Covert channel resistant information leakage protection using a multi-agent architecture

Covert channel attacks utilise shared resources to indirectly transmit sensitive information to unauthorised parties. Current operating systems (e.g. SELinux) rely on tagging the filesystem with security labels and enforcing security policies at the time of access to a file or resource. However, such mechanisms do not provide strong protection against information laundering via covert channels. Colored Linux, an extension to SELinux, utilises watermarking algorithms to ‘colour’ the contents of each file with their respective security classification, or context, to enhance resistance to information laundering attacks. In this study, the authors propose a mobile agent-based approach to automate the process of detecting and colouring receptive hosts' filesystems and monitoring the coloured filesystem for instances of potential information leakage. Implementation details and execution results are included to illustrate the merits of the proposed approach. The authors have also evaluated the performance of their agent-based system over a single host as well as a local network of machines. Finally, using formal method techniques, the authors have proved correctness properties about the agent-based approach and identified and corrected a flaw in their initial implementation.

[1]  J. S. Moore,et al.  ACL2: an industrial strength version of Nqthm , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[2]  Imad M. Abbadi,et al.  Preventing Insider Information Leakage for Enterprises , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.

[3]  Ira S. Moskowitz,et al.  The Pump: a decade of covert fun , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[4]  Louise E. Moser,et al.  Protection against covert storage and timing channels , 1991, Proceedings Computer Security Foundations Workshop IV.

[5]  Narendra Ahuja,et al.  A new wavelet-based scheme for watermarking images , 1998, Proceedings 1998 International Conference on Image Processing. ICIP98 (Cat. No.98CB36269).

[6]  Anthony Ephremides,et al.  A covert channel in MAC protocols based on splitting algorithms , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[7]  Sheng Zhong,et al.  Verifiable distributed oblivious transfer and mobile agent security , 2003, DIALM-POMC '03.

[8]  C. Brodley,et al.  Network covert channels: design, analysis, detection, and elimination , 2006 .

[9]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[10]  Imad M. Abbadi,et al.  Preventing information leakage between collaborating organisations , 2008, ICEC.

[11]  Hangbae Chang,et al.  Design of Inside Information Leakage Prevention System in Ubiquitous Computing Environment , 2005, ICCSA.

[12]  Sheng Zhong,et al.  Verifiable Distributed Oblivious Transfer and Mobile Agent Security , 2006, Mob. Networks Appl..

[13]  Robert Love,et al.  Kernel korner: intro to inotify , 2005 .

[14]  Wilmuth Müller,et al.  Evaluating the security of mobile agent platforms , 2009, Autonomous Agents and Multi-Agent Systems.

[15]  Sebastian Zander,et al.  A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.

[16]  Robert S. Boyer,et al.  The Boyer-Moore theorem prover and its interactive enhancement , 1995 .

[17]  Antonio Maña,et al.  Agent Protection Based on the Use of Cryptographic Hardware , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[18]  H. Tanaka Information Leakage via Electromagnetic Emanation and Effectiveness of Averaging Technique , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[19]  Ruby B. Lee,et al.  Covert and Side Channels Due to Processor Architecture , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[20]  Ingemar J. Cox,et al.  Digital Watermarking , 2003, Lecture Notes in Computer Science.

[21]  Jonathan K. Millen 20 years of covert channel modeling and analysis , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[22]  Martin F. H. Schuurmans,et al.  Digital watermarking , 2002, Proceedings of ASP-DAC/VLSI Design 2002. 7th Asia and South Pacific Design Automation Conference and 15h International Conference on VLSI Design.

[23]  Dengguo Feng,et al.  A typical noisy covert channel in the IP protocol , 2004, 38th Annual 2004 International Carnahan Conference on Security Technology, 2004..

[24]  Masaru Takesue,et al.  A Scheme for Protecting the Information Leakage Via Portable Devices , 2007, The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).

[25]  Virgil D. Gligor,et al.  On the Identification of Covert Storage Channels in Secure Systems , 1990, IEEE Trans. Software Eng..

[26]  Virgil D. Gligor,et al.  A guide to understanding covert channel analysis of trusted systems , 1993 .

[27]  Steven Gianvecchio,et al.  Detecting covert timing channels: an entropy-based approach , 2007, CCS '07.

[28]  Ira S. Moskowitz,et al.  A Network Pump , 1996, IEEE Trans. Software Eng..

[29]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector , 2008 .

[30]  Changda Wang,et al.  Searching covert channels by identifying malicious subjects in the time domain , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..