Data dioses don't prevent malicious data that exploits vulnerabilities and takes over from being transmitted, they only prevent the malware from communicating back.
No that’s exactly what it does, it enforces one way communication from your high privileged domain to your less privileged domain. And your IFE or crew system is in the less privileged one.
Data diode can be put either ways, with different results:
* case 1, you allow traffic to only go out:
This way, nothing can come inside the system, but the system can export data.
Here basically, confidentiality is of secondary importance, but integrity is crucial.
It is the Biba model.
It can be seen on Command and Control systems for critical industrial installation for example. For example, with power plants C&C system must avoid to be hacked, but exporting to other systems data such as their power output and operational condition is generally required.
* case 2, you allow traffic to only go in:
This way, the system can ingest data from the outside, but nothing goes out.
Here basically, confidentiality is primordial, integrity a bit less.
It's the Bell-LaPadula model.
It can be seen in Military intelligence systems for example. Here you collect pieces of information and you make decisions on them, and all that must be kept confidential.
To summarize:
* One way: you enforce integrity
* The other: you enforce confidentiality
As an ending note, data diodes are generally pretty simple: basically you take a fiber with TX and RX link, and you cut one. There are a few more tricks (UDP only, sending multiple times because you don't have ACKs, static ARP tables, tricking the NIC into thinking it's up without signal), but that's the core of it.
reply