a security risk in a UNIX-ish environment? Can't processes talk to each other as much as they want anyway?? dave.
That the same as lying on a nude-beach, and running into the water everytime a goodlooking chick is walking past, because you don't want to let know you have a boner.
To be completely fair/let noone know you get aroused by beautiful women/not insult anyone, you also have to run into the water with ugly women...
Just an analogy...
Never thought my running into the water was actually covering up a covert comm-channel!
<grub> Reading
sincerely,
most slashdotters
Amazing magic tricks
Or just click here to get to it.
Yeah, they get paid for it.
Welcome to the bottom line, folks.
*borkborkbork*
File encryption always helps. You can encrypt your data file into something that looks like a text document (even document that has some text meaning) then take the document apart into small pieces and send those pieces in no particular order. By themselves the pieces will not have any special meaning and will look benign to the file filters and detectors.
You must always think ahead
You can't handle the truth.
Something like this would be an interesting way of passing information deemed "inappropriate" by powerful people. Perhaps there is a way to code up some program to pass the DeCSS code, or the Cyber Patrol hacks, or whatever without actually passing the information.
With the way things are going, how can we know what information will still be "legal" next month. At least for those of us in the US, it might be a good idea to start forming some way of maintaining freedom in spite of the courts and big business.
If we have to choose which book to become, I'll become a fanfic long-form story set in the DBZ universe (I love the author; well, at least what I've read so far).
-Nathaniel
Countries who care what the US is up to always know when something important is about to happen, because the number of late-night pizzas delivered to offices at the Pentagon and State Department skyrockets.
It doesn't seem too covert, though. After all, the spy school instructors knew all about it and it was a common joke throughout the US intelligence community.
Chris
The difference is that communists want to achieve their goal with a revolution whereas socialists believe in a more graduate change.
So is Linux socialistic or communistic? I think more socialistic (unless you count the 'nuke redmond' attitude most slashdotters have).
Grtz, Jeroen
Secure messaging: http://quickmsg.vreeken.net/
A lot of communists (the real kind) today call themself socialist because communism stands for a totalitarian regime for most people.
Grtz, Jeroen
p.s. I regard myself a socialist to (the non-violant, pro-democracy kind)
Secure messaging: http://quickmsg.vreeken.net/
same reason they should care if i got shot
Wasnt able to actually read the article cuz the site went over its hit limit, but i know SGI uses page faults to serialize access to the 3D acceleration hardware. essentially it amounts to IPC amoung some progs that dont know about each other w/ the assitance of IRIX. I think they might even use something similar in the 3dfx DRI driver. At least that is what i heard.
Thoughts on tech, Software Engineering, and stuff
I KNEW MS Windows was smarter than it seems! I'll bet that it's been using BSOD's to send secret messages for years.
Slashdot: come for the pedantry, stay for the condescension.
-- Ben
What is described in this article are "covert channels" which are ancient and very well researched.
How's any of that trolling?
First off, I for one found it very interesting.
Secondly, any time two people have access to the same area, be it a physical area or shared computing resource, there is the risk of covert communications. The only way to prevent it is to remove access to all but one person.
Multics was designed primarily to share expensive computing resources. Computing resources are much cheaper now, so it is more feasible to prevent covert communications by just plain not sharing. Each person in a hypersecure installation would have their own computer, without even a conventional LAN, with communications between the systems being tightly controlled and monitored.
----
----
Open mind, insert foot.
I found this story http://www.multicians.org/security.html amusing, particulary how the password "encryption" in an early version of MULTICS turned out to depend on a compiler bug.
As I remember, System/360 storage keys were associated with large (4K?) regions of memory; they weren't associated with individual words, as tags are on the Burroughs machines (and their successors) and on the PowerPC AS/400's. I tend to think of "tags" as applying to individual words; do storage keys protect down to the word level on S/390?
It's in the PowerPC AS/400's, at least according to Frank Soltis' Inside the AS/400 book - there are tag bits in the extended PowerPC architecture used in the AS/400's.
It's also presumably still in the the Unisys ClearPath LX and ClearPath NX series, which include processors that are presumably the latest generation of the line of machines that started with the Burroughs mainframes.
No, it didn't.
The poster to whom you're responding was mistaken; they didn't use XML, they used SGML.
(Or, as the banner on this site should perhaps read:
Slashdot
YHBT. YHL. HAND.)
Covert communication channels are a security risk in a system that has restricted data which it is trying to limit access to. For instance this would be an issue if you have a multi-user system which contains classified information. This is the kind of thing that is covered in a B2 security clearance.
