Yüksek Güvenlikli Ağlar İçin DDS Kullanılarak Tek Yönlü Güvenli Veri Aktarımı

Bilgi güvenliğinin oldukça hassas olduğu kritik bilgiler içeren siber sistemlerin ve ağların yetkisiz erişim ve dış müdahalelerden korunması oldukça önemlidir. Ağ güvenliğinin sağlanması ve fiziksel olarak tek yönlü güvenli veri aktarımının yapılması için son yıllarda veri diyotları olarak isimlendirilen sistemler kullanılmaktadır. Tek yönlü veri aktarımı için veri merkezli bir ara katman mimarisi olan Data Distribution Service (DDS) gerek güvenli veri aktarımı özelliği gerekse barındırdığı yönlendirme, filtreleme ve izleme özellikleri ile oldukça uygun bir teknolojidir. Bu çalışmada DDS ara katman mimarisini kullanan tek yönlü güvenli veri aktarım sistemi önerilmiş ve performansı incelenmiştir. Buna göre kabul edilebilir performans kaybı olsa dahi kritik bilgiler içeren ağ sistemleri için DDS mimarisindeki tek yönlü iletim sisteminin uygun bir çözüm olabileceği, siber güvenlik sistemleri için birçok avantajı barındıran bir seçenek olacağı değerlendirilmiştir.

Anahtar Kelimeler:

Ağ Güvenliği, Tek Yönlü Aktarım, DDS, Endüstriyel Ağlar, Veri Diyotları

Unidirectional Secure Data Transfer Using DDS for High Security Networks

Protecting cyber systems and networks containing critical information, where information security is very sensitive, from unauthorized access and external interventions is very important. In recent years, systems called data diodes have been used to ensure network security and physically one-way secure data transfer. Data Distribution Service (DDS), which is a data-centric middleware architecture for one-way data transfer, is a very suitable technology with both its secure data transfer feature and its routing, filtering, and monitoring features. In this study, a one-way secure data transfer system using DDS middleware architecture is proposed and its performance is examined. Accordingly, it has been evaluated that one-way transmission system in DDS architecture can be a suitable solution for network systems containing critical information, even if there is acceptable performance loss, and it will be an option with many advantages for cyber security systems.

Keywords:

Network Security, Unidirectional Data Transfer, DDS, Industrial Networks, Data Diodes,

PDF

___

Anaya, E. A., Nakano-Miyatake, M., & Meana, H. M. P. (2009). A History and Survey of Network Firewalls. Midwest Symposium on Circuits and Systems.
Arkhangelskii, V., Epishkina, A., Kalmykov, V., & Kogos, K. (2016). Secure one-way data transfer. Proceedings of the 2016 IEEE North West Russia Section Young Researchers in Electrical and Electronic Engineering Conference, EIConRusNW 2016, 392–395. https://doi.org/10.1109/EIConRusNW.2016.7448203
Baunthiyal, A. (2021). Criteria Set for Evaluation of different DDS Distributions. International Journal for Research in Applied Science and Engineering Technology, 9(1), 119–128. https://doi.org/10.22214/ijraset.2021.29243
David, L., Vasconcelos, R., Alves, L., André, R., & Endler, M. (2013). A DDS-based middleware for scalable tracking, communication and collaboration of mobile nodes. Journal of Internet Services and Applications. https://doi.org/10.1186/1869-0238-4-16
Kang, Z., Canady, R., Dubey, A., Gokhale, A., Shekhar, S., & Sedlacek, M. (2020). A study of publish/subscribe middleware under different iot traffic conditions. M4IoT 2020 - Proceedings of the 2020 International Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2020 Conference. https://doi.org/10.1145/3429881.3430109
Kwon, G., Park, J., Lee, G., Tak, T., Lee, W., & Hong, J. (2017). Development of Real-Time Data Publish and Subscribe System Based on Fast RTPS for Image Data Transmission; Development of Real-Time Data Publish and Subscribe System Based on Fast RTPS for Image Data Transmission. https://doi.org/10.18429/JACoW-ICALEPCS2017-TUPHA040
Maatkamp, M., van Delden, M., & LeKhac, N. A. (2016). Unidirectional Secure Information Transfer via RabbitMQ. December. https://doi.org/10.13140/RG.2.1.1412.0720
Menoher, J. (2013). All Data Diodes Are Not Equal. Owl Computing.
Mukkamala, P. P., & Rajendran, S. (2020). A Survey on the Different Firewall Technologies. International Journal of Engineering Applied Sciences and Technology. https://doi.org/10.33564/ijeast.2020.v05i01.059
Neelam, B. S., & Shimray, B. A. (2021). Observation of enhanced network performance in iot process control and data sensing with RINA. Journal of Communications Software and Systems. https://doi.org/10.24138/jcomss-2021-0027
Pardo-Castellote, G. (2003). OMG Data-Distribution Service: Architectural overview. Proceedings - 23rd International Conference on Distributed Computing Systems Workshops, ICDCSW 2003. https://doi.org/10.1109/ICDCSW.2003.1203555
Reeves, S. (2015). Tactical Data Diodes in Industrial Automation and Control Systems. Whitepaper, SANS Institute.
Rogowski, D. (2014). Software Support for Common Criteria Security Development Process on the Example of a Data Diode. Proceedings of the Ninth International Conference DepCoS-RELCOMEX, Advances in Intelligent Systems and Computing, 286, 363–372. https://doi.org/10.1007/978-3-319-07013-1
Stevens, M. W. (1999). An Implementation of an Optical Data Diode. 1–30.
Van Besien, W. L., Ferris, B., & Dudish, J. (2021). Reliable, Efficient Large-File Delivery over Lossy, Unidirectional Links. https://doi.org/10.1109/aero50100.2021.9438494
Yaşar, H., & Çakır, H. (2015). Kurumsal Siber Güvenliğe Yönelik Tehditler ve Önlemleri. Düzce Üniversitesi Bilim ve Teknoloji Dergisi.