CWE-514

Class Abstraction Level
Pillar — Highest-level weakness category
Class — Abstract, language-independent
Base — Specific enough to detect
Variant — Tied to specific technology
Compound — Requires multiple weaknesses
Incomplete MITRE CWE Status
Stable — Fully reviewed and complete
Draft — Under development, may change
Incomplete — Partially defined by MITRE
Deprecated — No longer recommended
Obsolete — Replaced by another CWE
Covert Channel

Description

A covert channel is a path that can be used to transfer information in a way not intended by the system's designers.

Typically the system has not given authorization for the transmission and has no knowledge of its occurrence.

Consequences

Confidentiality, Access Control — Read Application Data, Bypass Protection Mechanism

Detection

Architecture or Design Review

According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)