Covert channels are not a security risk if your question is keeping the wrong person from getting in control of your computer.
Cheers,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
here's a real life example of using a shared resource (a 5 1/4" floppy drive) as a communication channel that has worked well for years. In the IS office that this is in (and I'm not naming names cause I know one of their managers reads /.) the main server room is on the far side of a cube farm where the grunts in the IS staff sit. Located in the main server room is a print server with an old 5 1/4" drive that rattles really loudy when you try to access it without a floppy, almost every member of the IS dept has that drive mapped on thier desktop machines. It makes the perfect alarm bell... any time management comes into the cube farm and walks down the side isle then someone will see them and hit refresh on that mapped drive which will ring the alarm in the server room and warn the occupants of the room of managements impending approach... we won't go into why they might need warning... use your imagination. ;)
Back in 1980, my high school had a PDP 11/03 for student use. The operating system was an early version of RT11. We had a binary license, and received the operating system on a set of 8 inch floppies. I spent a lot of time on this machine.
One time I did a disk dump from the raw disk device to the console, and after a few pages of binary gibberish, out came several pages of operating system kernel source code! Apparently, Digital, when it made up the master disk for the operating system binary distribution, reused a floppy that had previously contained operating system source code, and never bothered to zero out the disk. Interesting stuff!
Different problem. TEMPEST is concerned with information leakage via electro-magnetic radiation.
Covert channels are a concern in multi-level secure systems where information of different classifications and compartments are processed on a single system. A process running in a Top Secret context should not be able to send classified information to a process running in a Confidential context.
Mea navis aericumbens anguillis abundat
Actually it is explained really well in Tanenbaum Operaton System book on page 437 in the second edition.
His site is hosted by best.com, probably on a shell machine with alot of other sites. The typical account has a 200MB/day, 25k hits/day limit.
The total amount is compared against the last 24 hours, computed on the hour. Check just after the hour and you may get thru, before he's back over the limit again.
This is just like any other quota system to keep one user from hogging an unfair share of the available resources, in this case bandwidth, hits or cgi cpu cycles.
-- Ryan Watkins vamp@vamp.org http://www.vamp.org/
wasnt this one way to break passwords in some old systems ? you would cycle through the letters one by one and with a page fault you could know which was the right letter at one position. this reduced the work greatly.
How's that for slashdoting...
Sorry, temporarily closed
My internet service provider, Best Internet Communications, limits the number of hits and the bandwidth each web site can consume, and my site is past its limit.
http://www.multicians.org:80/limit.html
If you had a file that was write only and you had like a LOT of copies and you wrote some data to the file could you verify that you had written different data by timing the page fault? I cant see any real use for this but it's a new way of thinking about stuff.
How we know is more important than what we know.
I have requested temporary relief from my hit quota. Best.com was pretty quick last time I was slashdotted, hope it's quick this time. They put in tiered pricing a few years back when people put up porn sites on Best's servers: rather than censor, they charge for bandwidth. I've been well served at the lowest tier.
Actually, this doesn't affect most Slashdot users because the operating systems they use have such lousy security that there are far easier attacks than using a covert channel. This applies to all the UNIX variants and all the Microsoft products. (Yes, it does. If it didn't, there wouldn't be new CERT advisories every week.)
There are solutions to the covert channel problem, but people hate them. Applications have to be denied access to an accurate timebase, which means no clock with resolution finer than a second, introducing deliberate jitter into the CPU dispatching, and adding some random delay to I/O operation responses. Forget playing games or multimedia.
The big win is that in a system with mandatory security and covert-channel protection, even if a virus or trojan horse gets access to secured data, it can't get the data out of the box.
I used to develop secure operating system kernels for a DoD contractor. The current state of operating system security is worse than it was twenty years ago. Users will choose animated penguins over security. What passes for "computer security" today is mostly aimed at keeping amateurs from blatantly interfering with servers. And it can't even do that successfully. A serious attack is much more subtle.
In the DoD world, one worries about two main threats. The intelligence community worries about the attacker obtaining some information they have without an alarm being raised. The military worries about the attacker interfering with their systems at a time chosen by the attacker, probably at a key moment of a military operation. The attacker is assumed to have enough resources to duplicate the systems being attacked and to practice on them. There's also the assumption that physical and computer intrusions might be used together.
Enough rant for now. Go read some NSA evaluations of security products.
This actually sounds like just a special case of traffic analysis. Traffic analysis is one thing that you can do if you can intercept but not decrypt your enemy's transmissions. When his signal traffic increases suddenly, you know something is up.
