Talk:Cross-domain solution

I would question the bias in this article. While I personally agree with some of the statements, things like this:

 "a disturbing shift" "A shift of responsibility for certification and accreditation from agencies without conflict of interest to agencies responsible for both security and cost is not helpful at reducing receptiveness to more subjective flexibility."

"Those familiar with high strength technologies (that are sometimes less costly by the way) are more apt to be skeptical about the subversion resistance of less formal CDS."

seem to be written by someone with a personal bias towards one type type of CDS over another.

147.160.136.10 (talk) 13:50, 23 May 2008 (UTC)

Article lacks relevant citations, appears to be original research
This article doesn't cite most of its claims, and adopts a pretty strong point of view against cross-domain. In addition, I'd disagree with some of the factual commentary, e.g.:

"CDS is distinct from the more rigorous approaches because it supports transfer that would otherwise be precluded by established models of computer/network/data security (e.g. Bell-La Padula and Clark-Wilson)."

"CDS development, assessment, and deployment are based on risk management."

Cross-domain solutions can implement the Bell-La Padula model, and are sometimes based on formal methods, not on risk management.

I'll add an "original research" tag. The author of the article, User:JA.Davidson is very knowledgeable in the field, but other points of view would be helpful too. This is an important topic in computer security, so I hope the article can be improved. —Preceding unsigned comment added by SyntaxPolice (talk • contribs) 15:52, 22 October 2009 (UTC)

..Re: I'd disagree with some of the factual commentary, e.g.: I would like to understand your point of disagreement. John (talk) 19:31, 15 March 2013 (UTC)

What are the more rigorous approaches?
I think it is appropriate to have a page on CDS. I thank the original author for his contributions. But I have some questions.

Is there an intention to distinguish between "more rigorous" and "high assurance"? If a CDS is implemented with a "High Assurance Guard", would it be described as rigorous? Perhaps a multilevel secure operating (MLSOS) system is a more rigorous approach. But MLSOS can be the basis for a CDS.

BLP or Biba (Biba probably more relevant than Clark & Wilson) do not preclude CDS. They model what a CDS needs to do for the overall system to be secure. In BLP, a subject at one security level is not permitted to "write down", for example. Consider a CDS about to transfer an Unclassified document from a Secret network to an Unclassified network. It will be required to make some checks to confirm that the document is Unclassified. This may involve human review, signature checking, or other processes. But after those processes complete successfully, the CDS "subject" is now considered to be at the Unclassified level, and hence permitted to write the document to the Unclassified network.

In Clark & Wilson, a C5 transaction can proceed if a UDI (unconstrained, possibly high content) is converted to a CDI constrained data item which is constrained to have only low content. Again, the CDS is performing exactly what the model describes.

John Y (talk) 00:36, 25 September 2015 (UTC)

External links modified
Hello fellow Wikipedians,

I have just added archive links to 1 one external link on Cross-domain solution. Please take a moment to review my edit. If necessary, add after the link to keep me from modifying it. Alternatively, you can add to keep me off the page altogether. I made the following changes:
 * Added archive https://web.archive.org/20120129215319/http://www.embvue.com/isis.php to http://www.embvue.com/isis.php

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

Cheers.—cyberbot II  Talk to my owner :Online 13:28, 19 February 2016 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified one external link on Cross-domain solution. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20080326230421/http://iase.disa.mil/cds/ to http://iase.disa.mil/cds/

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 20:38, 14 August 2017 (UTC)