Protection of computer or data networks from undesired and unauthorized data disclosure, interception or alteration has been a perennial concern in the field of computer and network security, for which firewalls and anti-spyware software have been developed to address security threats to computers and networks connected to the Internet and to protect them from possible cyber-attacks, such as Trojan horse-type viruses or worms that may trigger undesired and unauthorized data disclosure by these computers and networks. However, for high security computer networks, such as those used by government agencies, intelligence communities, and certain commercial applications, conventional network security devices such as firewalls may not provide sufficiently reliable protection from undesired disclosure.
A high level of network security can be attained through the use of one-way data links, which isolate secure networks from security breaches (i.e., undesired and unauthorized data flow out of the secure network) while still allowing data from a low security environment to enter the network in a controlled manner or vice versa. Various systems and methods have been developed for implementing one-way data transfer to a secure network, including both hardware and software implementations of one-way data links.
Software solutions include standard Internet firewalls as well as operating systems configured with specialized rules for restricted unidirectional information flow. Systems such as these are designed to have great flexibility, but are now being asked to perform strict unidirectional data transfer. The complexity of software-implemented one-way data transfer is such that it is difficult to validate and verify that the controlled interface is strictly one-way, failsafe and resistant to reconfiguration through administrator error or malicious intent. Additionally, it is difficult to prove in complex systems that data is not bypassing the one way security feature.
As an alternative to software-based one-way data transfer, hardware-based unidirectional interfaces have also been developed. Since such systems implement the unidirectional policy of the controlled interface in hardware, the one-way nature and non-bypassable operation of the device can be validated to a high degree of assurance. Highly engineered solutions, such as the Owl Computing Technologies DualDiode, (described in U.S. Pat. No. 8,068,415, the disclosure of which is incorporated herein by reference) provide a direct point-to-point optical link between the enclaves. The DualDiode one-way data link includes an optical transmitter (on the send side) coupled to an optical receiver (on the receive side) via an optical fiber that crosses the boundary from the send side to the receive side. The unidirectionality of the data transfer is enforced in the circuitry of the network interface cards at both enclave endpoints and in the cable interconnects (because there are no optical receiving devices coupled to the optical fiber on the send side and no optical transmitting devices coupled to the optical fiber on the receive side). In this way, the hardware provides an added layer of assurance of unidirectional information flow and non-bypassable operation. In contrast to software based one-way data transfer systems, it is easy to prove that data is not bypassing the DualDiode. One problem that arises in such systems, however, is the detection of transmission errors for data passing from a transmitting server to a receiving server, since no feedback is provided (or could be provided) from the receiving server to the transmitting server in view of the one-way nature of the transmission along the one-way link coupling the transmitting server to the receiving server. This can be particularly troublesome when the data passing across the one-way link constitutes database update information for updating a remote database at a server coupled to the receiving server so that the remote database includes the same information as a reference database on the send side. This is because the transmitting server will not have any way to identify and correct transmission errors. As a result, any database update data lost during transmission cannot be recovered and the remote database will not be fully updated to match the reference database.
Accordingly, there is a need for a system and method which assures that a remote database receives every database update message transmitted across a one-way data link. Additionally, there is a need for a way to automatically recover when messages are missed due to networking or power issues.