If you really want to be paranoid about signal security, you have to send out a background of boring messages at least as big as your expected peak traffic. You could, for instance, send out messages that said "Ignore me" padded with whitespace (and then encrypted) at periodic intervals. When you actually want to send a real message, you'd substitute your real message for one of the fake ones. Of course this is something that computers are very good for; they can mimic the length patterns of real messages and automatically ignore the bogus received messages.
By analogy, the State and Defense departments could constantly order late night pizzas even when nothing interesting was going on. A more practical alternative would be to have a supply of frozen pizzas and an oven, or even an in-house pizzeria. Sounds like a good excuse to me.
There's no point in questioning authority if you aren't going to listen to the answers.
ftp://ftp.stratus.com/pub/vos/multics/tvv/timing-c hn.html
bah. why repost an article when a URL will do?
Proof Carrying Code is a much better solution than signed binaries. Signed binaries still require you to trust the developer, which is many cases is still not a good idea. See here for more information:
/pcc/pcc.html
http://www.cs.cmu.edu/~petel/papers
I'm really heartened to see that folks are willing to read about discoveries made in the past, learn from mistakes that have been committed before, and stand upon the shoulders of earlier generations, rather than standing in their footprints.
I was able to use Multics for four years in college, and that experience gave me more insight and wisdom than any four years spent with Unix, Windows, or MacOS.
(In the areas of system design, that is! The only graphics expertise I gained from Multics was how to do simple bitmap images using the lineprinter!)
An unapologetic former Multician,
Stan Chesnutt
Networking a VAXstation and a RS/6000 via SCSI! The other stuff is cool also!
They're called "covert channels" in secure systems work / Orange Book terminology, and it's extraordinarily difficult (actually, impossible) to eliminate them totally --- a case of asymptotic approximation, law of diminishing returns, etc..
The classic tradeoff between probability of detection and bandwidth of the covert channel operates here, but if the amount of data which needs to be communicated is low then the trojan spook always wins against the guardian.
On the other hand, detection of the covert communication is an interesting problem in its own right, because it boils down to the problem of telling the remote party exactly where to find the significant data among gigabits of obfuscation --- effectively the same problem as key exchange in crypto!
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
The original site is closed due to bandwidth quota restriction.
See alternate location.
-- What you do today will cost you a day of your life.
Rather than shared resources, how about programs posting to Slashdot then reading it:
Program A writes to a random thread.
Program A-2 loads the thread, and moderates up the post, using karma from it's auto-"Linux is not socialist" post feature (such posts are always informative).
Program B (the reciever) loads the thread likewise, using Highest Scores First, and reads the posts marked up to two. It then leaves a "Linux is socialist" post. Invariably, a moderator will find this, take offence, and moderate it down.
Program A will, by continuosly re-loading the thread, notice the new (Score: -1, Troll) post, and will be assured that the communication was successful. Program execution will then continue as normal.
Hmmm...maybe I should patent it.
This article probably doesn't interest most slashdotters, because the OSes that we use aren't designed to protect against these kinds of things. This, of course, stems from the fact that the situations in which we use our systems do not require us to segment our users and prevent them from communicating.
In the DoD, for instance, there are situations where you would want to do this. You don't want to allow someone viewing Top Secret data to have their information leaked to someone who isn't cleared for it.
This is why Mandatory Access Controls were invented. A lot of slashdotters have probably heard of the Orange Book, in which the DoD laid out a method of classifying the security model of computer systems. Unix variants are roughly C-1'ish, which DoD doesn't even certify anymore. OSes with ACLs and such (like NT) are roughly C-2'ish (now whether NT actually gets the job done or not is up for debate). Once you get to the B and A levels, you have Mandatory Access Controls. They are designed to prevent one user from leaking classified data to another person. In a MAC system, you should not be able to "chmod" or "chown" a file to allow someone else to view it.
It goes a little bit deeper, though. You also need to protect against more subtle methods of communication, called covert channels. In a covert storage channel, a user would fill up a disk and another user would be able to tell, or one would write to a file that another had access to read, or one would twiddle a file lock. In a covert timing channel, one user would perform a CPU intensive process and the other user would be able to tell that the responsiveness of the system changed, or the user would perform an I/O intensive application and the other user would be able to tell that his own disk accesses were more or less responsive. In this way, users can communicate via manipulating shared resources.
It's not very sexy, but it is something that DoD and the intelligence community in particular care very much about. As you can guess, these aren't easy problems to solve (if they are solvable at all).
Since the site linked from the story appears to have been slashdotted, here is an alternate link to the same story.
Deven
"Simple things should be simple, and complex things should be possible." - Alan Kay