The present embodiments relate to a data storage device for protected data exchange between different security zones including at least one storage unit, a data validation unit, and an access control unit.
In special areas, such as communication by authorities, in which high security requirements apply and which involve a security classification of documents and information, cross-domain solutions that realize an automated and secure exchange of documents and messages (e.g., emails) between security zones with different degrees of security are known.
For the coupling of industrial control networks to an office network, the public Internet or other control networks, conventional firewalls that filter the data communication have been used heretofore. In this case, a data communication is permitted or blocked depending on the address of the communication partners and the communication protocol used. It is customary to route a network connection via an application proxy server that terminates the TCP connection.
In WO 2012/170485, a cross-domain security solution is realized based on a virtualization solution in which a virtual machine controls the information transfer between two information domains with different security levels. Such a system includes a computer device with a monitoring unit for virtual machines (VMM), which controls a first virtual machine for a first information domain, a second virtual machine for a second information domain, and a virtual machine for a cross-domain solution. The virtual machine for the cross-domain solution controls the information exchange between the first and second information domains or the corresponding virtual machines.
For data exchange between an office network or a service apparatus and a control network or a control apparatus (e.g., for distributing new programs or instructions), complex solutions with an interposed firewall or virtualization solution are impracticable, particularly if data is intended to be exchanged across different security zones via many distributed interfaces.