Developers are in the best position to identify potential areas within systems that might lead to covert channels. Covert channel analysis is a meaningful activity when there is the potential for unauthorized information flows across security domains, such as in the case of systems that contain export-controlled information and have connections to external networks (i.e., networks that are not controlled by organizations). Covert channel analysis is also useful for multilevel secure systems, multiple security level systems, and cross-domain systems.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| SC-31 | Covert Channel Analysis | Protects | T1041 | Exfiltration Over C2 Channel |
| SC-31 | Covert Channel Analysis | Protects | T1048 | Exfiltration Over Alternative Protocol |
| SC-31 | Covert Channel Analysis | Protects | T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
| SC-31 | Covert Channel Analysis | Protects | T1048.003 | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
| SC-31 | Covert Channel Analysis | Protects | T1071 | Application Layer Protocol |
| SC-31 | Covert Channel Analysis | Protects | T1071.001 | Web Protocols |
| SC-31 | Covert Channel Analysis | Protects | T1071.002 | File Transfer Protocols |
| SC-31 | Covert Channel Analysis | Protects | T1071.003 | Mail Protocols |
| SC-31 | Covert Channel Analysis | Protects | T1071.004 | DNS |
| SC-31 | Covert Channel Analysis | Protects | T1567 | Exfiltration Over Web Service |