Skip to main content
SpringerLink
Log in

Hiding Information in Multi Level Security Systems

  • Conference paper
Formal Aspects in Security and Trust (FAST 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4691))

Included in the following conference series:

Abstract

In this paper we analyze the possibility for malicious agents to transmit an information possibly hidden in a Multi Level Security System via a covert channel. We give a framework for which we get two decidability results. Firstly, given a code and a system one can decide whether the system allows a covert channel for this code. Secondly, one can decide whether there exists a code to transmit one bit of information, the code is computable as well as the strategies of the two partners.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Andrews, G.R., Reitmans, R.P.: An axiomatic approach to information flows in programs. ACM transactions on Programming languages and Systems 2, 56–76 (1980)

    Article  MATH  Google Scholar 

  2. Bell, D.E., La Padula, J.J.: Secure computer systems: mathematical foundations, Mitre technical report 2547, MITRE, vol. I (1973)

    Google Scholar 

  3. Bell, D.E., La Padula, J.J.: Secure computer systems: a mathematical model, MITRE technical report 2547, MITRE, vol. II (1973)

    Google Scholar 

  4. Bell, D.E., La Padula, J.J.: Secure computer systems: unified exposition and multics interpretation, Mitre technical report 2997, MITRE, vol. I (1975)

    Google Scholar 

  5. Fisky, G., Fisk, M., Papadopoulos, C., Neil, J.: Eliminating Steganography in Internet Traffic with Active Wardens. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 18–35. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Focardi, R., Gorrieri, R.: Classification of Security Properties (Part I: Information Flow). In: Focardi, R., Gorrieri, R. (eds.) Foundations of Security Analysis and Design. LNCS, vol. 2171, pp. 331–396. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  7. Focardi, R., Gorrieri, R., Martinelli, F.: Real Time information Flow Analysis. IEEE JSAC 21, 20–35 (2003)

    Google Scholar 

  8. Goguen, J., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symposium on Security and Privacy Proceedings, pp. 11–20 (1982)

    Google Scholar 

  9. Grädel, E.: Finite model theory and descriptive complexity. In: Finite Model Theory and Its Applications, Springer, Heidelberg, 2003 (to appear)

    Google Scholar 

  10. Hélouët, L., Jard, C., Zeitoun, M.: Covert channels detection in protocols using scenarios. In: SPV 2003 (2003)

    Google Scholar 

  11. Hélouët, L., Zeitoun, M., Degorre, A.: Scenarios and Covert channels, another game. In: Proc. of Games in Design and Verification, ENTCS, pp. 93–116 (2005)

    Google Scholar 

  12. Lampson, B.: A note on the confinement problem. Communication of the ACM 16, 613–615

    Google Scholar 

  13. Lowe, G.: Quantifying information flow. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 18–31. Springer, Heidelberg (2002)

    Google Scholar 

  14. Martinelli, F.: Partial Model Checking and Theorem Proving for Ensuring Security Properties. In: Proc. of IEEE CSFW, pp. 44–52 (1998)

    Google Scholar 

  15. McHugh, J.: Covert Channel Analysis: A Chapter of the Handbook for the Computer Security Certification of Trusted Systems (1995), available at http://chacs.nrl.navy.mil/publications/handbook/

  16. Millen, J.K.: Finite-State Noiseless Covert Channels. In: Proc. of IEEE CSFW, pp. 81–86 (1989)

    Google Scholar 

  17. Moskowitz, I.S., Miller, A.R.: Simple Timing Channels. In: Proc. of IEEE Computer Symposium on Research in Security and Privacy, pp. 56–64 (1994)

    Google Scholar 

  18. Moskowitz, I.S., Greenwald, S.J., Kang, M.H.: An Analysis of the Timed-Z Channel. In: Proc. of IEEE Computer Symposium on Security and Privacy, pp. 2–11 (1996)

