skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Data Diodes in Support of Trustworthy Cyber Infrastructure and Net-Centric Cyber Decision Support

Abstract

Data diodes provide protection of critical cyber assets by the means of physically enforcing traffic direction on the network. In order to deploy data diodes effectively, it is imperative to understand the protection they provide, the protection they do not provide, their limitations, and their place in the larger security infrastructure. In this work, we study data diodes, their functionalities and limitations. We then propose two critical infrastructure systems that can benefit from the additional protection offered by data diodes: process control networks and net-centric cyber decision support systems. We review the security requirements of these systems, describe the architectures, and study the trade-offs. Finally, the architectures are evaluated against different attack patterns.

Authors:
 [1];  [2];  [1]
  1. Massachusetts Inst. of Technology (MIT), Cambridge, MA (United States). Lincoln Lab.
  2. Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Publication Date:
Research Org.:
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Sponsoring Org.:
USDOE; USDOD
OSTI Identifier:
1334415
DOE Contract Number:  
AC05-00OR22725; FA8721-05-C-0002
Resource Type:
Journal Article
Journal Name:
Energy Systems
Additional Journal Information:
Journal Volume: 2013; Related Information: Part of Optimization and Security Challenges in Smart Power Grids; Journal ID: ISSN 1868-3967
Publisher:
Springer
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING; Data Diodes; Trusted Process Control Networks; Industrial Control Systems; Cyber Decision Support Systems; Net-Centric Systems

Citation Formats

Okhravi, Hamed, Sheldon, Frederick T., and Haines, Joshua. Data Diodes in Support of Trustworthy Cyber Infrastructure and Net-Centric Cyber Decision Support. United States: N. p., 2013. Web. doi:10.1007/978-3-642-38134-8_10.
Okhravi, Hamed, Sheldon, Frederick T., & Haines, Joshua. Data Diodes in Support of Trustworthy Cyber Infrastructure and Net-Centric Cyber Decision Support. United States. doi:10.1007/978-3-642-38134-8_10.
Okhravi, Hamed, Sheldon, Frederick T., and Haines, Joshua. Sat . "Data Diodes in Support of Trustworthy Cyber Infrastructure and Net-Centric Cyber Decision Support". United States. doi:10.1007/978-3-642-38134-8_10.
@article{osti_1334415,
title = {Data Diodes in Support of Trustworthy Cyber Infrastructure and Net-Centric Cyber Decision Support},
author = {Okhravi, Hamed and Sheldon, Frederick T. and Haines, Joshua},
abstractNote = {Data diodes provide protection of critical cyber assets by the means of physically enforcing traffic direction on the network. In order to deploy data diodes effectively, it is imperative to understand the protection they provide, the protection they do not provide, their limitations, and their place in the larger security infrastructure. In this work, we study data diodes, their functionalities and limitations. We then propose two critical infrastructure systems that can benefit from the additional protection offered by data diodes: process control networks and net-centric cyber decision support systems. We review the security requirements of these systems, describe the architectures, and study the trade-offs. Finally, the architectures are evaluated against different attack patterns.},
doi = {10.1007/978-3-642-38134-8_10},
journal = {Energy Systems},
issn = {1868-3967},
number = ,
volume = 2013,
place = {United States},
year = {2013},
month = {11}
}