Cross-domain solution

Last updated

A cross-domain solution (CDS) is an integrated information assurance system composed of specialized software or hardware that provides a controlled interface to manually or automatically enable and/or restrict the access or transfer of information between two or more security domains based on a predetermined security policy. [1] [2] CDSs are designed to enforce domain separation and typically include some form of content filtering, which is used to designate information that is unauthorized for transfer between security domains or levels of classification, [3] such as between different military divisions, intelligence agencies, or other operations which depend on the timely sharing of potentially sensitive information. [4]

Contents

The goal of a CDS is to allow a trusted network domain to exchange information with other domains, either one-way or bi-directionally, without introducing the potential for security threats. CDS development, assessment, and deployment are based on comprehensive risk management. Every aspect of an accredited CDS is usually evaluated under what is known as a Lab-Based Security Assessment (LBSA)[ citation needed ] to reduce potential vulnerabilities and risks. The evaluation and accreditation of CDSs in the United States are primarily under the authority of the National Cross Domain Strategy and Management Office (NCDSMO) within the National Security Agency (NSA).

CDS filter for viruses and malware; content examination utilities; in high-to-low security transfer audited human review. CDS sometimes has security-hardened operating systems, role-based administration access, redundant hardware, etc.

The acceptance criteria for information transfer across domains or cross-domain interoperability is based on the security policy implemented within the solution. This policy may be simple (e.g., antivirus scanning and whitelist (also known as an "allowlist") check before transfer between peer networks) or complex (e.g., multiple content filters and a human reviewer must examine, redact, and approve a document before release from a high-security domain [5] ). [6] Unidirectional networks are often used to move information from low-security domains to secret enclaves while assuring that information cannot escape. [7] [8] Cross-domain solutions often include a High Assurance Guard.

Though cross-domain solutions have, as of 2019, historically been most typical in military, intelligence, and law enforcement environments, one example is the flight control and infotainment systems on an airliner. [9]

Types

There are three types of cross-domain solutions (CDS) according to Department of Defense Instruction (DoDI) 854001p. These types are broken down into Access, Transfer, and Multi-level solutions (MLS) and all must be included in the cross-domain baseline list before Department of Defense-specific site implementations. [10] Access Solution "An access solution describes a user’s ability to view and manipulate information from domains of differing security levels and caveats. In theory, the ideal solution respects separation requirements between domains by preventing overlapping data between domains, which ensures data of different classifications cannot ‘leak’ (i.e. data spill) between networks at any host layer of the OSI/TCP model. In practice, however, data spills are an ever-present concern that system designers attempt to mitigate within acceptable risk levels. For this reason, data transfer is addressed as a separate CDS". [11] Transfer Solution offers the ability to move information between security domains that are of different classification level or different caveat of the same classification level. Multi-level Solutions "Access and transfer solutions rely on multiple security levels (MSL) approaches that maintain the separation of domains; this architecture is considered multiple single levels. A multi-level solution (MLS) differs from MSL architecture by storing all data in a single domain. The solution uses trusted labeling and integrated Mandatory Access Control (MAC) schema as a basis to mediate data flow and access according to user credentials and clearance to authenticate read and write privileges. In this manner, an MLS is considered an all-in-one CDS, encompassing both access and data transfer capabilities." [11]

Unintended consequences

In previous decades, multilevel security (MLS) technologies were developed. These enforced mandatory access control (MAC) with near certainty. Automated information systems sometimes share information contrary to the need to avoid sharing secrets with adversaries. When the ‘balance’ is decided at the discretion of users, the access control is called discretionary access control (DAC), that is more tolerant of actions that manage risk where MAC requires risk avoidance.

These documents provide standards guidance on risk management:

  1. "Recommended Security Controls for Federal Information Systems & Organizations". Computer Security Division - Computer Security Resource Center. National Institute of Standards and Technology (NIST). 2011-11-16., SP 800-53 Rev3[ citation needed ]
  2. "Security Categorization and Control Selection for National Security Systems" (PDF). The Committee on National Security Systems (CNSS)., Instruction No. 1253[ citation needed ]

Related Research Articles

Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g., electronic or physical, tangible, or intangible. Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process that involves:

<span class="mw-page-title-main">Tempest (codename)</span> Espionage using electromagnetic leakage

TEMPEST is a U.S. National Security Agency specification and a NATO certification referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations. TEMPEST covers both methods to spy upon others and how to shield equipment against such spying. The protection efforts are also known as emission security (EMSEC), which is a subset of communications security (COMSEC). The reception methods fall under the umbrella of radiofrequency MASINT.

<span class="mw-page-title-main">Classified information</span> Material that government claims requires confidentiality

Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know. Mishandling of the material can incur criminal penalties.

CDS, CDs, Cds, etc. may refer to:

In computer security, mandatory access control (MAC) refers to a type of access control by which a secured environment constrains the ability of a subject or initiator to access or modify on an object or target. In the case of operating systems, the subject is a process or thread, while objects are files, directories, TCP/UDP ports, shared memory segments, or IO devices. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, the operating system kernel examines these security attributes, examines the authorization rules in place, and decides whether to grant access. A database management system, in its access control mechanism, can also apply mandatory access control; in this case, the objects are tables, views, procedures, etc.

Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications, permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. There are two contexts for the use of multilevel security.

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

A clinical decision support system (CDSS) is a health information technology that provides clinicians, staff, patients, and other individuals with knowledge and person-specific information to help health and health care. CDSS encompasses a variety of tools to enhance decision-making in the clinical workflow. These tools include computerized alerts and reminders to care providers and patients, clinical guidelines, condition-specific order sets, focused patient data reports and summaries, documentation templates, diagnostic support, and contextually relevant reference information, among other tools. CDSSs constitute a major topic in artificial intelligence in medicine.

The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic of classified information beginning in 1951. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the regulations codified to 32 C.F.R. 2001. It lays out the system of classification, declassification, and handling of national security information generated by the U.S. government and its employees and contractors, as well as information received from other governments.

Multiple single-level or multi-security level (MSL) is a means to separate different levels of data by using separate computers or virtual machines for each level. It aims to give some of the benefits of multilevel security without needing special changes to the OS or applications, but at the cost of needing extra hardware.

The XTS-400 is a multilevel secure computer operating system. It is multiuser and multitasking that uses multilevel scheduling in processing data and information. It works in networked environments and supports Gigabit Ethernet and both IPv4 and IPv6.

Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. IA encompasses both digital protections and physical techniques. These methods apply to data in transit, both physical and electronic forms, as well as data at rest. IA is best thought of as a superset of information security, and as the business outcome of information risk management.

A High Assurance Guard (HAG) is a multilevel security computer device which is used to communicate between different security domains, such as NIPRNet to SIPRNet. A HAG is one example of a Controlled Interface between security levels. HAGs are approved through the Common Criteria process.

A unidirectional network is a network appliance or device that allows data to travel in only one direction. Data diodes can be found most commonly in high security environments, such as defense, where they serve as connections between two or more networks of differing security classifications. Given the rise of industrial IoT and digitization, this technology can now be found at the industrial control level for such facilities as nuclear power plants, power generation and safety critical systems like railway networks.

Multiple Independent Levels of Security/Safety (MILS) is a high-assurance security architecture based on the concepts of separation and controlled information flow. It is implemented by separation mechanisms that support both untrusted and trustworthy components; ensuring that the total security solution is non-bypassable, evaluatable, always invoked, and tamperproof.

Global Information Network Architecture (GINA) is a software framework that bridges the symbolic and the connectionist representations of the world through executable conceptual models. Declarative contextual, causal, behavioral, and adaptive models for computational inferencing, analysis, and control can run and adapt based on the changing context of data-in-motion. This patented software technology enables the processing and the orchestration of context and causality for counterfactual analysis, decision support, and learning machines – addressing key roadblocks in the continued evolution of current AI, interoperability, and system-of-systems solutions.

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.

In information security, a guard is a device or system for allowing computers on otherwise separate networks to communicate, subject to configured constraints. In many respects a guard is like a firewall and guards may have similar functionality to a gateway.

<span class="mw-page-title-main">Nexor</span>

Nexor Limited is a privately held company based in Nottingham, providing products and services to safeguard government, defence and critical national infrastructure computer systems. It was originally known as X-Tel Services Limited.

Data center security is the set of policies, precautions and practices adopted at a data center to avoid unauthorized access and manipulation of its resources. The data center houses the enterprise applications and data, hence why providing a proper security system is critical. Denial of service (DoS), theft of confidential information, data alteration, and data loss are some of the common security problems afflicting data center environments.

References

  1. "Cross Domain Enterprise Service (CDES)". Information Assurance Support Environment. Defense Information Systems Agency (DISA). 2011-11-16. Archived from the original on 2008-03-26. Retrieved 2012-01-16.
  2. "Learn About Cross Domain Solutions". Owl Cyber Defense. Aug 25, 2020. Archived from the original on 2020-09-21.
  3. "Cloud Computing Strategy" (PDF). DTIC.MIL. Archived (PDF) from the original on August 16, 2016.
  4. Aristotle, Jacob. Cross-Domain Solution.
  5. Slater, T. "Cross-Domain Interoperability" [usurped] , Network Centric Operations Industry Consortium - NCOIC [usurped] , 2013
  6. "Cross Domain Solutions - Ensuring Complete Data Security".
  7. "Nexor Data Diode". Nexor . Retrieved 3 June 2013.
  8. "Dual Data Diode Information Transfer Products". Owl Cyber Defense, LLC. Retrieved 2019-08-20.
  9. "Can an Airplane Get Hacked? (Probably.)". Interset. 2017-01-04. Retrieved 2019-03-07.
  10. "CNSSI-4009" (PDF). RMF.org. Archived (PDF) from the original on 2020-02-28. Retrieved 28 February 2020.
  11. 1 2 Smith, Scott (28 February 2020). "Shedding Light on Cross Domain Solutions". SANS Institute Information Security Reading Room. Archived from the original on 2020-02-28. Retrieved 28 February 2020.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.