A cross-domain solution (CDS) is a system that provides the ability to access or transfer data between two networks having differing security domains. A CDS may be one-way only (from a low to a high domain or from a high to a low domain) or may be two-way. For a one-way CDS, highly engineered solutions, such as the Owl Computing Technologies® Dual Diode, provide a direct point-to-point optical link between the two networks having differing security domains (with data transfer in either the low-to-high direction or in the low-to-high direction).
A hardware-based one-way CDS typically requires two server computers, one coupled to one of the networks and another coupled to the other of the networks. Such a system is shown in FIG. 2 of U.S. Pat. No. 8,139,581 B1 which issued on Mar. 20, 2012 to Mraz et al. (“the '581 patent”). The '581 patent is incorporated by reference in its entirety herein. As described in the '581 patent, IP information is stripped from the packets to be transmitted in the send node prior to transmission of such packets across the one-way data link to the receive node which then forwards the received packets to a destination according to a stored channel number table and based upon a channel number added to such packets at the send node. This provides a complete IP protocol break between the two networks, ensuring that there is no possibility of security breach through software attack.
A hardware-based two-way CDS typically requires four server computers, as shown for example in FIG. 3 of U.S. Pat. No. 8,898,227 B1 which issued on Nov. 25, 2014 to Mraz et al. (“the '227 patent”). The '227 patent is also incorporated by reference in its entirety herein. Two of the server computers are used for communications in one direction, and the other two server computers are used for communications in a second direction opposite to the first direction. The system shown in FIG. 3 of the '227 patent implements a Network File System (NFS) across a security boundary, allowing a user at a client on a first network to access information on a server computer on a second network, even when the first network is at a different security level than the second network.
A drawback to such systems is the need for multiple server computers and for specialized transmit/receive card sets for implementing the one-way data link, adding cost, reliability issues and overhead expense (e.g., additional maintenance requirements) to the implementation of one-way and two-way CDS systems.
Accordingly, there is a need for secure one-way and two-way CDS systems which can run on a single server computer.