I. Introduction
Cyber attacks, that exploit malicious insiders and exfiltrate secret information, are a growing concern for computer users. Covert channels are one such class of insider threats, where a trojan process, that has access to sensitive user-related information (e.g., user's personal data), secretly exfiltrates the data to a spy process even when the underlying system security policy explicitly prohibits any such communication [1]. Also, note that the trojan cannot directly reveal secrets to the outside world (since system security auditors can be easily catch such activity), and has to rely on covert modes of operation to exfiltrate secrets to the spy. In contrast to side channels where a victim process unwittingly exposes sensitive application profile to the spy monitoring its activity, covert channels work by intentional collusion between two malicious processes, namely the trojan and spy.