Finding Covert Channels in Protocols with Message Sequence Charts: The Case of RMTP2

  • Loic Hélouët
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3319)


Covert channels are illegal information flows in systems. Recent research has shown how to detect covert channels in scenario descriptions. This paper recalls these results, and proposes a case study illustrating how scenarios can be used to detect illegal information flows from a scenario description of a protocol. Once a covert information flow is discovered, its bandwidth is computed using the (max, +) algebra.


Data Packet Control Node Covert Channel Faulty Node Retransmission Packet 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Andrews, G., Reitmans, R.: An axiomatic approach to information flows in programs. ACM transactions on Programming Languages and Systems 2, 56–76 (1980)zbMATHCrossRefGoogle Scholar
  2. 2.
    Bell, D., La Padula, J.: Secure computer systems: mathematical foundations. Mitre technical report 2547, MITRE, Vol. I (1973)Google Scholar
  3. 3.
    Bell, D., La Padula, J.: Secure computer systems: a mathematical model. MITRE technical report 2547, MITRE, Vol. II (1973)Google Scholar
  4. 4.
    Criteria, C.: Common criteria for information technology security evaluation part 3: Security assurance requirements. Technical Report CCIMB-99-033, CCIMB (1999)Google Scholar
  5. 5.
    Goguen, J., Meseguer, J.: Security policies and security models. In: Press, I.C.S. (ed.) Proc. of IEEE Symposium on Security and Privacy, pp. 11–20 (1982)Google Scholar
  6. 6.
    Hélouét, L.: Distributed system requirements modeling with message sequence charts: the case of the rmtp2 protocol. Information and Software Technology 45, 701–714 (2003)CrossRefGoogle Scholar
  7. 7.
    Hélouét, L., Zeitoun, M., Jard, C.: Covert channels detection in protocols using scenarios. In: Proc. of SPV 2003 Security Protocols Verification (2003)Google Scholar
  8. 8.
    ITU-T: Recommendation Z.120 (11/99), Message Sequence Charts (MSC). International Telecommunication Union, Geneva Google Scholar
  9. 9.
    Katoen, J.-P., Lambert, L.: Pomsets for message sequence charts. In: Proceedings of SAM 1998: 1st conference on SDL and MSC, Berlin, pp. 281–290 (1998)Google Scholar
  10. 10.
    Kemmerer, R.: Shared ressources matrix methodology: an approach to indentifying storage and timing channels. ACM Transactions on Computer Systems 1, 256–277 (1983)CrossRefGoogle Scholar
  11. 11.
    Lampson, B.: A note on the confinement problem. Communication of the ACM 16, 613–615 (1973)CrossRefGoogle Scholar
  12. 12.
    Le Maigat, P., Hélouét, L.: A (max,+) approach for time in message sequence charts. In: 5th Workshop on Discrete Event Systems, WODES 2000 (2000)Google Scholar
  13. 13.
    Le Maigat, P.: Techniques algébriques Max-Plus pour l’analyse des performances temporelles de systèmes concurrents. PhD thesis, Université de Rennes 1 (2002) Google Scholar
  14. 14.
    Lipner, S.: A comment on the confinement problem. In: Proceedings of the Fifth Symposium on Operating systems Principles (1975)Google Scholar
  15. 15.
    Lowe, G.: Quantifying information flow. In: Proceedings of the 7th European Symposium on Research in Computer Security(ESORICS) (2002)Google Scholar
  16. 16.
    Montgomery, T., Whetten, B., Basavaiah, M., Paul, S., Rastogi, N., Conlan, J., Yeh, T.: The RMTP2 protocol. IETF draft, Internet Engineering Task Force (1998)Google Scholar
  17. 17.
    NSA/NCSC: A guide to understanding covert channel analysis of trusted systems. Technical report, NSA/NCSC (1993) Google Scholar
  18. 18.
    Reniers, M.: Message Sequence Charts: Syntax and Semantics. PhD thesis, Eindhoven University of Technology (1998) Google Scholar
  19. 19.
    Reniers, M., Mauw, S.: High-level message sequence charts. In: Cavalli, A., Sarma, A. (eds.) SDL 1997: Time for Testing - SDL, MSC and Trends. Proc. of the 8th SDL Forum, Evry, France, pp. 291–306 (1997)Google Scholar
  20. 20.
    Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on selected areas in communications 21 (2003)Google Scholar
  21. 21.
    Volpano, D., Smith, G.: Eliminating covert flows with minimum typings. In: Proc. 10th IEEE Computer Security Foundations Workshop, pp. 156–168 (1997)Google Scholar
  22. 22.
    Whetten, B., Paul, S., Taskale, G.: RMTP-II overview. Talarian white paper, Talarian Corporation (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Loic Hélouët
    • 1
  1. 1.IRISARennesFrance

Personalised recommendations