Abstract
Covert channels are illegal information flows in systems. Recent research has shown how to detect covert channels in scenario descriptions. This paper recalls these results, and proposes a case study illustrating how scenarios can be used to detect illegal information flows from a scenario description of a protocol. Once a covert information flow is discovered, its bandwidth is computed using the (max, +) algebra.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andrews, G., Reitmans, R.: An axiomatic approach to information flows in programs. ACM transactions on Programming Languages and Systems 2, 56–76 (1980)
Bell, D., La Padula, J.: Secure computer systems: mathematical foundations. Mitre technical report 2547, MITRE, Vol. I (1973)
Bell, D., La Padula, J.: Secure computer systems: a mathematical model. MITRE technical report 2547, MITRE, Vol. II (1973)
Criteria, C.: Common criteria for information technology security evaluation part 3: Security assurance requirements. Technical Report CCIMB-99-033, CCIMB (1999)
Goguen, J., Meseguer, J.: Security policies and security models. In: Press, I.C.S. (ed.) Proc. of IEEE Symposium on Security and Privacy, pp. 11–20 (1982)
Hélouét, L.: Distributed system requirements modeling with message sequence charts: the case of the rmtp2 protocol. Information and Software Technology 45, 701–714 (2003)
Hélouét, L., Zeitoun, M., Jard, C.: Covert channels detection in protocols using scenarios. In: Proc. of SPV 2003 Security Protocols Verification (2003)
ITU-T: Recommendation Z.120 (11/99), Message Sequence Charts (MSC). International Telecommunication Union, Geneva
Katoen, J.-P., Lambert, L.: Pomsets for message sequence charts. In: Proceedings of SAM 1998: 1st conference on SDL and MSC, Berlin, pp. 281–290 (1998)
Kemmerer, R.: Shared ressources matrix methodology: an approach to indentifying storage and timing channels. ACM Transactions on Computer Systems 1, 256–277 (1983)
Lampson, B.: A note on the confinement problem. Communication of the ACM 16, 613–615 (1973)
Le Maigat, P., Hélouét, L.: A (max,+) approach for time in message sequence charts. In: 5th Workshop on Discrete Event Systems, WODES 2000 (2000)
Le Maigat, P.: Techniques algébriques Max-Plus pour l’analyse des performances temporelles de systèmes concurrents. PhD thesis, Université de Rennes 1 (2002)
Lipner, S.: A comment on the confinement problem. In: Proceedings of the Fifth Symposium on Operating systems Principles (1975)
Lowe, G.: Quantifying information flow. In: Proceedings of the 7th European Symposium on Research in Computer Security(ESORICS) (2002)
Montgomery, T., Whetten, B., Basavaiah, M., Paul, S., Rastogi, N., Conlan, J., Yeh, T.: The RMTP2 protocol. IETF draft, Internet Engineering Task Force (1998)
NSA/NCSC: A guide to understanding covert channel analysis of trusted systems. Technical report, NSA/NCSC (1993)
Reniers, M.: Message Sequence Charts: Syntax and Semantics. PhD thesis, Eindhoven University of Technology (1998)
Reniers, M., Mauw, S.: High-level message sequence charts. In: Cavalli, A., Sarma, A. (eds.) SDL 1997: Time for Testing - SDL, MSC and Trends. Proc. of the 8th SDL Forum, Evry, France, pp. 291–306 (1997)
Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on selected areas in communications 21 (2003)
Volpano, D., Smith, G.: Eliminating covert flows with minimum typings. In: Proc. 10th IEEE Computer Security Foundations Workshop, pp. 156–168 (1997)
Whetten, B., Paul, S., Taskale, G.: RMTP-II overview. Talarian white paper, Talarian Corporation (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hélouët, L. (2005). Finding Covert Channels in Protocols with Message Sequence Charts: The Case of RMTP2. In: Amyot, D., Williams, A.W. (eds) System Analysis and Modeling. SAM 2004. Lecture Notes in Computer Science, vol 3319. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31810-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-31810-1_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24561-2
Online ISBN: 978-3-540-31810-1
eBook Packages: Computer ScienceComputer Science (R0)