Covert channel resistant information leakage protection using a multi-agent architecture

Covert channel resistant information leakage protection using a multi-agent architecture

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Covert channel attacks utilise shared resources to indirectly transmit sensitive information to unauthorised parties. Current operating systems (e.g. SELinux) rely on tagging the filesystem with security labels and enforcing security policies at the time of access to a file or resource. However, such mechanisms do not provide strong protection against information laundering via covert channels. Colored Linux, an extension to SELinux, utilises watermarking algorithms to ‘colour’ the contents of each file with their respective security classification, or context, to enhance resistance to information laundering attacks. In this study, the authors propose a mobile agent-based approach to automate the process of detecting and colouring receptive hosts' filesystems and monitoring the coloured filesystem for instances of potential information leakage. Implementation details and execution results are included to illustrate the merits of the proposed approach. The authors have also evaluated the performance of their agent-based system over a single host as well as a local network of machines. Finally, using formal method techniques, the authors have proved correctness properties about the agent-based approach and identified and corrected a flaw in their initial implementation.


    1. 1)
      • National Computer Security Center: ‘A guide to understanding covert channel analysis of trusted systems’, NCSC-TG-30, November 1993,, accessed May 2009
    2. 2)
      • Colored linux: covert channel resistant OS information flow security
    3. 3)
      • Tanaka, H.: `Information leakage via electromagnetic emanation and effectiveness of averaging technique', Proc. Int. Conf. on Information Security and Assurance, April 2008, p. 98–101
    4. 4)
      • Melek, A., MacKinnon, M.: `2006 Global Security Survey', Research report, 2006
    5. 5)
      • Kowalski, E., Cappelli, D., Moore, A.: `Insider threat study: illicit cyber activity in the information technology and telecommunications sector', Technical report, January 2008, CyLab
    6. 6)
      • Alawneh, M., Abbadi, I.M.: `Preventing information leakage between collaborating organisations', Proc. Tenth Int. Conf. on Electronic Commerce, 2008, 342, p. 1–10
    7. 7)
      • Alawneh, M., Abbadi, I.M.: `Preventing insider information leakage for enterprises', Proc. Second Int. Conf. on Emerging Security Information, Systems and Technologies, 2008, p. 99–106
    8. 8)
      • A scheme for protecting the information leakage via portable devices’. Proc. Int. Conf. on Emerging Security Information, Systems, and Technologies
    9. 9)
      • Design of inside information leakage prevention system in ubiquitous computing environment
    10. 10)
      • Cabuk, S.: `Network covert channels: design, analysis, detection, and elimination', 2006, PhD, Purdue University
    11. 11)
      • Millen, J.: `20 years of covert channel modeling and analysis', Proc. 1999 IEEE Symp. on Security and Privacy, 1999, p. 113–114
    12. 12)
      • Covert channels and countermeasures in computer network protocols
    13. 13)
      • Qu, H., Su, P., Feng, D.: `A typical noisy covert channel in the IP protocol', Proc. 38th Annual Int. Carnahan Conf. on Security Technology, 2004, p. 189–192
    14. 14)
      • Li, S., Ephremides, A.: `A covert channel in MAC protocols based on splitting algorithms', Proc. IEEE Wireless Communications and Networking Conf., 2005, 2, p. 1168–1173
    15. 15)
      • Cabuk, S., Brodley, C., Shields, C.: `IP covert timing channels: design and detection', Proc. 2004 ACM Conf. on Computer and Communications Security, 2004, p. 178–187
    16. 16)
      • Wang, Z., Lee, R.B.: `Covert and side channels due to processor architecture', Proc. 22nd Annual Computer Security Applications Conf., 2006, p. 473–482
    17. 17)
      • On the identification of covert storage channels in secure systems
    18. 18)
      • Wang, C., Ju, S.: `Searching covert channels by identifying malicious subjects in the time domain', Proc. Fifth Annual IEEE SMC Information Assurance Workshop, 2004, p. 68–73
    19. 19)
      • Gianvecchio, S., Wang, H.: `Detecting covert timing channels: an entropy-based approach', Proc. 14th ACM Conf. on Computer and Communications Security, 2007, p. 307–316
    20. 20)
      • Melliar-Smith, P.M., Moser, L.E.: `Protection against covert storage and timing channels', Proc. Computer Security Foundations Workshop IV, 1991, p. 209–214
    21. 21)
      • A network pump
    22. 22)
      • Kang, M.H., Moskowitz, I.S., Lee, D.C.: `The Pump: a decade of covert fun', Proc. 21st Annual Computer Security Applications Conf., 2005, p. 352–360
    23. 23)
    24. 24)
      • Evaluating the security of mobile agent platforms
    25. 25)
      • Munoz, A., Mana, A., Harjani, R., Montenegro, M.: `Agent protection based on the use of cryptographic hardware', Proc. 2009 33rd Annual IEEE Int. Computer Software and Applications Conf., 2009, 2, p. 312–317
    26. 26)
      • FIPA communicative Act Library Specification: ‘Foundation for intelligent physical agents’, 2000,, accessed May 2009
    27. 27)
      • Kernel korner: intro to inotify
    28. 28)
      • Dugad, R., Ratakonda, K., Ahuja, N.: `A New wavelet-based scheme for watermarking images', Proc. Int. Conf. on Image Processing, October 1998, 2, p. 419–423
    29. 29)
      • Meerwald, P.: ‘Digital watermarking’,, accessed May 2009
    30. 30)
      • ACL2: an industrial strength version of Nqthm
    31. 31)
      • The Boyer–Moore theorem prover and its interactive enhancement
    32. 32)
      • Common LISP: the language (LISP series)

Related content

This is a required field
Please enter a valid email address