CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE-514: Covert Channel

Weakness ID: 514
Abstraction: Class
Status: Incomplete
Presentation Filter:
+ Description

Description Summary

A covert channel is a path that can be used to transfer information in a way not intended by the system's designers.

Extended Description

Typically the system has not given authorization for the transmission and has no knowledge of its occurrence.

+ Time of Introduction
  • Implementation
  • Operation
+ Common Consequences
ScopeEffect
Confidentiality
Access Control

Technical Impact: Read application data; Bypass protection mechanism

+ Detection Methods

Architecture / Design Review

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:

  • Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

Effectiveness: SOAR Partial

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory418Channel Errors
Development Concepts699
ChildOfCategoryCategory518Inadvertently Introduced Weakness
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class668Exposure of Resource to Wrong Sphere
Research Concepts (primary)1000
ChildOfWeakness ClassWeakness Class912Hidden Functionality
Research Concepts1000
ChildOfCategoryCategory968SFP Secondary Cluster: Covert Channel
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base385Covert Timing Channel
Development Concepts699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base515Covert Storage Channel
Development Concepts (primary)699
Research Concepts (primary)1000
+ Theoretical Notes

A covert channel can be thought of as an emergent resource, meaning that it was not an originally intended resource, however it exists due the application's behaviors.

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
LandwehrCovert Channel
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
LandwehrExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other_Notes, Taxonomy_Mappings
2008-10-14CWE Content TeamMITREInternal
updated Description, Other_Notes, Theoretical_Notes
2009-07-27CWE Content TeamMITREInternal
updated Relationships
2010-04-05CWE Content TeamMITREInternal
updated Related_Attack_Patterns
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Related_Attack_Patterns, Relationships
2013-02-21CWE Content TeamMITREInternal
updated Description, Relationships, Theoretical_Notes
2014-06-23CWE Content TeamMITREInternal
updated Related_Attack_Patterns
2014-07-30CWE Content TeamMITREInternal
updated Detection_Factors, Relationships

More information is available — Please select a different filter.
Page Last Updated: January 18, 2017