In many processing and communication environments, different data domains may be subject to different security requirements and/or required levels of information assurance. For example, a first communication network or information domain may be used to communicate highly secret or confidential information. There may be strict security requirements associated with the processing or communicating the data associated with such a heightened security domain. Examples of domains or networks that may be require robust security conditions may include networks that processes classified, secret, and/or top secret data. In order to protect the sensitive data utilized in such networks, typically the data is isolated and/or prevented from egressing from the secure network unless the sensitive data is encrypted prior to network egress. For some sensitive data, egress from the secure network may not be allowed at all.
Other networks, such as the Internet, may not be subject to such heightened security requirements. Often these networks may be used to communicate data between other networks with heightened security requirements. In order to communicate secure data across such an unsecure network, the data is often encrypted prior to entering the unsecure network and decrypted by an authorized user upon receipt in target secure network. Such encryption techniques can prevent the unauthorized access of secure data during transmission over an unsecure network.
Data within a secure network may be of varying levels importance and thus may be subject to different security requirements. For example, some data within a secure network may be highly sensitive and subject to requirements that this highly sensitive data not be permitted outside of the secure network. Other data within the secure network may be less sensitive, and disclosure of the data outside the secure network may be permitted. In order to allow some data to pass outside the secure network into a relatively less secure network, cross-domain solutions (CDSs) are used as a mechanism to access or transfer information between two or more differing security domains.
CDSs may be software and/or hardware based modules that are configured to process or filters data exiting or entering a given domain or system at a network or radio interface. For example, CDSs may be configured to inspect and/or modify the data passing from one domain to another in order to enforce security rules regarding what data can or cannot be allowed to pass to or from the network or radio interface. The majority of CDSs today are implemented in software within a trusted operating system running on a general purpose processor such as the Intel x86 or the PowerPC. However, existing CDSs often suffer from being unable to achieve throughputs greater than 10 Gigabits per second (Gb/sec) and likely will have difficulty scaling to upcoming 100 Gb/sec data rates. Additionally, existing CDSs have latencies typically on the order of milliseconds, while upcoming real-time applications are expected to have latency on the order of 10 s of microseconds (μs).