Abstract
Data diodes provide protection of critical cyber assets by the means of physically enforcing traffic direction on the network. In order to deploy data diodes effectively, it is imperative to understand the protection they provide, the protection they do not provide, their limitations, and their place in the larger security infrastructure. In this work, we study data diodes, their functionalities and limitations. We then propose two critical infrastructure systems that can benefit from the additional protection offered by data diodes: process control networks and net-centric cyber decision support systems. We review the security requirements of these systems, describe the architectures, and study the trade-offs. Finally, the architectures are evaluated against different attack patterns.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
CAPEC (2008) Common attack pattern enumeration and classification
Davis CM, Tate JE, Okhravi H, Grier C, Overbye TJ, Nicol D (2006) SCADA cyber security testbed development. In: Proceedings of the 38th North American power symposium (NAPS 2006), pp 483–488
Gagnon M, Haines J, Kapadia A, Truelove J, Huang O (2010) Towards net-centric cyber survivability for ballistic missile defense. In: 1st international symposium on architecting critical systems federated with CompArch 2010 (ISARCS’10)
Hari A, Suri S, Parulkar G (2000) Detecting and resolving packet filter conflicts. In: Proceedings of IEEE INFOCOM, pp 1203–1212
Hofstadter DR (1979) Godel, Escher, Bach: an eternal golden, 1st edn. Basic Books Inc., New York
Interactive Link Data Diode Device (2010) Manual, BAE Systems
Jones DW, Bowersox TC (2006) Secure data export and auditing using data diodes. In: Proceedings of the USENIX electronic voting technology workshop 2006, EVT’06. USENIX Association, Berkeley, CA, USA, p 4
Kang MH, Moskowitz IS, Chincheck S (2005) The pump: a decade of covert fun. In: Proceedings of the IEEE computer society on 21st annual computer security applications conference ACSAC ’05, Washington, DC, USA, pp 352–360
Menoher J, Mraz R (2007) CWID 2007 data diode case study. In: Invited presentation at the 23st annual computer security applications conference (ACSAC ’07)
Network Admission Control (NAC) (2005) Technical overview, Cisco Systems, Inc.
Okhravi H, Nicol D (2009) Application of trusted network technology to industrial control networks. Elsevier Int J Crit Infrastruct Prot (IJCIP) 2(3):84–94
Okhravi H, Nicol D (2008) Applying trusted network technology to process control systems. In: Goetz E, Shenoi S (eds) Critical infrastructure protection II, 2nd edn. Springer, Boston, pp 57–70
Rieback MR, Crispo B, Tanenbaum AS (2006) Is your cat infected with a computer virus? In: Proceedings of the fourth annual IEEE international conference on pervasive computing and communications, pp 169–179
Roach J (2007) The architecture of aircraft instrumentation networks. In: Proceedings of the international telemetering conference (ITC 2007)
Stevens M, Pope M (1995) Data diodes. Technical report DSTO-TR-0209, Electronics and Surveillance Research Laboratory (DSTO)
United States Joint Chiefs of Staff (2006) Joint publication, information operations, pp 3–13. http://www.dtic.mil/doctrine
Waterfall’s Unidirectional Security Gateways (2010) Manual, waterfall. http://www.waterfallsecurity.com/technology/
Wool A (2004) A quantitative study of firewall configuration errors. Computer 37(6):62–67
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Okhravi, H., Sheldon, F.T., Haines, J. (2013). Data Diodes in Support of Trustworthy Cyber Infrastructure and Net-Centric Cyber Decision Support. In: Pappu, V., Carvalho, M., Pardalos, P. (eds) Optimization and Security Challenges in Smart Power Grids. Energy Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38134-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-38134-8_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38133-1
Online ISBN: 978-3-642-38134-8
eBook Packages: EnergyEnergy (R0)