隐蔽信道是指允许进程以危害系统安全策略的方式传输信息的通信信道,是对安全信息系统的重要威胁,并普遍存在于安全操作系统、安全网络、安全数据库系统中.国内外的安全标准都要求对高等级的安全信息系统进行隐蔽信道分析.首先分析隐蔽信道的基本概念,研究领域、技术组成及分类,然后从信道识别、度量、消除、限制、审计和检测几个技术层面综述隐蔽信道研究中经典的技术和方法,系统地总结隐蔽信道领域30多年来的研究成果,尤其对近年来隐蔽信道度量和处置新技术作了较为详尽的介绍.试图为该研究方向勾画出一个较为全面和清晰的概貌,为隐蔽信

Covert channel is the communication channel that allows a process to transfer information in a manner that violates the system’s security policy. It is a major threat to the secure information systems and widely exists in secure operation systems, secure networks and secure database. Covert channel analysis is generally required by secure information systems’s secure criterion, such as TCSEC. This paper firstly analysis the covert channel concept, field, techniques and classification. Next, it surveys the classic techniques and methods from the following aspects: covert channel identification, measurement, elimination, limitation, auditing, and detection. The research achievements in the past 30 years are systematically concluded, especially the new techniques of covert channel measurements and handlings in recent years. This paper attempts to give a comprehensive and clear outline for this research direction, and provides a useful reference for the researchers of this field.

Supported by the National Natural Science Foundation of China under Grant No.60673022 (国家自然科学基金); the National High-Tech Research and Development Plan of China under Grant No.2007AA010601 (国家高技术研究发展计划(863)); the Knowledge Innovation Key Directional Progra