*** Welcome to piglix ***

Cross-domain solution


A cross-domain solution (CDS) is a means of information assurance that provides the ability to manually or automatically access or transfer information between two or more differing security domains. They are integrated systems of hardware and software that enable transfer of information among incompatible security domains or levels of classification. Modern military, intelligence, and law enforcement operations critically depend on timely sharing of information. CDS is distinct from the more rigorous approaches, because it supports transfer that would otherwise be precluded by established models of computer, network, and data security, e.g., Bell–LaPadula model and Clark–Wilson model. CDS development, assessment, and deployment are based on risk management.

The goal of a CDS is to allow an isolated critical network to exchange information with others, without introducing the security threat that normally comes from network connectivity.

The three primary elements demanded from cross domain solutions are:

The acceptance criteria for information transfer across domains may be simple (e.g.antivirus scanning before transfer from low to high security domains) or complex (e.g. multiple human reviewers must examine and approve a document before release from a high security domain). One-way data transfer systems (one-way traffic systems, data diodes), are often used to move information from low security domains to secret enclaves while assuring that information cannot escape. Cross-domain solutions often include a High Assurance Guard.

In previous decades, multilevel security (MLS) technologies were developed and implemented that enabled objective and deterministic security, but left little wiggle room for subjective and discretionary interpretation. These enforced mandatory access control (MAC) with near certainty. This rigidity prevented simpler solutions that would seem acceptable on the surface.Automated information systems have enabled extensive information sharing that is sometimes contrary to the need to avoid sharing secrets with adversaries. The need for information sharing has led to the need to depart from the rigidity of MAC in favor of balancing need to protect with need to share. When the ‘balance’ is decided at the discretion of users, the access control is called discretionary access control (DAC) that is more tolerant of actions that manage risk where MAC requires risk avoidance. Allowing users and systems to manage the risk of sharing information is in some way contrary to the original motivation for MAC.


...
Wikipedia

...