This Article 
 Bibliographic References 
 Add to: 
A Network Pump
May 1996 (vol. 22 no. 5)
pp. 329-338

Abstract—A designer of reliable multi-level secure (MLS) networks must consider covert channels and denial of service attacks in addition to traditional network performance measures such as throughput, fairness, and reliability. In this paper we show how to extend the NRL data Pump to a certain MLS network architecture in order to balance the requirements of congestion control, fairness, good performance, and reliability against those of minimal threats from covert channels and denial of service attacks. We back up our claims with simulation results.

[1] A. Bakre and B. Badrinath, "I-TCP: Indirect TCP for Mobile Hosts," 15th Int'l Conf. Distributed Computing Systems (ICDCS), May 1995.
[2] J.N. Froscher, D.M. Goldschlag, M.H. Kang, C.E. Landwehr, A. P. Moore, I.S. Moskowitz, and C.N. Payne, "Improving Inter-Enclave Information Flow for a Secure Strike Planning Application," Proc. 11th Computer Security Applications Conf., pp. 89-98,New Orleans, La., Dec. 1995.
[3] M. Gasser, Building a Secure Computer System. Van Nostrand Reinhold, 1988.
[4] M. Gerla and L. Kleinrock, "Flow Control: A Comparative Survey," IEEE Trans. Commun., vol. 28, no. 4, pp. 553-574, Apr. 1980.
[5] E.L. Hahne, "Round-Robin Scheduling for Max-Min Fairness in Data Networks," IEEE J. Select. Areas Commun., vol. 9, no. 7, pp. 1,024-1,039, Sept. 1991.
[6] M.H. Kang and I.S. Moskowitz, "A Pump for Rapid, Reliable, Secure Communication," Proc. ACM Conf. Computer&Commun. Security '93, pp. 119-129,Fairfax, Va., 1993.
[7] M.H. Kang and I.S. Moskowitz, "A Data Pump for Communication," Submitted for publication, also available as NRL Memo. Report 5540-95-7771, 1995. It is available for viewing at Web site (
[8] A. Law and W. Kelton, Simulation Modeling and Analysis,New York: McGraw-Hill, 1991.
[9] "ATM Knits Voice, Data on Any Net," IEEE Spectrum, Feb. 1994.
[10] B.W. Lampson, “A Note on the Confinement Problem,” Comm. ACM, vol. 16, no. 10, pp. 613–615, 1973.
[11] J.D. McLean, "A General Theory of Composition for a Class of 'Possibilistic' Properties," IEEE Trans. Software Engineering, vol. 22, no. 1, pp. 53-67, 1996.
[12] J.K. Millen, “Finite-State Noiseless Covert Channels,” Proc. Second Computer Security Foundations Workshop, pp. 81–86, 1989.
[13] A.R. Miller and I.S. Moskowitz, "Reduction of a Class of Fox-Wright Psi Functions for Certain Rational Parameters," Computers&Mathematics with Applications. vol. 30, no. 11, pp. 73-82, 1995.
[14] B.E. Montrose and M.H. Kang, "An Implementation of the Pump: Event Driven Pump," NRL Memo. Report 5540-95-7782, 1995.
[15] I.S. Moskowitz and A.R. Miller, “The Channel Capacity of a Certain Noisy Timing Channel,” IEEE Trans. Information Theory, vol. 38, no. 4, pp. 1,339–1,344, July 1992.
[16] I.S. Moskowitz and A.R. Miller, "Simple Timing Channels," Proc. 1994 IEEE Computer Society Symp. on Research in Security and Privacy, pp. 56-64,Oakland, Ca., 1994.
[17] I.S. Moskowitz and M.H. Kang, "Discussion of a Statistical Channel," Proc. IEEE-IMS Workshop on Information Theory and Statistics, p. 95,Alexandria, Va., 1994.
[18] I.S. Moskowitz and M.H. Kang, “Covert Channels—Here to Stay?” Proc. Ninth Ann. Conf. Safety, Reliability, Fault Tolerance, Concurrency, and Real Time Security (COMPASS '94), pp. 235–243, 1994.
[19] I.S. Moskowitz and M.H. Kang, "The Modulated-Input Modulated-Output model," Proc. IFIP WG 11.3 Working Conf. On Database Security, Rensselaerville, N.Y., Aug. 1995.
[20] B. Mukherjee and S. Banerjee, "Alternative Strategies for Improving the Fairness in an Analytical Model of DQDB Networks," Proc. IEEE INFOCOM '91, pp. 879-888, 1991.
[21] R.M. Needham, "Denial Of Service: An Example," Comm. ACM, vol. 37, no. 11, pp. 42-46, 1994.
[22] J.J. Parsonese, "The Basics in Networking the Data Pump," Working paper.
[23] C. Shannon and W. Weaver, The Mathematical Theory of Communication. Univ. of Illinois Press, 1949. Also appeared as a series of papers by Shannon in the Bell System Technical Journal, July 1948, Oct. 1948 ("A Mathematical Theory of Communication"), Jan. 1949 ("Communication in the Presence of Noise").
[24] J. Wray, “An Analysis of Covert Timing Channels,” Proc. IEEE Symp. Security and Privacy, pp. 2–7, 1991.
[25] H. Xu and B. Bhargava, "Reliable Stream Transmission in Mobile Computing Environments," Technical Report CSD 95-002, Computer Science, Purdue Univ., 1995.

Index Terms:
Covert channel, flow control, gateway, information theory, router, security.
Myong H. Kang, Ira S. Moskowitz, Daniel C. Lee, "A Network Pump," IEEE Transactions on Software Engineering, vol. 22, no. 5, pp. 329-338, May 1996, doi:10.1109/32.502225
Usage of this product signifies your acceptance of the Terms of Use.