{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,3,30]],"date-time":"2022-03-30T00:19:15Z","timestamp":1648599555298},"reference-count":55,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2015,7,9]],"date-time":"2015-07-09T00:00:00Z","timestamp":1436400000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Ambient Intell Human Comput"],"published-print":{"date-parts":[[2015,8]]},"DOI":"10.1007\/s12652-015-0289-4","type":"journal-article","created":{"date-parts":[[2015,7,8]],"date-time":"2015-07-08T04:18:12Z","timestamp":1436329092000},"page":"425-451","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Investigative support for information confidentiality"],"prefix":"10.1007","volume":"6","author":[{"given":"Jason","family":"Jaskolka","sequence":"first","affiliation":[]},{"given":"Ridha","family":"Khedri","sequence":"additional","affiliation":[]},{"given":"Khair Eddin","family":"Sabri","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,7,9]]},"reference":[{"issue":"1","key":"289_CR1","doi-asserted-by":"crossref","first-page":"56","DOI":"10.1145\/357084.357088","volume":"2","author":"GR Andrews","year":"1980","unstructured":"Andrews GR, Reitman RP (1980) An axiomatic approach to information flow in programs. ACM Trans Program Lang Syst 2(1):56\u201376","journal-title":"ACM Trans Program Lang Syst"},{"issue":"4","key":"289_CR2","doi-asserted-by":"crossref","first-page":"331","DOI":"10.1080\/0161-119091865002","volume":"14","author":"CA Deavours","year":"1990","unstructured":"Deavours CA, Kruh L (1990) The turing bombe: was it enough? Cryptologia 14(4):331\u2013349","journal-title":"Cryptologia"},{"key":"289_CR5","unstructured":"Emulex Corporation (2013) EndaceProbe INR specifications. http:\/\/www.emulex.com\/products\/network-visibility-products-and-services\/endaceprobe-intelligent-network-recorders\/specifications\/ . Accessed 23 May 2014"},{"key":"289_CR6","doi-asserted-by":"crossref","unstructured":"Goguen JA, Meseguer J (1982) Security policies and security models. In: Proceedings of the 1982 symposium on security and privacy, New York, pp 11\u201320","DOI":"10.1109\/SP.1982.10014"},{"key":"289_CR7","unstructured":"Gray III JW (2000) Countermeasures and tradeoffs for a class of covert timing channels. Technical Report HKUST-CS94-18, Hong Kong University of Science and Technology"},{"key":"289_CR8","doi-asserted-by":"crossref","unstructured":"Grusho A, Kniazev A, Timonina E (2005) Detection of illegal information flow. In: Gorodetsky V, Kotenko I, Skormin V (eds) Proceedings of the 3rd international workshop on mathematical methods, models, and architectures for computer networked security, vol 3685. Lecture notes in computer science. Springer, Berlin, Heidelberg, pp 235\u2013244","DOI":"10.1007\/11560326_18"},{"key":"289_CR9","doi-asserted-by":"crossref","unstructured":"Handel TG, Sandford II MT (1996) Hiding data in the OSI network model. In: Proceedings of the first international workshop on information hiding, vol 1174, Lecture notes in computer science. Springer, London, pp 23\u201338","DOI":"10.1007\/3-540-61996-8_29"},{"key":"289_CR10","unstructured":"Heins R (2011) Indexing full packet capture data with flow. In: Proceedings of FloCon 2011"},{"key":"289_CR11","unstructured":"H\u00e9lou\u00ebt L, Roumy A (2010) Covert channel detection using information theory. In: Chatzikokolakis K, Cortier V (eds) Proceedings of 8th international workshop on security issues in concurrency, SecCo 2010, August 2010, pp 34\u201351"},{"key":"289_CR12","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1016\/j.entcs.2004.07.010","volume":"119","author":"L H\u00e9lou\u00ebt","year":"2005","unstructured":"H\u00e9lou\u00ebt L, Zeitoun M, Degorre A (2005) Scenarios