    Google Scholar 

  19. Murdoch, S.J., Zielinski, P.: Covert Channels for Collusion in Online Computer Games. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 355–369. Springer, Heidelberg (2004)

    Google Scholar 

  20. National Computer Security Center.: A Guide to Understanding Covert Channel Analysis of Trusted Systems NCSC-TG-30 (1993), available at http://www.radium.ncsc.mil/tpep/library/rainbow/

  21. Sabelfeld, A., Myers, A.C.: Language-based information flow security. IEEE Journal on selected areas in communications 21 (2003)

    Google Scholar 

  22. Son, S.H., Mukkamala, R., David, R.: Integrating Security and Real-Time Requirements using Covert Channel Capacity. IEEE Trans. Knowledge and Data Eng. 12, 865–879 (2000)

    Article  Google Scholar 

  23. Petitcolas, F.A.P., Anderson, R.J., Kuhn, M.G.: Information Hiding-A Survey. In: Proc. of the IEEE Special issue on protection of multimedia content, vol. 87, pp. 1062–1078 (1999)

    Google Scholar 

  24. Volpano, D., Smith, G.: Eliminating covert flows with minimum typings. In: Proc. IEEE CSF, pp. 156–168 (1997)

    Google Scholar 

  25. Wang, Z., Lee, R.: New Constructive Approach to Covert Channel Modeling and Channel Capacity Estimation. In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 498–505. Springer, Heidelberg (2005)

    Google Scholar 

  26. Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: Proc. of IEEE Symposium on Security and Privacy, pp. 74–102 (1997)

    Google Scholar 

  27. Shannon, C.E.: Communication theory of secrecy systems. Bell System Technical Journal 28, 656–715 (1949)

    MathSciNet  MATH  Google Scholar 

  28. Simmons, G.J.: Contemporary Cryptology. In: The Science of Information Integrity, IEEE Press, New York (1992)

    Google Scholar 

  29. Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: Prod. of Workshop on Communications Security, pp. 51–67. IEEE Press, Los Alamitos (1984)

    Google Scholar 

  30. Simmons, G.J.: The history of subliminal channels. IEEE Journal of Selected Areas in Communications 16, 452–462 (1998)

    Article  Google Scholar 

  31. Anderson, R.J., Vaudenay, S., Preneel, B., Nyberg, K.: The Newton channel, Proc. of Workshop on Information Hiding. In: Anderson, R. (ed.) Information Hiding. LNCS, vol. 1174, pp. 151–156. Springer, Heidelberg (1996)

    Google Scholar 

  32. Simmons, G.J.: Subliminal channels: Past and present. European Transaction on Telecommunications 5, 459–473 (1994)

    Article  Google Scholar 

  33. van der Meyden, R., Wilke, T.: Synthesis of Distributed Systems from Knowledge-Based Specifications. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 562–576. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  34. Wittbold, J.T., Johnson, D.M.: Information flow in nondeterministic systems. In: Proc. of IEEE Symposium on Security and Privacy, pp. 144–161 (1990)

    Google Scholar 

  35. Wittbold, J.T., Johnson, D.M.: Results concerning the bandwidth of subliminal channels. IEEE Journal of Selected Areas in Communications 16, 463–473 (1998)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LACL CNRS FRE 2673, Université Paris 12 Val de Marne,  

    Danièle Beauquier

  2. Dipartimento di Scienze della Cultura, Politiche e dell’Informazione, Università dell’Insubria,  

    Ruggero Lanotte

Authors
  1. Danièle Beauquier
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruggero Lanotte
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Theo Dimitrakos Fabio Martinelli Peter Y. A. Ryan Steve Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Beauquier, D., Lanotte, R. (2007). Hiding Information in Multi Level Security Systems. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds) Formal Aspects in Security and Trust. FAST 2006. Lecture Notes in Computer Science, vol 4691. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75227-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75227-1_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75226-4

  • Online ISBN: 978-3-540-75227-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation