Abstract: When using Covert Flow Tree(CFT) method to search covert channel, only few operation sequences really constitute covert channel. It increases the subsequent manual analysis work. In order to solve this problem, this paper proposes an improved Covert Flow Tree(CFT) method. It uses the information flow graph to constitute trees, designs the statement information flow rule, and gives the tree traversal algorithm for automated analysis. It uses the pedagogical file system as analyzing example, and result shows the accuracy of the improved method.

Key words: Covert Flow Tree(CFT), covert channel, information flow graph, information flow rule, Shared Resource Matrix(SRM)

摘要： 利用隐蔽流树方法搜索隐蔽通道时，获得的操作序列中只有极少部分真正构成隐蔽通道，增加了后续手工分析的工作量。为此，提出一种改进的隐蔽流树方法。根据信息流图进行建树，设计信息流规则，并给出隐蔽流树的自动分析算法。以一个文件系统为例进行分析，结果验证了改进方法的正确性。

关键词: 隐蔽流树, 隐蔽通道, 信息流图, 信息流规则, 共享资源矩阵

CLC Number: 

• TP309.2