Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Covert channel resistant information leakage protection using a multi-agent architecture

Covert channel resistant information leakage protection using a multi-agent architecture

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Covert channel attacks utilise shared resources to indirectly transmit sensitive information to unauthorised parties. Current operating systems (e.g. SELinux) rely on tagging the filesystem with security labels and enforcing security policies at the time of access to a file or resource. However, such mechanisms do not provide strong protection against information laundering via covert channels. Colored Linux, an extension to SELinux, utilises watermarking algorithms to ‘colour’ the contents of each file with their respective security classification, or context, to enhance resistance to information laundering attacks. In this study, the authors propose a mobile agent-based approach to automate the process of detecting and colouring receptive hosts' filesystems and monitoring the coloured filesystem for instances of potential information leakage. Implementation details and execution results are included to illustrate the merits of the proposed approach. The authors have also evaluated the performance of their agent-based system over a single host as well as a local network of machines. Finally, using formal method techniques, the authors have proved correctness properties about the agent-based approach and identified and corrected a flaw in their initial implementation.

References

    1. 1)
      • Dugad, R., Ratakonda, K., Ahuja, N.: `A New wavelet-based scheme for watermarking images', Proc. Int. Conf. on Image Processing, October 1998, 2, p. 419–423.
    2. 2)
      • S. Zander , G. Armitage , P. Branch . Covert channels and countermeasures in computer network protocols. IEEE Commun. Mag. , 12 , 136 - 142
    3. 3)
      • M.H. Kang , I.S. Moskowitz , D.C. Lee . A network pump. IEEE Trans. Softw. Eng. , 329 - 338
    4. 4)
      • Qu, H., Su, P., Feng, D.: `A typical noisy covert channel in the IP protocol', Proc. 38th Annual Int. Carnahan Conf. on Security Technology, 2004, p. 189–192.
    5. 5)
      • Cabuk, S., Brodley, C., Shields, C.: `IP covert timing channels: design and detection', Proc. 2004 ACM Conf. on Computer and Communications Security, 2004, p. 178–187.
    6. 6)
      • M. Takesue . (2007) A scheme for protecting the information leakage via portable devices’. Proc. Int. Conf. on Emerging Security Information, Systems, and Technologies.
    7. 7)
      • H. Okhravi , S. Bak . (2008) Colored linux: covert channel resistant OS information flow security.
    8. 8)
      • Melek, A., MacKinnon, M.: `2006 Global Security Survey', Research report, 2006.
    9. 9)
      • Cabuk, S.: `Network covert channels: design, analysis, detection, and elimination', 2006, PhD, Purdue University.
    10. 10)
      • National Computer Security Center: ‘A guide to understanding covert channel analysis of trusted systems’, NCSC-TG-30, November 1993, http://www.radium.ncsc.mil/tpep/library/rainbow, accessed May 2009.
    11. 11)
      • Kowalski, E., Cappelli, D., Moore, A.: `Insider threat study: illicit cyber activity in the information technology and telecommunications sector', Technical report, January 2008, CyLab.
    12. 12)
      • Kang, M.H., Moskowitz, I.S., Lee, D.C.: `The Pump: a decade of covert fun', Proc. 21st Annual Computer Security Applications Conf., 2005, p. 352–360.
    13. 13)
      • Melliar-Smith, P.M., Moser, L.E.: `Protection against covert storage and timing channels', Proc. Computer Security Foundations Workshop IV, 1991, p. 209–214.
    14. 14)
      • R. Love . Kernel korner: intro to inotify. Linux J.
    15. 15)
      • Wang, Z., Lee, R.B.: `Covert and side channels due to processor architecture', Proc. 22nd Annual Computer Security Applications Conf., 2006, p. 473–482.
    16. 16)
      • Alawneh, M., Abbadi, I.M.: `Preventing insider information leakage for enterprises', Proc. Second Int. Conf. on Emerging Security Information, Systems and Technologies, 2008, p. 99–106.
    17. 17)
      • Wang, C., Ju, S.: `Searching covert channels by identifying malicious subjects in the time domain', Proc. Fifth Annual IEEE SMC Information Assurance Workshop, 2004, p. 68–73.
    18. 18)
      • Meerwald, P.: ‘Digital watermarking’, http://www.cosy.sbg.ac.at/~pmeerw/Watermarking/, accessed May 2009.
    19. 19)
      • Gianvecchio, S., Wang, H.: `Detecting covert timing channels: an entropy-based approach', Proc. 14th ACM Conf. on Computer and Communications Security, 2007, p. 307–316.
    20. 20)
      • M. Kaufmann , J.S. Moore . (1996) ACL2: an industrial strength version of Nqthm.
    21. 21)
      • Li, S., Ephremides, A.: `A covert channel in MAC protocols based on splitting algorithms', Proc. IEEE Wireless Communications and Networking Conf., 2005, 2, p. 1168–1173.
    22. 22)
      • H. Chang , K. Kim . (2005) Design of inside information leakage prevention system in ubiquitous computing environment.
    23. 23)
      • A. Burkle , A. Hertel , W. Mller , M. Wieser . Evaluating the security of mobile agent platforms. Auton. Agents Multi-Agent Syst. , 2 , 295 - 311
    24. 24)
      • FIPA communicative Act Library Specification: ‘Foundation for intelligent physical agents’, 2000, http://www.fipa.org/specs/fipa00037/, accessed May 2009.
    25. 25)
      • M. Kaufmann , R.S. Boyer . The Boyer–Moore theorem prover and its interactive enhancement. Comput. Math. Appl. , 2 , 27 - 62
    26. 26)
      • Alawneh, M., Abbadi, I.M.: `Preventing information leakage between collaborating organisations', Proc. Tenth Int. Conf. on Electronic Commerce, 2008, 342, p. 1–10.
    27. 27)
      • C. Tsai , V. Gligor , C. Chandersekaran . On the identification of covert storage channels in secure systems. IEEE Trans. Softw. Eng. , 6 , 569 - 580
    28. 28)
      • Tanaka, H.: `Information leakage via electromagnetic emanation and effectiveness of averaging technique', Proc. Int. Conf. on Information Security and Assurance, April 2008, p. 98–101.
    29. 29)
      • Munoz, A., Mana, A., Harjani, R., Montenegro, M.: `Agent protection based on the use of cryptographic hardware', Proc. 2009 33rd Annual IEEE Int. Computer Software and Applications Conf., 2009, 2, p. 312–317.
    30. 30)
      • G. Steele . (1984) Common LISP: the language (LISP series).
    31. 31)
    32. 32)
      • Millen, J.: `20 years of covert channel modeling and analysis', Proc. 1999 IEEE Symp. on Security and Privacy, 1999, p. 113–114.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2009.0202
Loading

Related content

content/journals/10.1049/iet-ifs.2009.0202
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address