Information leakage detection in distributed systems using software agents

Covert channel attacks utilize shared resources to indirectly transmit sensitive information to unauthorized parties. Current security mechanisms such as SELinux rely on tagging the filesystem with access control properties. However, such mechanisms do not provide strong protection against information laundering via covert channels. Colored Linux [20], an extension to SELinux, utilizes watermarking algorithms to “color” the contents of each file with their respective security classification to enhance resistance to information laundering attacks. In this paper, we propose a mobile agent-based approach to automate the process of detecting and coloring receptive hosts' filesystems and monitoring the colored filesystem for instances of potential information leakage. Implementation details and execution results are included to illustrate the merits of the proposed approach.

[1]  Bo Chen,et al.  Mobile‐C: a mobile agent platform for mobile C/C++ agents , 2006, Softw. Pract. Exp..

[2]  C. Brodley,et al.  Network covert channels: design, analysis, detection, and elimination , 2006 .

[3]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[4]  Ira S. Moskowitz,et al.  The Pump: a decade of covert fun , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[5]  Imad M. Abbadi,et al.  Preventing information leakage between collaborating organisations , 2008, ICEC.

[6]  Louise E. Moser,et al.  Protection against covert storage and timing channels , 1991, Proceedings Computer Security Foundations Workshop IV.

[7]  Virgil D. Gligor,et al.  On the Identification of Covert Storage Channels in Secure Systems , 1990, IEEE Trans. Software Eng..

[8]  Virgil D. Gligor,et al.  A guide to understanding covert channel analysis of trusted systems , 1993 .

[9]  Changda Wang,et al.  Searching covert channels by identifying malicious subjects in the time domain , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[10]  Masaru Takesue,et al.  A Scheme for Protecting the Information Leakage Via Portable Devices , 2007, The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).

[11]  H. Tanaka Information Leakage via Electromagnetic Emanation and Effectiveness of Averaging Technique , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[12]  Nicolas Lhuillier,et al.  FOUNDATION FOR INTELLIGENT PHYSICAL AGENTS , 2003 .

[13]  Dengguo Feng,et al.  A typical noisy covert channel in the IP protocol , 2004, 38th Annual 2004 International Carnahan Conference on Security Technology, 2004..

[14]  Anthony Ephremides,et al.  A covert channel in MAC protocols based on splitting algorithms , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[15]  Jonathan K. Millen 20 years of covert channel modeling and analysis , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[16]  Narendra Ahuja,et al.  A new wavelet-based scheme for watermarking images , 1998, Proceedings 1998 International Conference on Image Processing. ICIP98 (Cat. No.98CB36269).

[17]  Robert Love,et al.  Kernel korner: intro to inotify , 2005 .

[18]  Ruby B. Lee,et al.  Covert and Side Channels Due to Processor Architecture , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[19]  Bo Chen,et al.  Mobile-C: a mobile agent platform for mobile C-C++ agents , 2006 .

[20]  Hangbae Chang,et al.  Design of Inside Information Leakage Prevention System in Ubiquitous Computing Environment , 2005, ICCSA.

[21]  Imad M. Abbadi,et al.  Preventing Insider Information Leakage for Enterprises , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.

[22]  Sebastian Zander,et al.  A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.

[23]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector , 2008 .

[24]  Steven Gianvecchio,et al.  Detecting covert timing channels: an entropy-based approach , 2007, CCS '07.

[25]  Ira S. Moskowitz,et al.  A Network Pump , 1996, IEEE Trans. Software Eng..