Abstract
The NRL Pump protocol defines a multilevel secure component whose goal is to minimize leaks of information from high level systems to lower level systems, without degrading average time performances. We define a probabilistic model for the NRL Pump and show how a probabilistic model checker (FHP-murϕ) can be used to estimate the capacity of a probabilistic covert channel in the NRL Pump. We are able to compute the probability of a security violation as a function of time for various configurations of the system parameters (e.g. buffer sizes, moving average size, etc). Because of the model complexity, our results cannot be obtained using an analytical approach and, because of the low probabilities involved, it can be hard to obtain them using a simulator.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abbott, R.K., Garcia-Molina, H.: Scheduling Real-Time Transactions: a Performance Evaluation. ACM Trans. Database Syst. 17(3), 513–560 (1992)
Bell, D., La Padula, L.J.: Secure Computer Systems: Unified Exposition and Multics Interpretation. Tech. Rep. ESD-TR-75-301, MITRE MTR-2997 (1976)
David, R., Son, S.H.: A Secure Two Phase Locking Protocol. In: Proc. IEEE Symp. on Reliable Distributed Systems, pp. 126–135 (1993)
Della Penna, G., Intrigila, B., Melatti, I., Tronci, E., Zilli, M.V.: Finite Horizon Analysis of Markov Chains with the Murphi Verifier. In: Geist, D., Tronci, E. (eds.) CHARME 2003. LNCS, vol. 2860, pp. 394–409. Springer, Heidelberg (2003)
Della Penna, G., Intrigila, B., Melatti, I., Tronci, E., Zilli, M.V.: Finite Horizon Analysis of Stochastic Systems with the Murphi Verifier. In: Blundo, C., Laneve, C. (eds.) ICTCS 2003. LNCS, vol. 2841, pp. 58–71. Springer, Heidelberg (2003)
Dill, D.L., Drexler, A.J., Hu, A.J., Han Yang, C.: Protocol Verification as a Hardware Design Aid. In: Proc. IEEE Int. Conf. on Computer Design on VLSI in Computer & Processors, pp. 522–525 (1992)
Gray, J., Reuter, A.: Transaction Processing: Concepts and Techniques. Morgan Kaufmann Publishers Inc., San Francisco (1992)
Kang, M.H., Froscher, J., Moskowitz, I.S.: A Framework for MLS Interoperability. In: Proc. IEEE High Assurance Systems Engineering Workshop, pp. 198–205 (1996)
Kang, M.H., Froscher, J., Moskowitz, I.S.: An Architecture for Multilevel Security Interoperability. In: Proc. IEEE Computer Security Application Conf. (1997)
Kang, M.H., Moore, A.P., Moskowitz, I.S.: Design and Assurance Strategy for the NRL Pump. IEEE Computer 31(4), 56–64 (1998)
Kang, M.H., Moskowitz, I.S.: A Pump for Rapid, Reliable, Secure Communication. In: Proc. ACM Conf. on Computer and Communication Security, pp. 119–129 (1993)
Kang, M.H., Moskowitz, I.S., Lee, D.: A Network Pump. IEEE Trans. Software Eng. 22(5), 329–338 (1996)
Moskowitz, I.S., Miller, A.R.: The Channel Capacity of a Certain Noisy Timing Channel. IEEE Trans. Information Theory 38(4) (1992)
PRISM Web Page, http://www.cs.bham.ac.uk/~dxp/prism/
Kwiatkowska, M., Norman, G., Parker, D.: PRISM: Probabilistic Symbolic Model Checker. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 200–204. Springer, Heidelberg (2002)
Kwiatkowska, M., Norman, G., Parker, D.: Probabilistic Symbolic Model Checking with PRISM: A Hybrid Approach. In: Katoen, J.-P., Stevens, P. (eds.) TACAS 2002. LNCS, vol. 2280, p. 52. Springer, Heidelberg (2002)
Meadows, C.: What Makes a Cryptographic Protocol Secure? The Evolution of Requirements Specification in Formal Cryptographic Protocol Analysis. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 10–21. Springer, Heidelberg (2003)
Mitchell, J.C., Mitchell, M., Stern, U.: Automated Analysis of Cryptographic Protocols using Murϕ. In: Proc. IEEE Symp. on Security and Privacy, pp. 141–151 (1997)
Mitchell, J.C., Shmatikov, V., Stern, U.: Finite-State Analysis of SSL 3.0. In: Proc. USENIX Security Symp. (1998)
Son, S.H., Mukkamala, R., David, R.: Integrating Security and Real-Time Requirements Using Covert Channel Capacity. IEEE Trans. Knowl. Data Eng. 12(6), 865–879 (2000)
Murphi Web Page, http://sprout.stanford.edu/dill/murphi.html
Cached Murphi Web Page, http://www.dsi.uniroma1.it/~tronci/cached.murphi.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lanotte, R., Maggiolo-Schettini, A., Tini, S., Troina, A., Tronci, E. (2004). Automatic Covert Channel Analysis of a Multilevel Secure Component. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-30191-2_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23563-7
Online ISBN: 978-3-540-30191-2
eBook Packages: Springer Book Archive