Cross-Domain Solutions (CDS): A Comprehensive Survey

A domain is commonly defined as a set of system resources, e.g., computers, to which certain users have prescribed access rights as governed by some security policies. The access (viewing) and transfer of data between distinct domains facilitates a wide range of information technology applications. A Cross-Domain Solution (CDS) can provide the security mechanisms that are required to properly restrict the access and exchange of sensitive information between different domains. This article provides a comprehensive up-to-date survey of CDS. This survey is organized according to a CDS taxonomy with access, transfer, and Multi-Level Security (MLS) as the main CDS categories. An access solution helps a client to view the data present in a server (which is in a different domain, other than the client’s domain); thus an access solution effectively provides isolation between domains by allowing data access (without data transfer capabilities) between these domains. A transfer solution secures the transfer of data between domains to avoid leaks of data to unauthorized entities. Thereby, a transfer solution effectively connects domains in either a unidirectional or bidirectional manner. An MLS solution handles data with multiple levels of security (sensitivity of the data), such as top-secret, secret, or unclassified data. Aside from the fundamental conceptual approaches from the existing CDS research, this survey gives a comprehensive overview of the existing commercial CDS products. We identify the limitations of the existing CDS concepts and products and outline directions for future research and development to address these limitations and advance the overall CDS research area.