Estimating and measuring covert channel bandwidth in multilevel secure operating systems

Abstract

Covert channels are illicit means of leaking sensitive or private information through system global variables that usually are not part of the interpretation of data objects in the security model. We discovered that some covert channels can be modeled as finite-stare graphs while others cannot. By using various techniques given in the paper, multiple bits of information can be simultaneously transferred through single or multiple covert channels. We present methods to determine and estimate the maximum bandwidths of both finite-state and infinite-state channels, and give the problems and basic rules for their measurement.