Validating data to enable secure information exchange
Guards can provide the Validate component in our Secure Information eXchange Architecture (SIXA). They ensure the content (and in some cases protocol) conforms to the security policy.
The importance of validation
The Validate component, or Guard, ensures that the data being transferred conforms to a specified security policy. The Guard reduces the risk of malware getting into a network; of sensitive data leaking out; and ensures that appropriate controls are in place for the data to be released between the networks.
In order to do this, the Guard has to be able to provide detailed inspection of the data being transferred. The checks that a Guard could perform can be split into three categories:
- Format checks;
- Syntax checks;
- Semantic checks.
Data can claim to be of a given format in different ways, from the extension of a filename to parameters in encapsulating data (e.g. MIME types in an email). Format checks will verify that the data conforms to the format that it claims or appears to be.
The type that the data claims to be is important since this will determine the end application that opens and renders it. Data can masquerade as different types to fool an end application into opening it.
The format checks need to be designed to ensure that the end applications get the data that they can safely open. In order to achieve this, the end applications need to be known and thus they need to form an integral part of the overall secure information exchange solution.
In most scenarios, the checks need to go beyond verifying that the data is of the type it claims to be.
Additional checks should validate that the data conforms to the configured security policy so that an administrator can ban fields or portions of data formats that could potentially carry threats such as malware or hidden data leakage.
Equally, checks should ensure that all mandatory fields are present to ensure that end applications processing the data have everything that they expect.
Semantic Policy Checks
Knowing that the data is of a format that is acceptable and that the data conforms to a specified schema for that format will reduce the risk of incorrectly or maliciously formatted data from compromising applications in the destination system.
In addition to this, Semantic checks ensure that the information transferred in the data conforms to the policy defined. Semantic checks ensure that the content of the data whilst valid structurally, is also allowed.
Examples of these types of checks are:
- prohibited word checking;
- security label checks;
- and release authority decisions.
Complexity versus Assurance
In order to get a high degree of confidence that the Guard can perform these detailed checks, it is advisable to limit the degree of complexity of the data being transferred through the Guard. In this way, the checks can still be comprehensive, but are simpler to evaluate.
Nexor Guardian is a data guard providing a highly secure, high-throughput content checking capability that enables the sharing of information between networks with different levels of trust.
Nexor Sentinel is a high assurance email guard, evaluated to Common Criteria EAL4+ and is listed on NATO’s NIAPC catalogue. It has been designed to protect organisations by validating that in-bound and out-bound electronic messages conform to the security policy of the protected domain.
Information Exchange Gateways: The Evolving Story - This White Paper brings the Information Exchange Gateway story up-to-date. It looks at the changing context in which Information Exchange Gateways are being used; recent experiences in deploying them; and what the future holds. MORE DETAILS
Be the first to know about developments in secure information exchange