This paper presents an information theory based detection framework for
covert channels. We first show that the usual notion of interference does not
characterize the notion of deliberate information flow of covert channels. We
then show that even an enhanced notion of "iterated multivalued interference"
can not capture flows with capacity lower than one bit of information per
channel use. We then characterize and compute the capacity of covert channels
that use control flows for a class of systems.Comment: In Proceedings SecCo 2010, arXiv:1102.516