This repository is home to the Open Source Data Diode.
The invention of a data diode is not new. But the fact that the Open-Source Data Diode is offered low-end, low-cost, and as the name suggests, open source is something new. The Open Source Data Diode (OSDD) is a mid-tier, low-cost, open source data diode aimed at use by public and private parties in the Netherlands.
The currently available data diodes are mainly used for highly classified domains, where a high degree of information security applies. The high demands in highly classified domains make them relatively complex and expensive. However, the OSDD is based on a simple but reliable design and use at low costs, which makes the product more accessible and affordable for a multitude of companies, (semi) governments and individuals. In addition, the basic principle is that the OSDD can be used flexibly.
The OSDD consists of a hardware device, the physical diode, and a software suite in which additional functionality can be programmed for specific use cases. The codebase contains both a prototype version for a proxy framework for data diodes and the hardware schematics of the diode itself. Currently, the OSDD contains a proxy implementation for the Kafka protocol and it also transports metrics (statsd format) through the diode.
All code have been written primarily for Linux systems.
The OSDD demonstrator was developed in a collaboration between the Cyber Innovation Hub, The Hague Security Delta and Technolution.
We adhere to the Standard for Public Code as defined by the Foundation for Public Code. We ask our contributors to endorse this standard as well. For the full information, please check https://standard.publiccode.net/
It is the intent of the OSDD-development community to develop the codebase collaboratively. Adhering to the criteria set forth in the Standard for Public Code gives us confidence in the process. Therefore, Technolution, Sintecs, Compumatica, Fox-IT, Scalys and further partnering organizations are committed to maintaining and developing the OSDD at a level of quality that meets the Standard for Public Code.
A video introduction to Standard for Public Code from Creative Commons Global Summit 2020 (4:12) on YouTube.
To be added
The Cyber Innovation Hub, established in 2019 from the Ministry of Defence, ensures that departments, research institutions and companies work together on joint security issues within the field of cyber (security). The aim is to strengthen cyber knowledge and skills in the Netherlands, facilitate innovations and experiments and build an ecosystem of cyber experts, innovators and other partners to reduce cyber threats.
Securing networks is an important point of attention within Cyber. Gaining access to networks by intercepting or modifying network traffic is the basis for many security breeches. One of the problems with securing networks can be traced back to the organization of the current IP-based network traffic. This is bi-directional (2 way traffic), because guaranteed delivery is requested in the protocol. There are various devices or software for securing networks, such as Firewalls, Intruder Detection Systems, Intruder Prevention Systems and data diodes. They all have specific functionality that increases network security.
A data diode is a device that physically enforces uni-directional (one-way) network traffic. This creates an additional layer of security, as the diode enforces that traffic can only flow from network A to network B, thus protecting network A. For more information about data diodes, see this document.
The Cyber Innovation Hub is included in the Defence Cyber Strategy (Defensie Cyber Strategie) 2018 Dutch Cyber Security Agenda (Nederlandse Cybersecurity Agenda (NCSA)) 2020.
Make sure a recent Rust compiler (recently tested with 1.45) and Docker are installed.
You also need MUSL support for RUST:
rustup target add x86_64-unknown-linux-muslRun the build script in the scripts folder:
cd scripts
./create_tars.shThis scripts builds the repository in release and in MUSL release, it create docker images and create two tars. One for the ingress proxy and one for the egress proxy.
Copy the tars to your target systems, unpack them and install the osdd service. Match the configuration file to your system and start the osdd service.
This build results in two tar files, one for the ingress proxy, one for the egress proxy. Both tar files contain the OSDD service (executable and definition) and a bunch of exported docker containers.
There is a brief installation document available: general_docs/installation.md
There is a brief configuration document available: general_docs/config_file_explanation.md
There is a brief design choices document available: general_docs/design_choices.md
In case you need support with the set-up of the OSDD, or if you wish to privately report (security) issues, please contact the maintainer Kor Gerritma (kj.gerritsma@mindef.nl). When someone lets the maintainer know privately about a security vulnerability, the maintainer develops a fix, validates it, and notifies the developers of the project.
Report bugs using Github's issues
We use GitHub issues to track public bugs. Report a bug by opening a new issue.
The roadmap shows what we are working on and some of the things we have done. The roadmap is only a small guide. It does not cover everything we do, and some things may change. You can contact Kor Gerritsma (kj.gerritsma@mindef.nl) if you have any questions about the roadmap or suggestions for new features.
Now
- Updating the OSDD-repository to meet the Standard of Public Code (and make it as accessible as possible for contributors)
- Engaging with several developing parties to further work on the source code: next up is a workshop to further elaborate on the roadmap and governance file
- Make the OSDD-repository open for everyone to contribute
Next
- Organise a workshop with all stakeholders involved (and the Foundation for Public Code) to form the first use case
- Participate at a hackaton to further develop the source code of the OSDD
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
Get started by reading our contributors guide.
Please note that this project is released with a code of conduct. By participating in this project you agree to abide by its terms.
We’re using Discussions as a place to connect with other members of our community. If you have any questions, great ideas, and/or want to engage with other community members, please leave a message at Discussions
The license is Apache 2.
Branches are free to distribute and publish on discretion of the repective branche owner/moderator.