Abstract: A one-way router combines benefits of a network diode and router, and thus can route data between networks of varying confidentiality and/or integrity in a secure, one-way fashion. Secure routing is provided transparently so that the router is compatible with standard network applications by synthesizing responses for standard network protocols to provide many-to-many network connections while preventing bidirectional data flow. Separate network stacks are provided for each connected network, and the network stacks are separated from each other by data diodes that enforce one-way data flow. The one-way router can be implemented in hardware or software, and provides architectural flexibility to customize levels of assurance, performance, reliability, and cost.

Abstract: A one-way router combines benefits of a network diode and router, and thus can route data between networks of varying confidentiality and/or integrity in a secure, one-way fashion. Secure routing is provided transparently so that the router is compatible with standard network applications by synthesizing responses for standard network protocols to provide many-to-many network connections while preventing bidirectional data flow. Separate network stacks are provided for each connected network, and the network stacks are separated from each other by data diodes that enforce one-way data flow. The one-way router can be implemented in hardware or software, and provides architectural flexibility to customize levels of assurance, performance, reliability, and cost.

Abstract: The present invention provides secure inter-process communications, and applications thereof. In an embodiment, a shared memory and a message queue are used to provide a secure communication channel between a first computer process and a second computer process. The shared memory provides a path for high-bandwidth data transfer in a forward direction. The message queue provides a path for controlling the data transfer in the forward direction, while limiting data transfer in the reverse direction. A third computer process creates the message queue that is used by the first computer process and the second computer process to control the passage of data. Access to the shared memory and the message queue are enforced using a mandatory access control security policy.