Data Diode

Organization: Oak Ridge National Laboratory
Year: 2016

Data exfiltration attacks are a massive global problem that threatens modern society. Adversaries regularly breach corporate networks and extract large quantities of data. Data Diode mitigates the threat of data exfiltration. An authorized user can no longer freely access protected data, because there is no explicit command or service that supports data exfiltration. All data is forced over a single port via the Gateway through the system’s physical architecture. Through software modifications to the gateway machine that mediates all data access, data downloads are restricted but data uploads are unrestricted. Unlike traditional access control mechanisms that cannot cope with an insider threat (i.e., the threat of an authorized user exfiltrating data), the national lab restricts mechanisms that can be used to access and read that data in order to perform data exfiltration.