Skip to main content
SpringerLink
Log in

Automatic Covert Channel Analysis of a Multilevel Secure Component

  • Conference paper
Book cover Information and Communications Security (ICICS 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3269))

Included in the following conference series:

Abstract

The NRL Pump protocol defines a multilevel secure component whose goal is to minimize leaks of information from high level systems to lower level systems, without degrading average time performances. We define a probabilistic model for the NRL Pump and show how a probabilistic model checker (FHP-murϕ) can be used to estimate the capacity of a probabilistic covert channel in the NRL Pump. We are able to compute the probability of a security violation as a function of time for various configurations of the system parameters (e.g. buffer sizes, moving average size, etc). Because of the model complexity, our results cannot be obtained using an analytical approach and, because of the low probabilities involved, it can be hard to obtain them using a simulator.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abbott, R.K., Garcia-Molina, H.: Scheduling Real-Time Transactions: a Performance Evaluation. ACM Trans. Database Syst. 17(3), 513–560 (1992)

    Article  Google Scholar 

  2. Bell, D., La Padula, L.J.: Secure Computer Systems: Unified Exposition and Multics Interpretation. Tech. Rep. ESD-TR-75-301, MITRE MTR-2997 (1976)

    Google Scholar 

  3. David, R., Son, S.H.: A Secure Two Phase Locking Protocol. In: Proc. IEEE Symp. on Reliable Distributed Systems, pp. 126–135 (1993)

    Google Scholar 

  4. Della Penna, G., Intrigila, B., Melatti, I., Tronci, E., Zilli, M.V.: Finite Horizon Analysis of Markov Chains with the Murphi Verifier. In: Geist, D., Tronci, E. (eds.) CHARME 2003. LNCS, vol. 2860, pp. 394–409. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  5. Della Penna, G., Intrigila, B., Melatti, I., Tronci, E., Zilli, M.V.: Finite Horizon Analysis of Stochastic Systems with the Murphi Verifier. In: Blundo, C., Laneve, C. (eds.) ICTCS 2003. LNCS, vol. 2841, pp. 58–71. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Dill, D.L., Drexler, A.J., Hu, A.J., Han Yang, C.: Protocol Verification as a Hardware Design Aid. In: Proc. IEEE Int. Conf. on Computer Design on VLSI in Computer & Processors, pp. 522–525 (1992)

    Google Scholar 

  7. Gray, J., Reuter, A.: Transaction Processing: Concepts and Techniques. Morgan Kaufmann Publishers Inc., San Francisco (1992)

    Google Scholar 

  8. Kang, M.H., Froscher, J., Moskowitz, I.S.: A Framework for MLS Interoperability. In: Proc. IEEE High Assurance Systems Engineering Workshop, pp. 198–205 (1996)

    Google Scholar 

  9. Kang, M.H., Froscher, J., Moskowitz, I.S.: An Architecture for Multilevel Security Interoperability. In: Proc. IEEE Computer Security Application Conf. (1997)

    Google Scholar 

  10. Kang, M.H., Moore, A.P., Moskowitz, I.S.: Design and Assurance Strategy for the NRL Pump. IEEE Computer 31(4), 56–64 (1998)

    Google Scholar 

  11. Kang, M.H., Moskowitz, I.S.: A Pump for Rapid, Reliable, Secure Communication. In: Proc. ACM Conf. on Computer and Communication Security, pp. 119–129 (1993)

    Google Scholar 

  12. Kang, M.H., Moskowitz, I.S., Lee, D.: A Network Pump. IEEE Trans. Software Eng. 22(5), 329–338 (1996)

    Article  Google Scholar 

  13. Moskowitz, I.S., Miller, A.R.: The Channel Capacity of a Certain Noisy Timing Channel. IEEE Trans. Information Theory 38(4) (1992)

    Google Scholar 

  14. PRISM Web Page, http://www.cs.bham.ac.uk/~dxp/prism/

  15. Kwiatkowska, M., Norman, G., Parker, D.: PRISM: Probabilistic Symbolic Model Checker. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 200–204. Springer, Heidelberg (2002)

    Google Scholar 

  16. Kwiatkowska, M., Norman, G., Parker, D.: Probabilistic Symbolic Model Checking with PRISM: A Hybrid Approach. In: Katoen, J.-P., Stevens, P. (eds.) TACAS 2002. LNCS, vol. 2280, p. 52. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  17. Meadows, C.: What Makes a Cryptographic Protocol Secure? The Evolution of Requirements Specification in Formal Cryptographic Protocol Analysis. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 10–21. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  18. Mitchell, J.C., Mitchell, M., Stern, U.: Automated Analysis of Cryptographic Protocols using Murϕ. In: Proc. IEEE Symp. on Security and Privacy, pp. 141–151 (1997)

    Google Scholar 

  19. Mitchell, J.C., Shmatikov, V., Stern, U.: Finite-State Analysis of SSL 3.0. In: Proc. USENIX Security Symp. (1998)

    Google Scholar 

  20. Son, S.H., Mukkamala, R., David, R.: Integrating Security and Real-Time Requirements Using Covert Channel Capacity. IEEE Trans. Knowl. Data Eng. 12(6), 865–879 (2000)

    Article  Google Scholar 

  21. Murphi Web Page, http://sprout.stanford.edu/dill/murphi.html

  22. Cached Murphi Web Page, http://www.dsi.uniroma1.it/~tronci/cached.murphi.html

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Scienze della Cultura, Politiche e dell’Informazione, Università dell’Insubria,  

    Ruggero Lanotte & Simone Tini

  2. Dipartimento di Informatica, Università di Pisa,  

    Andrea Maggiolo-Schettini & Angelo Troina

  3. Dipartimento di Informatica, Università di Roma “La Sapienza”,  

    Enrico Tronci

Authors
  1. Ruggero Lanotte
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrea Maggiolo-Schettini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Simone Tini
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Angelo Troina
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Enrico Tronci
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier Lopez

  2. Chinese Academy of Sciences, Institute of Softwear, 100080, Beijing, China

    Sihan Qing

  3. Graduate School of Systems and Information Engineering, University of Tsukuba, 1-1-1 Tennodai, Tsukuba, 305-8573, Ibaraki, Japan

    Eiji Okamoto

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lanotte, R., Maggiolo-Schettini, A., Tini, S., Troina, A., Tronci, E. (2004). Automatic Covert Channel Analysis of a Multilevel Secure Component. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30191-2_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23563-7

  • Online ISBN: 978-3-540-30191-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation