Such filtering modules are in particular part of systems having an architecture comprising modules with distinct sensitivity levels and a cryptographic module. Cryptographic equipment, such as encryptors, is in particular found in such systems.
These distinct sensitivity level domains are for example called red module and black module. The red module for example processes and stores sensitive information, called red information, in clear. The black module for example processes and stores information that is less sensitive than the red information. This less sensitive information, called black information, is either information in clear, which is intrinsically less sensitive than the red information, or encrypted red information, which is intrinsically sensitive but desensitized by encryption.
The red module furthermore processes and includes black information.
Typically, the information that is not identifiable as red information or black information is considered to be red information by default, within the red module.
Typically, the information that is not identifiable as red information or black information is considered to be black information by default, within the black module.
The cryptographic module implements the cryptographic functions necessary for the encryption of the red information. It is situated in an interruption between the red and black modules. The cryptographic systems also comprise two external interfaces: a first interface or user interface or private network interface, connected to the red module, and a second interface or wired or wireless public network interface, connected to the black module.
The cryptographic system in particular comprises a “cipher” mode specific to the processing of sensitive information.
In the “cipher” mode:                the red information, entering on the user interface, is encrypted by the cryptographic block and leaves blackened on the wired or wireless public network interface of the black module.        the black information entering the wired or wireless public network interface is decrypted by the cryptographic block and leaves, in clear, on the user interface of the red module.        
The filtering module is also positioned between the red module and the black module.
The filtering module applies a security policy, which defines all of the black information allowed to pass through it, from the red module toward the black module, and from the black module toward the red module.
For example, the black information, processed by the red module and intended for the black module, is sent in clear via the filtering module. The latter guarantees that only the black information is sent to the black module. The red information is blocked by the filtering module, thereby decreasing the risk of that information being compromised on the wired or wireless network.
The behavior of such a filtering module is most often frozen in time, since it is installed in the form of hardware and/or in the form of a dedicated software program. It is therefore difficult and expensive to modify and adapt the behavior of the filtering module. The process for manufacturing new filtering modules is also difficult and expensive.
Furthermore, the filtering module is called upon directly by the applications of the red module (the black module, respectively), and as a result, the security policy actually applied is not explicit, but is implicitly defined by the invocations of the filter done by the applications of the red module (black module, respectively).