Abstract:
Flume system can not only provide security protection for processes in different security level transmit information, but also use explicit label mechanism for solving the problem of covert channel caused by the timeout when processes transmit information. And this problem cannot be figured out by other security systems based on DIFC that use implicit label mechanism. But the mechanism of label allocation system may also cause information leakage by a special covert channel when processes transmit information in Flume system. In this paper, a covert channel detection model (CCDM) is introduced by analyzing the reason of information leakage in Flume system. The problem of covert channel searching is abstracted as the problem of directed graph linking by CCDM. And two algorithms that can auto-search covert channel in Flume system are presented based on CCDM and the idea of backtracking algorithm. The results of experiment show that CCDM and the proposed algorithms not only can effectively detect covert channel in Flume system, but also provide the shortest path for processes to transmit information. Thus, the results of experiment can provide some guidance for improving system security.