An architecture for covert channel control in realtime networks and multiprocessors

The paper discusses a system architecture for controlling covert channels in multilevel real-time networks and multiprocessor systems. The concept is derived from a popular (non-secure) real-time architecture I refer to as a foreground/background system. I address the covert channel (confinement) problem in the real-time foreground. Covert channel control within this system architecture rests on two properties: (I) a fairly strong nondisclosure properly called “elastic separability”; (2) “systolic”, or phase-delayed timing of real-time system input-output with non-preemptive scheduling. The architecture is thus called a “systolic elastically separable” (SES) real-time network. SES networks satisfy a security property called “weak confinement”. Total security (called “strong confinement”) can be achieved in any SES real-time network by making simple timing adjustments at external interfaces