Revision as of 04:20, 21 December 2010 edit Pnm (talk \| contribs) Extended confirmed users 14,752 edits Nominate Controlled interface for deletion ← Previous edit		Revision as of 22:37, 28 December 2010 edit undo Lambiam (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers 65,062 edits copy edit Next edit →
Line 3: <!-- For administrator use only: {{Old AfD multi\|page=Controlled interface\|date=21 December 2010\|result='''keep'''}} --> <!-- End of AfD message, feel free to edit beyond this point --> AIn a [[multilevel security]] system, a '''controlled interface''' is a ~~[[multilevel~~system ~~security]]~~component ~~system~~that is used to implement security constraints on the transfer ~~low-classification~~of data between security domains. The data to be transferred may theoretically move in either direction; the ~~purpose~~task of the controlled interface is to ensure that the data meets the security criteria for transfer. ~~This~~In ~~normally~~general, ~~means~~data can move from a lower-security doamin to a higher-security ___domain. For transfer in the opposite direction, it has to be ascertained that the data is of ~~the~~sufficiently ~~lower~~low security sensitivity; for example, data [[Classified information\|classified]] as "Secret" should not be allowed to leak into a ___domain that is merely ~~classification~~"Restricted". The [[Committee on National Security Systems]] (CNSS) publishes the 'NATIONAL INFORMATION ASSURANCE (IA) GLOSSARY', also known as CNSS Instruction No. 4009. In this glossary, a Controlled Interface is defined as follows: "Mechanism that facilitates the adjudication of different interconnected system security policies (e.g., controlling the flow of information into or out of an interconnected system". Line 9: Within the US government, the Director of Central Intelligence Directive 6/3 (DCID 6/3) requirements for Protection Level 4 and 5 (PL-4 and PL-5), Integrity-High and Availability-High are required for multilevel security systems. While some controlled interfaces are very complicated, others are very simple. A simple example of a controlled interface is a one-way data transfer system that moves data from a low -security network to a high -security network while ~~assuring~~not ~~that~~allowing ~~high security~~any data ~~can~~transfer in the ~~never~~opposite ~~escape~~direction. One-way controlled interfaces are also called [[data diodes]]. For example, a fiber [[Network Interface Controller]] (NIC) with only one optical path iscan be used as a data diode. [[Category:Computer security]]

Controlled interface: Difference between revisions