Protocol for Cross Domain Data Flow
Navy SBIR FY2018.1

Sol No.: Navy SBIR FY2018.1
Topic No.: N181-092
Topic Title: Protocol for Cross Domain Data Flow
Proposal No.: N181-092-0156
Firm: DornerWorks, Ltd.
3445 Lake Eastbrook SE
Grand Rapids, Michigan 49546
Contact: Nathan Studer
Phone: (616) 245-8369
Web Site:
Abstract: CDS guards provide the means to enable cross-domain applications without the risk of accidental cross contamination, but support only a limited number of communication protocols, degrade communication performance, and are vulnerable to attack themselves. We aim to address these limitations in this project. The first by designing, analyzing, and implementing one or more protocol adapters to extend CDS guards to support protocols which they were not originally designed to support. The second by offloading expensive operations from the CDS guard component. The third by exploring new CDS guard architectures and techniques to reduce the value of the CDS guard as a target and to increase the difficulty of attacking a CDS guard. The results will increase the capability and performance of CDS guard based systems in both new and legacy applications.
Benefits: Cross domain solutions are a fundamental component of the Risk Management Framework and are necessary to facilitate the flow of information between cooperating parties without compromising integrity or confidentiality of sensitive data. As combat operations and the networks that support them become more complex, the number of protocols and the methods of protecting these protocols will need to increase and become more sophisticated. CDS guards provide bidirectional protection, but currently support a limited number of low-level protocols. Extending and enhancing CDS guards will improve the usability and practicality of these CDS systems and will support their use in legacy in-line upgrades by supporting more protocols at higher levels in a flexible manner. However, with the increased use of CDS guard support components, the CDS guards themselves will increasingly become the target of potential cyber-attacks, but the development of new guard algorithms which limit the amount of information required for CDS decisions may offset this increased scrutiny. Additionally performance improvements made during this effort will improve the operational characteristics of the entire system into which a CDS guard with these performance improvements is integrated. Beyond these military applications, CDS products may not currently have much appeal, but many of the underlying separation and protection techniques would be useful in commercial applications as the number of information technology systems requiring cybersecurity and the number of attacks on these systems continues to increase.