and covert channels: another game. Electron Notes Theor Comput Sci 119:93\u2013116","journal-title":"Electron Notes Theor Comput Sci"},{"key":"289_CR13","unstructured":"H\u00e9lou\u00ebt L, Zeitoun M, Jard C (2003) Covert channels detection in protocols using scenarios. In: Proceedings of security protocols verification, SPV\u201903, pp 21\u201325"},{"issue":"10","key":"289_CR14","doi-asserted-by":"crossref","first-page":"576","DOI":"10.1145\/363235.363259","volume":"12","author":"CAR Hoare","year":"1969","unstructured":"Hoare CAR (1969) An axiomatic basis for computer programming. Commun ACM 12(10):576\u2013580","journal-title":"Commun ACM"},{"key":"289_CR15","doi-asserted-by":"crossref","unstructured":"Janssen G (2003) A consumer report on BDD packages. In: Proceedings of the 16th symposium on integrated circuits and systems design, SBCCI 2003, September 2003. IEEE Computer Society, Washington, pp 217\u2013222","DOI":"10.1109\/SBCCI.2003.1232832"},{"key":"289_CR16","doi-asserted-by":"crossref","unstructured":"Jaskolka J, Khedri R (2011) Exploring covert channels. In: Proceedings of the 44th Hawaii international conference on system sciences, HICSS-44, Koloa, Kauai, HI, USA, January 2011, pp 1\u201310","DOI":"10.1109\/HICSS.2011.201"},{"key":"289_CR17","unstructured":"Jaskolka J, Khedri R, Sabri KE (2011) Information leakage via protocol-based covert channels: detection, automation, and applications. Technical Report CAS-11-05-RK, McMaster University, Hamilton, ON, Canada, August 2011. http:\/\/www.cas.mcmaster.ca\/cas\/0template1.php?601 . Accessed 23 May 2014"},{"key":"289_CR18","doi-asserted-by":"crossref","unstructured":"Jaskolka J, Khedri R, Sabri KE (2014a) Investigative support for information confidentiality part I: Detecting confidential information leakage via protocol-based covert channels. In: Proceedings of the 9th international conference on future networks and communications, procedia computer science, FNC 2014 and MobiSPC 2014, Niagara Falls, ON, Canada, vol 34, pp 276\u2013285","DOI":"10.1016\/j.procs.2014.07.023"},{"key":"289_CR19","doi-asserted-by":"crossref","unstructured":"Jaskolka J, Khedri R, Sabri KE (2014b) Investigative support for information confidentiality part II: Applications in cryptanalysis and digital forensics. In: Proceedings of the 9th international conference on future networks and communications, procedia computer science, FNC 2014 and MobiSPC 2014, Niagara Falls, ON, Canada, August 2014, vol 34, pp 266\u2013275","DOI":"10.1016\/j.procs.2014.07.022"},{"key":"289_CR20","doi-asserted-by":"crossref","unstructured":"Ji L, Jiang W, Dai B, Niu X (2009) A novel covert channel based on length of messages. In: Proceedings of the 2009 international symposium on information engineering and electronic commerce, IEEC 2009, Piscataway, NJ, USA, pp 551\u2013554","DOI":"10.1109\/IEEC.2009.122"},{"key":"289_CR21","doi-asserted-by":"crossref","unstructured":"Kang MH, Moskowitz IS (1993) A pump for rapid, reliable, secure communication. In: Proceedings of the 1st ACM conference on computer and communications security, Fairfax, VA, USA, pp 119\u2013129","DOI":"10.1145\/168588.168604"},{"issue":"3","key":"289_CR22","doi-asserted-by":"crossref","first-page":"256","DOI":"10.1145\/357369.357374","volume":"1","author":"RA Kemmerer","year":"1983","unstructured":"Kemmerer RA (1983) Shared resource matrix methodology: an approach to identifying storage and timing channels. ACM Trans Comput Syst 1(3):256\u2013277","journal-title":"ACM Trans Comput Syst"},{"issue":"2","key":"289_CR23","doi-asserted-by":"crossref","first-page":"173","DOI":"10.1007\/s12652-013-0177-8","volume":"5","author":"S Kiyomoto","year":"2014","unstructured":"Kiyomoto S, Fukushima K, Miyake Y (2014) Security issues on IT systems during disasters: a survey. J Ambient Intell Hum Comput 5(2):173\u2013185","journal-title":"J Ambient Intell Hum Comput"},{"issue":"10","key":"289_CR24","doi-asserted-by":"crossref","first-page":"613","DOI":"10.1145\/362375.362389","volume":"16","author":"BW Lampson","year":"1973","unstructured":"Lampson BW (1973) A note on the confinement problem. Commun ACM 16(10):613\u2013615","journal-title":"Commun ACM"},{"key":"289_CR25","doi-asserted-by":"crossref","unstructured":"Lanotte R, Maggiolo-Schettini A, Tini S, Troina A, Tronci E (2004) Automatic covert channel analysis of a multilevel secure component. In: Lopez J, Qing S, Okamoto E (eds) Proceedings of the 6th international conference on information and communications security, vol 3269. Lecture notes in computer science, Springer, Berlin, Heidelberg, pp 249\u2013261","DOI":"10.1007\/978-3-540-30191-2_20"},{"issue":"2","key":"289_CR26","doi-asserted-by":"crossref","first-page":"557","DOI":"10.1016\/j.sigpro.2009.07.022","volume":"90","author":"I Lee","year":"2010","unstructured":"Lee I, Tsai W (2010) A new approach to covert communication via PDF files. Signal Proces 90(2):557\u2013565","journal-title":"Signal Proces"},{"issue":"1","key":"289_CR27","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1109\/TIFS.2006.890310","volume":"2","author":"TY Liu","year":"2007","unstructured":"Liu TY, Tsai WH (2007) A new steganographic method for data hiding in Microsoft Word documents by a change tracking technique. IEEE Trans Inf Forens Secur 2(1):24\u201330","journal-title":"IEEE Trans Inf Forens Secur"},{"key":"289_CR28","doi-asserted-by":"crossref","unstructured":"Lowe G (2002) Quantifying information flow. In: Proceedings of the 15th IEEE computer security foundations workshop, CSFW-15. IEEE Computer Society, Los Alamitos, pp 18\u201331","DOI":"10.1109\/CSFW.2002.1021804"},{"issue":"7","key":"289_CR29","doi-asserted-by":"crossref","first-page":"3162","DOI":"10.1109\/18.737549","volume":"44","author":"IS Moskowitz","year":"1998","unstructured":"Moskowitz IS, Greenwald SJ, Kang MH (1998) An analysis of the timed Z-channel. IEEE Trans Inf Theory 44(7):3162\u20133168","journal-title":"IEEE Trans Inf Theory"},{"key":"289_CR30","doi-asserted-by":"crossref","unstructured":"Nagatou N, Watanabe T (2006) Run-time detection of covert channels. In: Proceedings of the 1st international conference on availability, reliability and security, ARES 2006. IEEE Computer Society, Vienna, pp 577\u2013584","DOI":"10.1109\/ARES.2006.114"},{"key":"289_CR32","volume-title":"Principles of distributed database systems","author":"M \u00d6zsu","year":"2011","unstructured":"\u00d6zsu M, Valduriez P (2011) Principles of distributed database systems, 3rd edn. Springer, New York","edition":"3"},{"key":"289_CR33","unstructured":"Ponemon Institute (2014) 2014 cost of data breach study: global analysis. Ponemon Institute Research report, May 2014"},{"key":"289_CR34","doi-asserted-by":"crossref","unstructured":"Porras PA, Kemmerer RA (1991) Covert flow trees: A technique for identifying and analyzing covert storage channels. In: Proceedings of the 1991 IEEE Computer Society symposium on research in security and privacy. IEEE Computer Society, Los Alamitos, pp 36\u201351","DOI":"10.1109\/RISP.1991.130770"},{"key":"289_CR35","unstructured":"Ravi N, Gruteser M, Iftode L (2006) Non-inference: an information flow control model for location-based services. In: Proceedings of the 3rd international conference on mobile and ubiquitous systems, Piscataway, NJ, USA, pp 206\u2013215"},{"key":"289_CR36","unstructured":"Rowlingson R (2004) A ten step process for forensic readiness. Int J Digit Evid 