Towards Decentralized and Provably Secure Cross-Domain Solutions.

Cross-Domain Solutions (CDS) are widely deployed today for secure and timely sharing of information across security domains. Content filters are a key function of the CDS used to mitigate data threats. CDS’s today are centralized and trusted and their deployments are being increasingly consolidated at the enterprise. This centralization and reliance on always-on connectivity to the enterprise introduces risk to timely and secure information sharing at the tactical edge. In this work, we take a step towards decentralizing the CDS functionality by distributing its security relevant components across untrusted tactical edge devices while still providing guarantees on the integrity of the end-to-end filtering pipeline. We instantiate a proof-of-concept decentralized CDS for bitmap image filtering and we demonstrate two alternative designs with similar trust assumptions but different performance tradeoffs. Both designs are based on verifiable computation . Our most performant system is able to filter a 250 × 250 pixel image in 15 s, 20 × faster than a strong baseline, and is able to scale to much larger images ( 13 × larger scale than baseline within the available memory budget). We discuss ongoing and future work enhancing the expressiveness, performance, and security of the design.