We propose a port-is-in-use attack, which is intended for leaking sensitive information in multilevel secure operating systems. Our approach is based on TCP socket mechanism widely used in Linux for interprocess communication. Despite the strong limitations inherent in operating systems with mandatory access control, sockets may not be restricted by the security policy, which makes it possible theoretically to transfer information from one process to another from a high security level to a low one. The proposed attack belongs to the operating system storage transition-based class attack. The main idea is to use the availability of TCP port, which is shared among processes at more than one security level, as the communication medium. The possibility or impossibility of binding a socket to a predefined port is used to transmit a bit of 0 or 1 respectively. We implement proof-of-concept exploit, which was used to check the idea and to evaluate covert channel capacity. Experimental results show that the proposed technique provides high rate covert channel, that means a significant threat of confidentiality in multilevel secure operating systems.


Covert channel Information flow TCP socket Proof-of-concept exploit Multilevel security Mandatory access control Interprocess communication 



This work was supported by the MEPhI Academic Excellence Project (agreement with the Ministry of Education and Science of the Russian Federation of August 27, 2013, project no. 02.a03.21.0005).


  1. 1.
    Gallagher Jr., P.R.: A guide to understanding covert channel analysis of trusted systems provides a set of good (1993)Google Scholar
  2. 2.
    Girling, C.G.: Covert channels in LAN’s. IEEE Trans. Softw. Eng. SE–13(2), 292–296 (1987)CrossRefGoogle Scholar
  3. 3.
    Handel, T.G., Sandford, M.T.: Hiding data in the OSI network model, pp. 23–38. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  4. 4.
    Harnik, D., Pinkas, B., Shulman-Peleg, A.: Side channels in cloud services: Deduplication in cloud storage. IEEE Secur. Priv. 8(6), 40–47 (2010)CrossRefGoogle Scholar
  5. 5.
    Hovhannisyan, H., Qi, W., Lu, K., Yang, R., Wang, J.: Whispers in the cloud storage: A novel cross-user deduplication-based covert channel design. Peer-to-Peer Netw. Appl. 1–10 (2016)Google Scholar
  6. 6.
    Kemmerer, R.A.: Shared resource matrix methodology: An approach to identifying storage and timing channels. ACM Trans. Comput. Syst. 1(3), 256–277 (1983)CrossRefGoogle Scholar
  7. 7.
    Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973)CrossRefGoogle Scholar
  8. 8.
    Lipner, S.B.: A comment on the confinement problem. SIGOPS Oper. Syst. Rev. 9(5), 192–196 (1975)CrossRefGoogle Scholar
  9. 9.
    Mileva, A., Panajotov, B.: Covert channels in TCP/IP protocol stack - extended version-. Cent. Eur. J. Comput. Sci. 4(2), 45–66 (2014)Google Scholar
  10. 10.
    Okhravi, H., Bak, S., King, S.T.: Design, implementation and evaluation of covert channel attacks. In: 2010 IEEE International Conference on Technologies for Homeland Security (HST), pp. 481–487, November 2010Google Scholar
  11. 11.
    Pulls, T.: (More) side channels in cloud storage, pp. 102–115. Springer, Heidelberg (2012)Google Scholar
  12. 12.
    Rowland, C.H.: Covert channels in the TCP/IP protocol suite. First Monday 2(5) (1997)Google Scholar
  13. 13.
    Salaün, M.: Practical overview of a xen covert channel. J. Comput. Virol. 6(4), 317–328 (2010)CrossRefGoogle Scholar
  14. 14.
    Salih, A., Ma, X., Peytchev, E.: Implementation of hybrid artificial intelligence technique to detect covert channels attack in new generation internet protocol IPv6, pp. 173–190. Springer, Cham (2017)Google Scholar
  15. 15.
    Shieh, S.-P.: Estimating and measuring covert channel bandwidth in multilevel secure operating systems. J. Inf. Sci. Eng. 15(1), 91–106 (1999)Google Scholar
  16. 16.
    Wang, S., Qiang, W., Jin, H., Yuan, J.: Covertinspector: Identification of shared memory covert timing channel in multi-tenanted cloud. Int. J. Parallel Prog. 45(1), 142–156 (2017)CrossRefGoogle Scholar
  17. 17.
    Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 473–482, December 2006Google Scholar
  18. 18.
    Wang, Z., Lee, R.B.: New constructive approach to covert channel modeling and channel capacity estimation. In: Proceedings of the 8th International Conference on Information Security, ISC 2005, pp. 498–505. Springer, Heidelberg (2005)Google Scholar
  19. 19.
    Wang, Z., Yang, R., Fu, X., Du, X., Luo, B.: A shared memory based cross-VM side channel attacks in IaaS cloud. In: 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 181–186, April 2016Google Scholar
  20. 20.
    Wilson, G., Weidner, K., Salem, L.: Extending Linux for Multi-Level Security. DEStech Publications Inc., Lancaster (2007)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  1. 1.National Research Nuclear University MEPhI (Moscow Engineering Physics Institute)MoscowRussian Federation

Personalised recommendations