Title :
Use of cross domain guards for CoNSIS network management
Author :
Steinmetz, Philipp
Author_Institution :
Cyber Defense, Fraunhofer FKIE, Wachtberg, Germany
Abstract :
This paper discusses filtering of messages sent from a classified to an unclassified network using a cross domain guard. We discuss how we can use such a guard within the network architecture designed in the CoNSIS (Coalition Networks for Secure Information Sharing) project for use in future coalition operations. A guard design is presented which enforces that only XML messages conforming to a specific format may pass the guard. It also limits the message rate based on message size and the resulting possible covert channel. We can use this guard design for low data rate applications which have to communicate across networks of different classification. We also discuss a proxy device located in the unclassified network to reduce the required amount of communication between classified and unclassified network.
Keywords :
computer network management; computer network security; CoNSIS network management; XML message; coalition network for secure information sharing; cross domain guards; low data rate application; message filtering; network architecture; proxy device; Cryptography; Information filters; Kernel; Radiation detectors; Computer networks; Information Security;
Conference_Titel :
Communications and Information Systems Conference (MCC), 2012 Military
Conference_Location :
Gdansk
Print_ISBN :
978-1-4673-1422-0
