Moskowitz, I. S. and M. H. Kang, "Covert Channels -- Here to Stay?" Proc. 
  COMPASS '94, Gaithersburg, MD, IEEE Press, IEEE Cat. 94CH3415-7, 
  ISBN 0-7803-1855-2, June, 1994, pp. 235-243.

<blockquote>
We discuss the difficulties of satisfying  high-assurance system
requirements without sacrificing  system capabilities.  To alleviate
this problem, we show how trade-offs can be made to reduce the threat
of covert channels.  We also clarify certain concepts in the theory of
covert channels.  Traditionally, a covert channel's vulnerability was
measured by the capacity. We show why a capacity analysis alone is not
sufficient to evaluate the vulnerability  and introduce a new metric
referred to as the ``small message criterion''.
</blockquote>