Cross-domain solution

Last updated

A cross-domain solution (CDS) is an integrated information assurance system composed of specialized software, and sometimes hardware, that provides a controlled interface to manually or automatically enable and/or restrict the access or transfer of information between two or more security domains based on a predetermined security policy. [1] [2] CDSs are designed to enforce domain separation and typically include some form of content filtering, which is used to designate information that is unauthorized for transfer between security domains or levels of classification, [3] such as between different military divisions, intelligence agencies, or other operations which depend on the timely sharing of potentially sensitive information. [4]

Contents

The goal of a CDS is to allow a trusted network domain to exchange information with other domains, either one-way or bi-directionally, without introducing the potential for security threats. CDS development, assessment, and deployment are based on comprehensive risk management. Every aspect of an accredited CDS is usually evaluated under what is known as a Lab-Based Security Assessment (LBSA)[ citation needed ] to reduce potential vulnerabilities and risks. The evaluation and accreditation of CDSs in the United States are primarily under the authority of the National Cross Domain Strategy and Management Office (NCDSMO) within the National Security Agency (NSA).

CDS filter for viruses and malware; content examination utilities; in high-to-low security transfer audited human review. CDS sometimes has security-hardened operating systems, role-based administration access, redundant hardware, etc.

The acceptance criteria for information transfer across domains or cross-domain interoperability is based on the security policy implemented within the solution. This policy may be simple (e.g., antivirus scanning and whitelist (or "allowlist") check before transfer between peer networks) or complex (e.g., multiple content filters and a human reviewer must examine, redact, and approve a document before release from a high-security domain [5] ). [6] Unidirectional networks are often used to move information from low-security domains to secret enclaves while assuring that information cannot escape. [7] [8] Cross-domain solutions often include a High Assurance Guard.

Though cross-domain solutions have, as of 2019, historically been most typical in military, intelligence, and law enforcement environments, one example is the flight control and infotainment systems on an airliner. [9]

Types

There are three types of cross-domain solutions (CDS) according to Department of Defense Instruction (DoDI) 854001p. These types are broken down into Access, Transfer, and Multi-level solutions (MLS) and all must be included in the cross-domain baseline list before Department of Defense-specific site implementations. [10] Access Solution "An access solution describes a user’s ability to view and manipulate information from domains of differing security levels and caveats. In theory, the ideal solution respects separation requirements between domains by preventing overlapping data between domains, which ensures data of different classifications cannot ‘leak’ (i.e. data spill) between networks at any host layer of the OSI/TCP model. In practice, however, data spills are an ever-present concern that system designers attempt to mitigate within acceptable risk levels. For this reason, data transfer is addressed as a separate CDS". [11] Transfer Solution offers the ability to move information between security domains that are of different classification level or different caveat of the same classification level. Multi-level Solutions "Access and transfer solutions rely on multiple security levels (MSL) approaches that maintain the separation of domains; this architecture is considered multiple single levels. A multi-level solution (MLS) differs from MSL architecture by storing all data in a single domain. The solution uses trusted labeling and integrated Mandatory Access Control (MAC) schema as a basis to mediate data flow and access according to user credentials and clearance to authenticate read and write privileges. In this manner, an MLS is considered an all-in-one CDS, encompassing both access and data transfer capabilities." [11]

Unintended consequences

In previous decades, multilevel security (MLS) technologies were developed. These enforced mandatory access control (MAC) with near certainty. Automated information systems sometimes share information contrary to the need to avoid sharing secrets with adversaries. When the ‘balance’ is decided at the discretion of users, the access control is called discretionary access control (DAC), that is more tolerant of actions that manage risk where MAC requires risk avoidance.

These documents provide standards guidance on risk management:

  1. "Recommended Security Controls for Federal Information Systems & Organizations". Computer Security Division - Computer Security Resource Center. National Institute of Standards and Technology (NIST). 2011-11-16., SP 800-53 Rev3[ citation needed ]
  2. "Security Categorization and Control Selection for National Security Systems" (PDF). The Committee on National Security Systems (CNSS)., Instruction No. 1253[ citation needed ]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cyber security, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

In the security engineering subspecialty of computer science, a trusted system is one that is relied upon to a specified extent to enforce a specified security policy. This is equivalent to saying that a trusted system is one whose failure would break a security policy.

CDS, CDs, Cds, etc. may refer to:

In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In the case of operating systems, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices, etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object is tested against the set of authorization rules to determine if the operation is allowed. A database management system, in its access control mechanism, can also apply mandatory access control; in this case, the objects are tables, views, procedures, etc.

Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications, permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. There are two contexts for the use of multilevel security. One is to refer to a system that is adequate to protect itself from subversion and has robust mechanisms to separate information domains, that is, trustworthy. Another context is to refer to an application of a computer that will require the computer to be strong enough to protect itself from subversion and possess adequate mechanisms to separate information domains, that is, a system we must trust. This distinction is important because systems that need to be trusted are not necessarily trustworthy.

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

<span class="mw-page-title-main">McCumber cube</span>

In 1991, John McCumber created a model framework for establishing and evaluating information security programs, now known as The McCumber Cube. This security model is depicted as a three-dimensional Rubik's Cube-like grid.

Multiple single-level or multi-security level (MSL) is a means to separate different levels of data by using separate computers or virtual machines for each level. It aims to give some of the benefits of multilevel security without needing special changes to the OS or applications, but at the cost of needing extra hardware.

The XTS-400 is a multilevel secure computer operating system. It is multiuser and multitasking that uses multilevel scheduling in processing data and information. It works in networked environments and supports Gigabit Ethernet and both IPv4 and IPv6.

A High Assurance Guard (HAG) is a Multilevel security computer device which is used to communicate between different Security Domains, such as NIPRNet to SIPRNet. A HAG is one example of a Controlled Interface between security levels. HAGs are approved through the Common Criteria process.

A unidirectional network is a network appliance or device that allows data to travel in only one direction. Data diodes can be found most commonly in high security environments, such as defense, where they serve as connections between two or more networks of differing security classifications. Given the rise of industrial IoT and digitization, this technology can now be found at the industrial control level for such facilities as nuclear power plants, power generation and safety critical systems like railway networks.

Multiple Independent Levels of Security/Safety (MILS) is a high-assurance security architecture based on the concepts of separation and controlled information flow. It is implemented by separation mechanisms that support both untrusted and trustworthy components; ensuring that the total security solution is non-bypassable, evaluatable, always invoked, and tamperproof.

LynxSecure is a least privilege real-time separation kernel hypervisor from Lynx Software Technologies designed for safety and security critical applications found in military, avionic, industrial, and automotive markets.

<span class="mw-page-title-main">Trusted Computer System Evaluation Criteria</span>

Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified information.

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.

Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. Vendors sell SIEM as software, as appliances, or as managed services; these products are also used to log security data and generate reports for compliance purposes. The term and the initialism SIEM was coined by Mark Nicolett and Amrit Williams of Gartner in 2005.

In information security, a guard is a device or system for allowing computers on otherwise separate networks to communicate, subject to configured constraints. In many respects a guard is like a firewall and guards may have similar functionality to a gateway.

<span class="mw-page-title-main">Nexor</span>

Nexor Limited is a privately held company based in Nottingham, providing products and services to safeguard government, defence and critical national infrastructure computer systems. It was originally known as X-Tel Services Limited.

WebUSB is a JavaScript application programming interface (API) specification for securely providing access to USB devices from web applications.

Data center security is the set of policies, precautions and practices adopted at a data center to avoid unauthorized access and manipulation of its resources. The data center houses the enterprise applications and data, hence why providing a proper security system is critical. Denial of service (DoS), theft of confidential information, data alteration, and data loss are some of the common security problems afflicting data center environments.

References

  1. "Cross Domain Enterprise Service (CDES)". Information Assurance Support Environment. Defense Information Systems Agency (DISA). 2011-11-16. Archived from the original on 2008-03-26. Retrieved 2012-01-16.
  2. "Learn About Cross Domain Solutions". Owl Cyber Defense. Aug 25, 2020. Archived from the original on 2020-09-21.
  3. "Cloud Computing Strategy" (PDF). DTIC.MIL. Archived (PDF) from the original on August 16, 2016.
  4. Aristotle, Jacob. Cross-Domain Solution.
  5. Slater, T. "Cross-Domain Interoperability", Network Centric Operations Industry Consortium - NCOIC, 2013
  6. "Cross Domain Solutions - Ensuring Complete Data Security".
  7. "Nexor Data Diode". Nexor . Retrieved 3 June 2013.
  8. "Dual Data Diode Information Transfer Products". Owl Cyber Defense, LLC. Retrieved 2019-08-20.
  9. "Can an Airplane Get Hacked? (Probably.)". Interset. 2017-01-04. Retrieved 2019-03-07.
  10. "CNSSI-4009" (PDF). RMF.org. Archived (PDF) from the original on 2020-02-28. Retrieved 28 February 2020.
  11. 1 2 Smith, Scott (28 February 2020). "Shedding Light on Cross Domain Solutions". SANS Institute Information Security Reading Room. Archived from the original on 2020-02-28. Retrieved 28 February 2020.

Unified Cross Domain Management Office (UCDMO), Cross Domain Overlay, 1 December 2011, ver 1.0; provides extensive security control guidance to implement CDS platform address security controls for hardware and software, enforced with advanced inspections.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.