Covert channel resistant information leakage protection using a multi-agent architecture

Covert channel resistant information leakage protection using a multi-agent architecture

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Covert channel attacks utilise shared resources to indirectly transmit sensitive information to unauthorised parties. Current operating systems (e.g. SELinux) rely on tagging the filesystem with security labels and enforcing security policies at the time of access to a file or resource. However, such mechanisms do not provide strong protection against information laundering via covert channels. Colored Linux, an extension to SELinux, utilises watermarking algorithms to ‘colour’ the contents of each file with their respective security classification, or context, to enhance resistance to information laundering attacks. In this study, the authors propose a mobile agent-based approach to automate the process of detecting and colouring receptive hosts' filesystems and monitoring the coloured filesystem for instances of potential information leakage. Implementation details and execution results are included to illustrate the merits of the proposed approach. The authors have also evaluated the performance of their agent-based system over a single host as well as a local network of machines. Finally, using formal method techniques, the authors have proved correctness properties about the agent-based approach and identified and corrected a flaw in their initial implementation.


    1. 1)
      • National Computer Security Center: ‘A guide to understanding covert channel analysis of trusted systems’, NCSC-TG-30, November 1993,, accessed May 2009.
    2. 2)
      • H. Okhravi , S. Bak . (2008) Colored linux: covert channel resistant OS information flow security.
    3. 3)
      • Tanaka, H.: `Information leakage via electromagnetic emanation and effectiveness of averaging technique', Proc. Int. Conf. on Information Security and Assurance, April 2008, p. 98–101.
    4. 4)
      • Melek, A., MacKinnon, M.: `2006 Global Security Survey', Research report, 2006.
    5. 5)
      • Kowalski, E., Cappelli, D., Moore, A.: `Insider threat study: illicit cyber activity in the information technology and telecommunications sector', Technical report, January 2008, CyLab.
    6. 6)
      • Alawneh, M., Abbadi, I.M.: `Preventing information leakage between collaborating organisations', Proc. Tenth Int. Conf. on Electronic Commerce, 2008, 342, p. 1–10.
    7. 7)
      • Alawneh, M., Abbadi, I.M.: `Preventing insider information leakage for enterprises', Proc. Second Int. Conf. on Emerging Security Information, Systems and Technologies, 2008, p. 99–106.
    8. 8)
      • M. Takesue . (2007) A scheme for protecting the information leakage via portable devices’. Proc. Int. Conf. on Emerging Security Information, Systems, and Technologies.
    9. 9)
      • H. Chang , K. Kim . (2005) Design of inside information leakage prevention system in ubiquitous computing environment.
    10. 10)
      • Cabuk, S.: `Network covert channels: design, analysis, detection, and elimination', 2006, PhD, Purdue University.
    11. 11)
      • Millen, J.: `20 years of covert channel modeling and analysis', Proc. 1999 IEEE Symp. on Security and Privacy, 1999, p. 113–114.
    12. 12)
      • S. Zander , G. Armitage , P. Branch . Covert channels and countermeasures in computer network protocols. IEEE Commun. Mag. , 12 , 136 - 142
    13. 13)
      • Qu, H., Su, P., Feng, D.: `A typical noisy covert channel in the IP protocol', Proc. 38th Annual Int. Carnahan Conf. on Security Technology, 2004, p. 189–192.
    14. 14)
      • Li, S., Ephremides, A.: `A covert channel in MAC protocols based on splitting algorithms', Proc. IEEE Wireless Communications and Networking Conf., 2005, 2, p. 1168–1173.
    15. 15)
      • Cabuk, S., Brodley, C., Shields, C.: `IP covert timing channels: design and detection', Proc. 2004 ACM Conf. on Computer and Communications Security, 2004, p. 178–187.
    16. 16)
      • Wang, Z., Lee, R.B.: `Covert and side channels due to processor architecture', Proc. 22nd Annual Computer Security Applications Conf., 2006, p. 473–482.
    17. 17)
      • C. Tsai , V. Gligor , C. Chandersekaran . On the identification of covert storage channels in secure systems. IEEE Trans. Softw. Eng. , 6 , 569 - 580
    18. 18)
      • Wang, C., Ju, S.: `Searching covert channels by identifying malicious subjects in the time domain', Proc. Fifth Annual IEEE SMC Information Assurance Workshop, 2004, p. 68–73.
    19. 19)
      • Gianvecchio, S., Wang, H.: `Detecting covert timing channels: an entropy-based approach', Proc. 14th ACM Conf. on Computer and Communications Security, 2007, p. 307–316.
    20. 20)
      • Melliar-Smith, P.M., Moser, L.E.: `Protection against covert storage and timing channels', Proc. Computer Security Foundations Workshop IV, 1991, p. 209–214.
    21. 21)
      • M.H. Kang , I.S. Moskowitz , D.C. Lee . A network pump. IEEE Trans. Softw. Eng. , 329 - 338
    22. 22)
      • Kang, M.H., Moskowitz, I.S., Lee, D.C.: `The Pump: a decade of covert fun', Proc. 21st Annual Computer Security Applications Conf., 2005, p. 352–360.
    23. 23)
    24. 24)
      • A. Burkle , A. Hertel , W. Mller , M. Wieser . Evaluating the security of mobile agent platforms. Auton. Agents Multi-Agent Syst. , 2 , 295 - 311
    25. 25)
      • Munoz, A., Mana, A., Harjani, R., Montenegro, M.: `Agent protection based on the use of cryptographic hardware', Proc. 2009 33rd Annual IEEE Int. Computer Software and Applications Conf., 2009, 2, p. 312–317.
    26. 26)
      • FIPA communicative Act Library Specification: ‘Foundation for intelligent physical agents’, 2000,, accessed May 2009.
    27. 27)
      • R. Love . Kernel korner: intro to inotify. Linux J.
    28. 28)
      • Dugad, R., Ratakonda, K., Ahuja, N.: `A New wavelet-based scheme for watermarking images', Proc. Int. Conf. on Image Processing, October 1998, 2, p. 419–423.
    29. 29)
      • Meerwald, P.: ‘Digital watermarking’,, accessed May 2009.
    30. 30)
      • M. Kaufmann , J.S. Moore . (1996) ACL2: an industrial strength version of Nqthm.
    31. 31)
      • M. Kaufmann , R.S. Boyer . The Boyer–Moore theorem prover and its interactive enhancement. Comput. Math. Appl. , 2 , 27 - 62
    32. 32)
      • G. Steele . (1984) Common LISP: the language (LISP series).

Related content

This is a required field
Please enter a valid email address