The covert channel problem
The Canadian Trusted Computer Product Evaluation Criteria (CTCPEC), the U.S. Trusted Computer System Evaluation Criteria (TCSEC), the Information Technology Security Evaluation Criteria - the harmonized criteria of France, Germany, The Netherlands and The United Kingdom (ITSEC), and other criteria have been developed to aid in the analysis of computer systems to ensure that two processes at different security levels cannot directly communicate information in violation of security policies. Despite the guidelines in these criteria along with other techniques, many systems suffer from processes that communicate by means of covert channels. In this report, covert channels are defined. A review of the related research activities is given along with methodologies of how to detect covert channels and how to handle them. Since the covert channel problem encroaches on other areas in computer science such as communication theory, networks, and databases, these relationships will be explored with emphasis on multilevel database systems.