There has been an explosion in growth of computer networks as organizations realize the benefits of networking their personal computers and workstations. Increasingly, these networks are falling prey to malicious outsiders who hack into their network, reading and sometimes destroying sensitive information. Traditional guard products have been developed in software running on a commercial computer. The software that provides the information flow is usually an application that resides on a commercial operating system, such as UNIX or Windows. The traditional devices also rely on a relational database management system (RDBMS) to manage and store the data. Software complexity and reliance on the operating system have proven to diminish the performance of these approaches, thus essentially crippling any thorough security evaluation of the product. In addition, all data is mixed in the same processor when implemented in a single commercial computer.
Other systems using blind write-up or blind read-down techniques fail to provide assurance that data reaching a destination is not overwritten. The resolution to ensuring the reliability of the communications between a transmitter (transmitting network) and a receiver (receiving network) is to utilize acknowledgments by the receiver—however, providing such acknowledgments does not maintain the security of the network with higher trust. Communications between the networks is no longer a one-way data path as acknowledgments must flow from the network of higher trust to the network of lower trust—creating the potential to compromise data on the network with higher trust.
Simple store-and-forward machines can isolate the two networks, however many of the characteristics of trusted networks are relayed through the store-and-forward system, thus may compromise data through covert channels via response time, latency, buffer utilization, negative acknowledgment, etc.
To ensure correct operation of the operating system (OS) and RDBMS, a system administrator must be resourced to support the product to ensure that software inherent to the operation of the device is maintained. In addition, as an OS and RDBMS mature and progress through lifecycle evolution, the likelihood that a custom software application will continue to operate correctly is diminished.
A software implementation of a network security pump was described by Kang, Moore, and Moskowitz in their article Design and Assurance Strategy for the NRL Pump, IEEE Computer, April 1998. This software simulation, which provided some boundaries on the pump algorithm, uses “wrappers” or software that supports a variety of applications and differs from the hardware implementation of the invention described by the instant patent application.