Published in Lee, Y.-C., Bishop, S., Okhravi, H., & Rahimi, S. (2009). Information leakage detection in distributed systems using software agents. IEEE Symposium on Intelligent Agents, 2009. IA '09, 128-135. doi: 10.1109/IA.2009.4927510 ©2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.


Covert channel attacks utilize shared resources to indirectly transmit sensitive information to unauthorized parties. Current security mechanisms such as SELinux rely on tagging the filesystem with access control properties. However, such mechanisms do not provide strong protection against information laundering via covert channels. Colored Linux [20], an extension to SELinux, utilizes watermarking algorithms to “color” the contents of each file with their respective security classification to enhance resistance to information laundering attacks. In this paper, we propose a mobile agent-based approach to automate the process of detecting and coloring receptive hosts’ filesystems and monitoring the colored filesystem for instances of potential information leakage. Implementation details and execution results are included to illustrate the merits of the proposed approach.