The rapid transition to cloud-based infrastructures has introduced a number of uncharted risks, threats, and challenges that are faced by security experts. In particular, concerns surrounding the confidentiality of information in cloud-based systems and the existence of covert communication channels ought to be addressed. In this paper, we outline a schema for certifying covert channel freeness in cloud-based systems. The proposed schema provides an application of the formal foundation laid out in our previous work and is based on a strategy derived from the necessity and formal verification of the conditions for covert channel existence in cloud-based systems specified using the mathematical framework of Communicating Concurrent Kleene Algebra (C2KA). We also discuss how the proposed schema can be used for identifying ways in which an analyst may amend, modify, or redesign a system in order to make it more resilient to covert channels, and to potentially certify it to be free from covert channels on the basis of the non-existence of the potential for communication amongst its agents.
Jaskolka, J., & Khedri, R. (2015). Towards the certification of covert channel freeness in cloud-based systems. In Procedia Computer Science (Vol. 52, pp. 318–325). Elsevier B.V. https://doi.org/10.1016/j.procs.2015.05.100