This paper presents a formal and systematic model for analysis and testing of secure systems. The concept of security dependency is first introduced, and certain rules and theorems of security dependency are then formally described. These rules can be used as a basis for static analysis, dynamic testing, and covert channel analysis for a secure system. The major feature of the model presented i...

Building on our published mechanisation of the probabilistic program logic pGCL we present a verified lattice scheduler, a standard covert-channel mitigation technique, employing randomisation as an elegant means of ensuring starvation-freeness. We show that this scheduler enforces probabilistic non-leakage, in addition to non-starvation. The refinement framework employed is compatible with tha...

Several theorists have argued in favor of a distinction between overt and covert narcissism, and factor analytic studies have supported this distinction. In this paper I demonstrate that overt narcissists report higher self-esteem and higher satisfaction with life, whereas covert narcissists report lower self-esteem and lower satisfaction with life. I also present mediational models to explain ...

Numerous network anomaly detection techniques utilize traffic summaries (e.g., NetFlow records) to detect and diagnose attacks. In this paper we investigate the limits of such approaches, by introducing a technique by which compromised hosts can communicate without altering the behavior of the network as evidenced in summary records of many common types. Our technique builds on two key observat...

In 1985, we outlined an information flow tool for the Gypsy language that could be used to support covert channel analysis. The proposed tool offered substantial advantages over existing tools in flexibility and promised to be useful for a variety of analyses. Two versions of the tool were subsequently built and used for a variety of MLS and other projects. This paper draws on the original, add...

Twenty-five thousand fans crowd a park in New York City to hear a popular rock group give an outdoor summer concert. In all the noise and fun nobody notices two men driving a pickup truck bearing official city markings around the periphery of the park. Mounted on the back of the truck, a fog machine sprays a steady stream of thin vapor into the air. The people in the park have just been exposed...

In this paper we present an idea of trusted communication platform for Multi-Agent Systems (MAS) called TrustMAS. Based on analysis of routing protocols suitable for MAS we have designed a new proactive hidden routing. Proposed steg-agents discovery procedure, as well as further routes updates and hidden communication, are cryptographically independent. Steganographic exchange can cover heterog...

This paper discusses a way to communicate without relying on fixed infrastructure at some central hub. This can be useful for bootstrapping loosely connected peer-topeer systems, as well as for circumventing egregious policy-based blocking (e.g., for censorship purposes). Our techniques leverage the caching and aging properties of DNS records to create a covert channel of sorts that can be used...

| An in-depth analysis of the 80x86 processor families identi es architectural properties that may have unexpected, and undesirable, results in secure computer systems. In addition, reported implementation errors in some processor versions render them undesirable for secure systems because of potential security and reliability problems. In this paper, we discuss the imbalance in scrutiny for ha...

This article presents a proof-of-concept illustrating the feasibility of creating a covert channel between a C&C server and a malware installed in an organization by exploiting an organization’s scanner and using it as a means of interaction. We take advantage of the light sensitivity of a flatbed scanner, using a light source to infiltrate data to an organization. We present an implementation ...