Abstract
In this paper we analyze the possibility for malicious agents to transmit an information possibly hidden in a Multi Level Security System via a covert channel. We give a framework for which we get two decidability results. Firstly, given a code and a system one can decide whether the system allows a covert channel for this code. Secondly, one can decide whether there exists a code to transmit one bit of information, the code is computable as well as the strategies of the two partners.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andrews, G.R., Reitmans, R.P.: An axiomatic approach to information flows in programs. ACM transactions on Programming languages and Systems 2, 56–76 (1980)
Bell, D.E., La Padula, J.J.: Secure computer systems: mathematical foundations, Mitre technical report 2547, MITRE, vol. I (1973)
Bell, D.E., La Padula, J.J.: Secure computer systems: a mathematical model, MITRE technical report 2547, MITRE, vol. II (1973)
Bell, D.E., La Padula, J.J.: Secure computer systems: unified exposition and multics interpretation, Mitre technical report 2997, MITRE, vol. I (1975)
Fisky, G., Fisk, M., Papadopoulos, C., Neil, J.: Eliminating Steganography in Internet Traffic with Active Wardens. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 18–35. Springer, Heidelberg (2003)
Focardi, R., Gorrieri, R.: Classification of Security Properties (Part I: Information Flow). In: Focardi, R., Gorrieri, R. (eds.) Foundations of Security Analysis and Design. LNCS, vol. 2171, pp. 331–396. Springer, Heidelberg (2001)
Focardi, R., Gorrieri, R., Martinelli, F.: Real Time information Flow Analysis. IEEE JSAC 21, 20–35 (2003)
Goguen, J., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symposium on Security and Privacy Proceedings, pp. 11–20 (1982)
Grädel, E.: Finite model theory and descriptive complexity. In: Finite Model Theory and Its Applications, Springer, Heidelberg, 2003 (to appear)
Hélouët, L., Jard, C., Zeitoun, M.: Covert channels detection in protocols using scenarios. In: SPV 2003 (2003)
Hélouët, L., Zeitoun, M., Degorre, A.: Scenarios and Covert channels, another game. In: Proc. of Games in Design and Verification, ENTCS, pp. 93–116 (2005)
Lampson, B.: A note on the confinement problem. Communication of the ACM 16, 613–615
Lowe, G.: Quantifying information flow. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 18–31. Springer, Heidelberg (2002)
Martinelli, F.: Partial Model Checking and Theorem Proving for Ensuring Security Properties. In: Proc. of IEEE CSFW, pp. 44–52 (1998)
McHugh, J.: Covert Channel Analysis: A Chapter of the Handbook for the Computer Security Certification of Trusted Systems (1995), available at http://chacs.nrl.navy.mil/publications/handbook/
Millen, J.K.: Finite-State Noiseless Covert Channels. In: Proc. of IEEE CSFW, pp. 81–86 (1989)
Moskowitz, I.S., Miller, A.R.: Simple Timing Channels. In: Proc. of IEEE Computer Symposium on Research in Security and Privacy, pp. 56–64 (1994)
Moskowitz, I.S., Greenwald, S.J., Kang, M.H.: An Analysis of the Timed-Z Channel. In: Proc. of IEEE Computer Symposium on Security and Privacy, pp. 2–11 (1996)
Murdoch, S.J., Zielinski, P.: Covert Channels for Collusion in Online Computer Games. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 355–369. Springer, Heidelberg (2004)
National Computer Security Center.: A Guide to Understanding Covert Channel Analysis of Trusted Systems NCSC-TG-30 (1993), available at http://www.radium.ncsc.mil/tpep/library/rainbow/
Sabelfeld, A., Myers, A.C.: Language-based information flow security. IEEE Journal on selected areas in communications 21 (2003)
Son, S.H., Mukkamala, R., David, R.: Integrating Security and Real-Time Requirements using Covert Channel Capacity. IEEE Trans. Knowledge and Data Eng. 12, 865–879 (2000)
Petitcolas, F.A.P., Anderson, R.J., Kuhn, M.G.: Information Hiding-A Survey. In: Proc. of the IEEE Special issue on protection of multimedia content, vol. 87, pp. 1062–1078 (1999)
Volpano, D., Smith, G.: Eliminating covert flows with minimum typings. In: Proc. IEEE CSF, pp. 156–168 (1997)
Wang, Z., Lee, R.: New Constructive Approach to Covert Channel Modeling and Channel Capacity Estimation. In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 498–505. Springer, Heidelberg (2005)
Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: Proc. of IEEE Symposium on Security and Privacy, pp. 74–102 (1997)
Shannon, C.E.: Communication theory of secrecy systems. Bell System Technical Journal 28, 656–715 (1949)
Simmons, G.J.: Contemporary Cryptology. In: The Science of Information Integrity, IEEE Press, New York (1992)
Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: Prod. of Workshop on Communications Security, pp. 51–67. IEEE Press, Los Alamitos (1984)
Simmons, G.J.: The history of subliminal channels. IEEE Journal of Selected Areas in Communications 16, 452–462 (1998)
Anderson, R.J., Vaudenay, S., Preneel, B., Nyberg, K.: The Newton channel, Proc. of Workshop on Information Hiding. In: Anderson, R. (ed.) Information Hiding. LNCS, vol. 1174, pp. 151–156. Springer, Heidelberg (1996)
Simmons, G.J.: Subliminal channels: Past and present. European Transaction on Telecommunications 5, 459–473 (1994)
van der Meyden, R., Wilke, T.: Synthesis of Distributed Systems from Knowledge-Based Specifications. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 562–576. Springer, Heidelberg (2005)
Wittbold, J.T., Johnson, D.M.: Information flow in nondeterministic systems. In: Proc. of IEEE Symposium on Security and Privacy, pp. 144–161 (1990)
Wittbold, J.T., Johnson, D.M.: Results concerning the bandwidth of subliminal channels. IEEE Journal of Selected Areas in Communications 16, 463–473 (1998)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Beauquier, D., Lanotte, R. (2007). Hiding Information in Multi Level Security Systems. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds) Formal Aspects in Security and Trust. FAST 2006. Lecture Notes in Computer Science, vol 4691. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75227-1_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-75227-1_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75226-4
Online ISBN: 978-3-540-75227-1
eBook Packages: Computer ScienceComputer Science (R0)