A cross-domain solution (CDS) is a system that provides the ability to access or transfer data between two networks having differing security domains. A CDS may be one-way only (from a low to a high domain or from a high to a low domain) or may be two-way. For a one-way CDS, highly engineered solutions, such as the Owl Computing Technologies Dual Diode, (described in U.S. Pat. No. 8,068,415, the disclosure of which is incorporated herein by reference) provide a direct point-to-point optical link between the two networks having differing security domains (with data transfer in either the low-to-high direction or in the low-to-high direction). The unidirectionality of the data transfer is enforced in the circuitry of the network interface cards at both network endpoints and in the cable interconnects. In this way, the hardware provides an added layer of assurance of unidirectional information flow and non-bypassable operation. In contrast to software based one-way data transfer systems, it is easy to prove that data is not bypassing the Dual Diode.
A one-way CDS system 100 is shown in block diagram form in FIG. 1. A first computing platform (node) 101 (“the Send Node”) is connected to a first network 104 in a first security domain (“the source network”) and a second computing platform (node) 102 (“the Receive Node”) is connected a second network 105 (“the destination network”). The Send Node 101 is connected to the Receive Node 102 by a one-way data link 103, which may be an optical link comprising, for example, a high-bandwidth optical fiber. This one-way optical data link 103 may be configured to operate as a unidirectional data gateway from the source network 104 to the destination network 105 by having its ends connected to an optical transmitter on the Send Node and to an optical receiver on the Receive Node. This configuration physically enforces one-way data transfer at both ends of the optical fiber connecting the Send Node 101 to the Receive Node 102, thereby creating a truly unidirectional one-way data link between the source network 104 and the destination network 105. Unlike the conventional firewalls, one-way data transfer systems based on a one-way data link are designed to transfer data or information only in one direction and it is physically impossible to transfer data or information of any kind in the reverse direction using that link. No information or data of any kind, including handshaking protocols such as those used in data transport protocols such as TCP/IP, SCSI, USB, Serial/Parallel Ports, etc., can travel in the reverse direction from the Receive Node back to the Send Node across the one-way data link. Such physically imposed unidirectionality in data flow cannot be hacked by a programmer, as is often done with firewalls. Accordingly, the one-way data transfer system based on a one-way data link ensures that data residing on the isolated secure computer or network is maximally protected from any undesired and unauthorized disclosure.
CDS systems like the one shown in FIG. 1 may include data filters to filter the data being transmitted across the link 103. Such filters may be included in either the send server 101 or the receive server 102, or in both the send server 101 and the receive server 102. Such filters constitute a software process which performs particular and predetermined processing of the data being transmitted, and may include both generic (e.g., antivirus) and custom (e.g., customer defined) portions. Since a CDS system typically includes a hardened operating system (e.g., based upon SELinux) in each server, the filters in conventional CDS systems are fixed at deployment of such systems and cannot be easily changed thereafter. In addition, a custom data filter may include information which is highly confidential and the customer developing such custom data filter may wish to limit distribution of such filter as much as possible—ideally such filter should be kept within the security domain the filter is designed to protect. This limited distribution is not possible, however, with conventional CDS systems in which all filters are included within the hardened system at deployment.
It is an object of the present invention to provide a configurable filter system for a cross-domain system which overcomes the problems of the prior art.