The Answer: A communication channel that allows transfer of information in a manner that violates the system`s security policy.
A covert channel is a way for an entity to receive information in an unauthorized manner. It is an information flow that is not controlled by a security mechanism. This type of information path was not developed for communication; thus, the system does not properly protect this path, because the developers never envisioned information being passed in this way. Receiving information in this manner clearly violates the systems security policy. The channel to transfer this unauthorized data is the result of one of the following conditions: Oversight in the development of the productImproper implementation of access controlsExistence of a shared resource between the two entitiesInstallation of a Trojan horse The following answers are incorrect: An undocumented backdoor that has been left by a programmer in an operating system is incorrect because it is not a means by which unauthorized transfer of information takes place.Such backdoor is usually referred to as a Maintenance Hook. An open system port that should be closed is incorrect as it does not define a covert channel. A trojan horse is incorrect because it is a program that looks like a useful program but when you install it it would include a bonus such as a Worm, Backdoor, or some other malware without the installer knowing about it. Reference(s) used for this question: Shon Harris AIO v3 , Chapter-5 : Security Models & Architecture AIOv4 Security Architecture and Design (pages 343 - 344) AIOv5 Security Architecture and Design (pages 345 - 346)