2(3):Winter"},{"key":"289_CR37","doi-asserted-by":"crossref","unstructured":"Ryan P, McLean J, Millen J, Gligor V (2001) Non-interference: who needs it? In: Proceedings of the 14th IEEE workshop on computer security foundation. IEEE Computer Society, Washington, DC, pp 237\u2013238","DOI":"10.1109\/CSFW.2001.930149"},{"key":"289_CR38","doi-asserted-by":"crossref","unstructured":"Sabri KE, Khedri R, Jaskolka J (2009) Verification of information flow in agent-based systems. In: Babin G, Kropf P, Weiss M (eds) Proceedings of the 4th international MCETECH conference on e-technologies, vol 26. Lecture notes in business information processing. Springer, Berlin, Heidelberg, pp 252\u2013266","DOI":"10.1007\/978-3-642-01187-0_22"},{"key":"289_CR39","doi-asserted-by":"crossref","unstructured":"Schmidt G, Str\u00f6hlein T (1993) Relations and graphs: discrete mathematics for computer science. EATCS monographs on theoretical computer science. Springer","DOI":"10.1007\/978-3-642-77968-8"},{"key":"289_CR40","unstructured":"Scott C (2007) Network covert channels: Review of current state and analysis of viability of the use of X.509 certificates for covert communications. Technical report RHUL-MA-2008-11, Royal Holloway, University of London, January 2007"},{"key":"289_CR41","doi-asserted-by":"crossref","unstructured":"Sengar H, Wang H, Iranmanesh SA (2014) Wiretap-proof: What they hear is not what you speak, and what you speak they do not hear. In: Proceedings of the 4th ACM conference on data and application security and privacy, CODASPY \u201914. ACM, pp 345\u2013356","DOI":"10.1145\/2557547.2557567"},{"issue":"1","key":"289_CR42","first-page":"91","volume":"15","author":"S Shieh","year":"1999","unstructured":"Shieh S, Chen ALP (1999) Estimating and measuring covert channel bandwidth in multilevel secure operating systems. J Inf Sci Eng 15(1):91\u2013106","journal-title":"J Inf Sci Eng"},{"key":"289_CR43","unstructured":"Smeets M, Koot M (2006) Research report: covert channels. Master\u2019s thesis, University of Amsterdam, Amsterdam, Netherlands, February 2006"},{"key":"289_CR44","doi-asserted-by":"crossref","unstructured":"Sohn T, Seo J, Moon J (2003) A study on the covert channel detection of TCP\/IP header using support vector machine. In: Qing S, Gollmann D, Zhou J (eds) Information and communications security, vol 2836. Lecture notes in computer science. Springer, Berlin, Heidelberg, pp 313\u2013324","DOI":"10.1007\/978-3-540-39927-8_29"},{"key":"289_CR45","doi-asserted-by":"crossref","unstructured":"Srinivasan S (2006) Security and privacy in the computer forensics context. In: Proceedings of the 2006 international conference on communication technology, November 2006. IEEE Computer Society, Piscataway, pp 1\u20133","DOI":"10.1109\/ICCT.2006.341936"},{"key":"289_CR46","doi-asserted-by":"crossref","unstructured":"Tumoian E, Anikeev M (2005) Network based detection of passive covert channels in TCP\/IP. In: Proceedings of the 30th IEEE conference on local computer networks, Sydney, Australia, pp 802\u2013807","DOI":"10.1109\/LCN.2005.92"},{"key":"289_CR47","volume-title":"The essential turing: seminal writings in computing, logic, philosophy, artificial intelligence, and artificial life, plus the secrets of enigma","author":"A Turing","year":"2004","unstructured":"Turing A (2004) The essential turing: seminal writings in computing, logic, philosophy, artificial intelligence, and artificial life, plus the secrets of enigma. Oxford University Press Inc., New York"},{"key":"289_CR3","unstructured":"U.S.A. Department of Defense (1985) Trusted computer system evaluation criteria (TCSEC). Number DoD 5200.28-STD in Defense Department Rainbow Series (Orange Book). Department of Defense\/National Computer Security Center, Fort