Data Diodes in Support of Trustworthy Cyber Infrastructure and Net-Centric Cyber Decision Support

Okhravi, H.; Sheldon, F. T.; Haines, J.

doi:10.1007/978-3-642-38134-8_10

H. Okhravi⁵,
F. T. Sheldon⁶ &
J. Haines⁵

Part of the book series: Energy Systems ((ENERGY))

1504 Accesses
3 Citations

Abstract

Data diodes provide protection of critical cyber assets by the means of physically enforcing traffic direction on the network. In order to deploy data diodes effectively, it is imperative to understand the protection they provide, the protection they do not provide, their limitations, and their place in the larger security infrastructure. In this work, we study data diodes, their functionalities and limitations. We then propose two critical infrastructure systems that can benefit from the additional protection offered by data diodes: process control networks and net-centric cyber decision support systems. We review the security requirements of these systems, describe the architectures, and study the trade-offs. Finally, the architectures are evaluated against different attack patterns.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Hardcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

CAPEC (2008) Common attack pattern enumeration and classification
Google Scholar
Davis CM, Tate JE, Okhravi H, Grier C, Overbye TJ, Nicol D (2006) SCADA cyber security testbed development. In: Proceedings of the 38th North American power symposium (NAPS 2006), pp 483–488
Google Scholar
Gagnon M, Haines J, Kapadia A, Truelove J, Huang O (2010) Towards net-centric cyber survivability for ballistic missile defense. In: 1st international symposium on architecting critical systems federated with CompArch 2010 (ISARCS’10)
Google Scholar
Hari A, Suri S, Parulkar G (2000) Detecting and resolving packet filter conflicts. In: Proceedings of IEEE INFOCOM, pp 1203–1212
Google Scholar
Hofstadter DR (1979) Godel, Escher, Bach: an eternal golden, 1st edn. Basic Books Inc., New York
Google Scholar
Interactive Link Data Diode Device (2010) Manual, BAE Systems
Google Scholar
Jones DW, Bowersox TC (2006) Secure data export and auditing using data diodes. In: Proceedings of the USENIX electronic voting technology workshop 2006, EVT’06. USENIX Association, Berkeley, CA, USA, p 4
Google Scholar
Kang MH, Moskowitz IS, Chincheck S (2005) The pump: a decade of covert fun. In: Proceedings of the IEEE computer society on 21st annual computer security applications conference ACSAC ’05, Washington, DC, USA, pp 352–360
Google Scholar
Menoher J, Mraz R (2007) CWID 2007 data diode case study. In: Invited presentation at the 23st annual computer security applications conference (ACSAC ’07)
Google Scholar
Network Admission Control (NAC) (2005) Technical overview, Cisco Systems, Inc.
Google Scholar
Okhravi H, Nicol D (2009) Application of trusted network technology to industrial control networks. Elsevier Int J Crit Infrastruct Prot (IJCIP) 2(3):84–94
Article Google Scholar
Okhravi H, Nicol D (2008) Applying trusted network technology to process control systems. In: Goetz E, Shenoi S (eds) Critical infrastructure protection II, 2nd edn. Springer, Boston, pp 57–70
Google Scholar
Rieback MR, Crispo B, Tanenbaum AS (2006) Is your cat infected with a computer virus? In: Proceedings of the fourth annual IEEE international conference on pervasive computing and communications, pp 169–179
Google Scholar
Roach J (2007) The architecture of aircraft instrumentation networks. In: Proceedings of the international telemetering conference (ITC 2007)
Google Scholar
Stevens M, Pope M (1995) Data diodes. Technical report DSTO-TR-0209, Electronics and Surveillance Research Laboratory (DSTO)
Google Scholar
United States Joint Chiefs of Staff (2006) Joint publication, information operations, pp 3–13. http://www.dtic.mil/doctrine
Waterfall’s Unidirectional Security Gateways (2010) Manual, waterfall. http://www.waterfallsecurity.com/technology/
Wool A (2004) A quantitative study of firewall configuration errors. Computer 37(6):62–67
Article Google Scholar

Download references

Author information

Authors and Affiliations

Massachusetts Institute of Technology, Lincoln Laboratory, 244 Wood St, Lexington, MA, 02420, US
H. Okhravi & J. Haines
Oak Ridge National Laboratory (ORNL), One Bethel Valley Rd, Oak Ridge, TN, US
F. T. Sheldon

Authors

H. Okhravi
View author publications
You can also search for this author in PubMed Google Scholar
F. T. Sheldon
View author publications
You can also search for this author in PubMed Google Scholar
J. Haines
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to F. T. Sheldon .

Editor information

Editors and Affiliations

Industrial and Systems Engineering, University of Florida, Gainesville, Florida, USA
Vijay Pappu
Florida Institute of Technology, Melbourne, Florida, USA
Marco Carvalho
Industrial and Systems Engineering, University of Florida, Gainesville, Florida, USA
Panos Pardalos

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Okhravi, H., Sheldon, F.T., Haines, J. (2013). Data Diodes in Support of Trustworthy Cyber Infrastructure and Net-Centric Cyber Decision Support. In: Pappu, V., Carvalho, M., Pardalos, P. (eds) Optimization and Security Challenges in Smart Power Grids. Energy Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38134-8_10

Download citation

DOI: https://doi.org/10.1007/978-3-642-38134-8_10
Published: 02 November 2013
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38133-1
Online ISBN: 978-3-642-38134-8
eBook Packages: EnergyEnergy (R0)

Publish with us

Policies and ethics