Towards a reference architecture for service-oriented cross domain security infrastructures

Abstract

Today’s Cross Domain Communication (CDC) infrastructure largely consists of guards built to vendor specifications. Such an infrastructure often fails to provide adequate protections for CDC workflows involving Service Oriented Architectures. Focusing on the transport layer and oblivious to the context of the information exchanges, the guards often rely on rudimentary filtering techniques that require frequent human intervention to adjudicate messages. In this paper, we present a set of key requirements and design principles for a Service Oriented Cross Domain Security Infrastructure in form of a CDC Reference Architecture, featuring domain-associated guards as active workflow participants. This reference architecture will provide the foundation for the development of protocols and ontologies enabling runtime coordination among CDC elements, leading to more secure, effective, and interoperable CDC solutions.