Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
An unauthorized communication path that leaks data by abusing shared resources, bypassing security controls—classified as storage or timing channels.
Covert Channel Definition: An unauthorized communication path that leaks data by abusing shared resources, bypassing security controls—classified as storage or timing channels.
A covert channel is an unauthorized communication path that transfers information in a way not controlled by a system's security policy, enabling data to be leaked by circumventing normal security mechanisms. It exploits shared system resources to signal information between processes or parties that are not supposed to communicate.
Covert channels are traditionally divided into two types. A storage channel conveys information by one process writing to a shared resource (such as a file attribute, disk space, or memory value) that another process reads. A timing channel conveys information by modulating the timing of events, for example varying CPU usage or response delays so an observer can decode bits from the pattern. Because the data rides on legitimate-looking behavior rather than an explicit message, covert channels evade conventional access controls and content inspection. They are formally addressed in high-assurance standards like the Common Criteria and NIST SP 800-53.
Covert channels matter most in high-security and multilevel environments, where a malicious insider or implanted code could use them to exfiltrate classified or sensitive data past data-loss-prevention and mandatory access controls. Defenses include resource isolation, limiting and auditing shared resources, introducing noise or normalizing timing, and bandwidth analysis to detect and constrain potential channels. They differ from side-channel attacks, which extract information unintentionally leaked rather than deliberately signaled.
For example, on a multilevel secure system, malware running at a classified level cannot directly send data to a lower-level process, so it encodes secrets by modulating CPU load: heavy computation represents a 1 and idle time a 0. A cooperating low-level process measures these timing variations and reconstructs the data. To counter this covert timing channel, the system applies timing normalization and CPU usage limits that flatten the pattern and slow the channel to near-uselessness.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →