Thursday, June 7

Air Gap Development

Lately I've been working with companies doing classified software development. Individual access to source code depends on each person's clearance level (e.g. Q clearance). To separate access between "sensitive" and "unsensitive" source code, development occurs on unclassified (low) and classified (high) networks, respectively. Physically, this means there is an impenetrable barrier between the computers/networks. Thus, gaining access to source code means gaining access to the appropriate network.

Transfer of file changes can sometimes occur from the low network to the high network but never vice versa. Traditionally, this has been implemented by a "sneaker net" where files are transferred between two computers by disk or tape and requires "walking" to each computer. I recently came across a clever data transmission technology that physically guarantees unidirectional transfer of data over a TCP/IP network including handshake protocols! Take a look at Owl Technologies' dual-diode technology.