George G. Meade, MD, USA, December 1985"},{"key":"289_CR31","unstructured":"U.S.A. National Computer Security Center (1993) A guide to understanding covert channel analysis of trusted systems. Number NCSC-TG-030 in NSA\/NCSC Rainbow Series (Light Pink Book). National Security Agency\/National Computer Security Center, Fort George G. Meade, MD, USA, November 1993"},{"key":"289_CR4","unstructured":"U.S.A. Department of Homeland Security (2009) A roadmap for cybersecurity research. Department of Homeland Security Science and Technology Directorate, Washington, DC, USA, November 2009"},{"key":"289_CR48","doi-asserted-by":"crossref","unstructured":"Volpano D, Smith G (1997) Eliminating covert flows with minimum typings. In: Proceedings of the 10th computer security foundations workshop, Los Alamitos, CA, USA, pp 156\u2013168","DOI":"10.1109\/CSFW.1997.596807"},{"issue":"1","key":"289_CR49","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1142\/S0219876207001102","volume":"4","author":"M Wallace","year":"2007","unstructured":"Wallace M, Kollias S (2007) Two algorithms for fast incremental transitive closure of sparse fuzzy binary relations. Int J Comput Methods 4(1):1\u201313","journal-title":"Int J Comput Methods"},{"issue":"4","key":"289_CR50","doi-asserted-by":"crossref","first-page":"601","DOI":"10.1007\/s12652-013-0212-9","volume":"5","author":"Z Wei","year":"2014","unstructured":"Wei Z, Zhao B, Liu B, Su J, Xu L, Xu E (2014) A novel steganography approach for voice over IP. J Ambient Intell Hum Comput 5(4):601\u2013610","journal-title":"J Ambient Intell Hum Comput"},{"key":"289_CR51","unstructured":"Weierud F (1998) The ENIGMA message. Spooks Newsletter. Fourth Edition of the N&O column. http:\/\/www.cvni.net\/radio\/nsnl\/nsnl004\/nsnl4msg.html . Accessed 28 November 2011"},{"key":"289_CR52","unstructured":"Williams C (2010) Russian spy ring bust uncovers tech toolkit. The Register, June 2010"},{"key":"289_CR53","unstructured":"Wireshark Foundation (2011) Wireshark. http:\/\/www.wireshark.org\/ . Accessed 28 November 2011"},{"issue":"12","key":"289_CR54","doi-asserted-by":"crossref","first-page":"136","DOI":"10.1109\/MCOM.2007.4395378","volume":"45","author":"S Zander","year":"2007","unstructured":"Zander S, Armitage G, Branch P (2007) Covert channels and countermeasures in computer network protocols. IEEE Commun Mag 45(12):136\u2013142","journal-title":"IEEE Commun Mag"},{"key":"289_CR55","doi-asserted-by":"crossref","unstructured":"Zou X, Li Q, Sun S, Niu X (2005) The research on information hiding based on command sequence of FTP protocol. In: Khosla R, Howlett R, Jain L (eds) Proceedings of the 9th international conference on knowledge-based intelligent information and engineering systems, vol 3683. Lecture notes in computer science. Springer, Berlin, Heidelberg, pp 1079\u20131085","DOI":"10.1007\/11553939_151"}],"container-title":["Journal of Ambient Intelligence and Humanized Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s12652-015-0289-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s12652-015-0289-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s12652-015-0289-4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,27]],"date-time":"2019-08-27T22:40:15Z","timestamp":1566945615000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s12652-015-0289-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,7,9]]},"references-count":55,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2015,8]]}},"alternative-id":["289"],"URL":"https:\/\/doi.org\/10.1007\/s12652-015-0289-4","relation":{},"ISSN":["1868-5137","1868-5145"],"issn-type":[{"value":"1868-5137","type":"print"},{"value":"1868-5145","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,7,9]]}}}