Abstract : This note presents an overview of some abstract concepts regarding covert channels. It discusses primary means of synchronization and illicit interference between subjects in a multilevel computing environment, and it describes a detailed laboratory exercise utilizing these abstractions. In a multilevel computing environment, a security policy is enforced which requires that low-sensitivity subjects (e.g., a process or task) should not observe high-sensitivity information (e.g., data, code, or activities of high-sensitivity subjects). The most intuitive interpretation of such a policy is a confidentiality policy, in which for example, subjects with a low clearance are not allowed access to highly classified data1. A multilevel system may enforce such a policy on all subjects under its control and all of the objects that it exports to those subjects (viz., objects to which an explicit reference is possible via a system interface). Such an enforcement mechanism is said to enforce mandatory access control (MAC) with respect to the exported objects. Despite the successful enforcement of MAC, a covert channel exists in such a system when information can be passed from a high sensitivity sender subject to a low sensitivity receiver subject via an internal object (i.e., one that is not an exported object). This reflects a processing model in which all interactions between subjects occur through objects of some type, such as buffers, messages, registers and files. Covert channels are normally conceived as a medium for a series of transmissions from high to low. Thus, for each transmission, the receiver has to know when to read. This is done through a synchronization mechanism. There also needs to be something the internal object that the sender can modify and the receiver can observe: this forms the interference mechanism of the channel, as shown in the Figure 1.