A cross-domain solution (CDS) is a system that provides the ability to access or transfer data between two networks having differing security domains. A CDS may be one-way only (from a low to a high domain or from a high to a low domain) or may be two-way. For a one-way CDS, highly engineered solutions, such as the Owl Computing Technologies® Dual Diode, provide a direct point-to-point optical link between the two networks having differing security domains (with data transfer in either the low-to-high direction or in the low-to-high direction). The unidirectionality of the data transfer is enforced in the circuitry of the network interface cards at both network endpoints and in the cable interconnects. In this way, the hardware provides an added layer of assurance of unidirectional information flow and non-bypassable operation. In contrast to software based one-way data transfer systems, it is easy to prove that data is not bypassing the Dual Diode. CDS systems may include data filters to filter the data being transmitted across the one-way data link. Such filters constitute a software process which performs particular and predetermined processing of the data being transmitted, and may include both generic (e.g., antivirus) and custom (e.g., customer defined) portions.
Since a CDS system typically includes a hardened operating system (e.g., based upon SELinux), the filters in conventional CDS systems are fixed at deployment and cannot be easily changed thereafter. In addition, a custom data filter may include information which is highly confidential and the customer developing such custom data filter may wish to limit distribution of such filter as much as possible—ideally such filter should be kept within the security domain the filter is designed to protect. This limited distribution is not possible, however, with conventional CDS systems in which all filters are included within the hardened system at deployment.
Accordingly, there is a need for a dynamically configurable filter system for a cross-domain system.