© 2009 Owl Computing Technologies, Inc. Page 1 whitepaper_crossborder_infosharing_0409.doc Secure Cross Border Information Sharing Using One-way Data Transfer Systems ______________________________________________________________________________________ W H I T E P A P E R Jeffrey Menoher, Ronald Mraz April 2009 ______________________________________________________________________________________ ABSTRACT The need to move data securely from one domain to another, while protecting the security levels of both environments, is central to the operation of sharing information between government entities. Whether distributing information from centralized, highly secure IT centers or bringing in information from unsecured sources, IT managers require absolute assurance that the cross border communication path is free from security compromise. A formal means to provide information sharing while protecting your domain is through the deployment of a one-way information transfer or “data diode”. This paper describes the use of physical one-way data transfer systems to secure cross border information sharing systems. This paper first describes the need and usefulness of a true physical one-way, data diode information transfer for security. Unfortunately, traditional data diodes are unreliable, low bandwidth implementations that in many cases openly expose their one-way functionality to the point of requiring additional safeguards. We show how these limitations can be overcome with the use of solid engineering design methods. This includes the use of link level protocols designed to transfer information reliably in simplex or asynchronous operation. The paper provides a taxonomy of one-way designs and goes on to explain how hardware can complement operating system drivers and application proxy software to create a reliable, scalable, physical one-way “protocol break” between standard IP communication networks. SECURE. RELIABLE. FAST. SECURE. RELIABLE. FAST.