This post discusses the transfer of flat files across a cross domain solution such as a trusted guard or data diode. The task is to automatically transfer a file from an unclassified network to a classified network. The reasons can be many. One illustration is the updating of a secret database using files generated from an unclassified database that provides a subset of such information to the secret database. We will not concern ourselves with the contents of the file other than to say it is an ASCII file. The following diagram illustrates such a transfer.
When a file crosses such a solution the implementing organization has an option on how to process that file before it crosses domains. It can be scanned for viruses. It can be checked to ensure it only contains ASCII data. It can be checked to ensure it is in a predefined format. It can be checked for specific words. Whatever the requirements are, the file to cross can be subjected to evaluation criteria to ensure it meets a predefined security policy. In trusted guard solutions, this kind of checking is done with what is referred to as a "filter". The filter can be a process with hard coded values or could use a configuration file that can define rules. If a configuration file is used, it needs to be protected from tampering. The use of trusted operating systems facilitates this task.
A more sophisticated variation of this file transfer scenario is the passing of XML (eXstensible Markup Language) files across the domain boundaries. In such a case, the "filter" can be very sophisticated where contents and format can be checked and even specific attribute values can be checked to ensure they fall within specific parameters. An XML schema validator can be used as a filter in this process. I personally have built a filter that used a modified XML schema validator. The low side network had a database that used a routine to extract data to be copied to the high side. The resulting query was converted to an XML format. The filter (in this case, a schema validator) checked the contents to ensure they were acceptable. The data was passed through the cross domain solution to the high side where a process took the file and uploaded it into another database. The big challenge was making the XML schema validator fast enough to maintain the required throughput through the cross domain solution. The beauty of this approach (using XML in this way) is that the filter never has to be modified. The filter configuration file in this case is an XML schema document designed to define the format of the file to be allowed to pass through the cross domain solution.
How does the flat file get to the cross domain solution? And since I've not specified previously, the cross domain solution in this example includes the high side server, the low side server and the cross domain technology (we'll assume a hardware data diode). Thus part of the solution resides on the low and high side servers. The low side server may use secure FTP to retrieve the file from the low side after checking for new files. Thus the cross domain solution has positive control over the whole transfer process. On the high side, the high side server forwards the file to the target destination and the cross domain transaction is complete.
In some solutions the high side may go through similar checks as the low side such as virus checking and reapplying the filter rules. In very robust solutions there may be a firewall set up on each side of the cross domain solution (a bit overkill in my opinion). Subsequent posts will look further into the processes surrounding the hardware data diode or those of the trusted guard.
This type solutions can also go from high to low. The filter in this case will ensure that data that is not supposed to be shared does not traverse the cross domain solution. There are solutions like this that use a man in the middle approach where a person using the cross domain technology actually reviews files that sit in a queue and approve the transfer. This approach works well with imagery since it is tough to design a filter sophisticated enough to evaluate an image.