There are a number of powerful techniques to make life difficult for programs that would receive information over covert channels. They have in common that a particular machine needs one central control point to manage these techniques. This is at odds with the normal capability disciplines of decentralizing security logic. Whereas you need not trust my factory logic to guard your secrets, the defense against covert channels must be centralized. The main reason for this is that the allocation facilities which support covert channels are themselves centralized for a machine.

The first technique I wish to mention here is to have a capability to instruct the CPU scheduler where ever it may be, to block operations of any program without clearance. For instance a program to play a DVD on your computer may need all of the tools of a covert channel, including access to the real time clock and a port to an external payment facility. If you need to confine the execution of some program it will be necessary to shut down the DVD during the execution. Even untrusted programs running in determinate environments are cleared.