Lessons Learned Developing Cross- Domain Solutions on SELinux

Building computer systems that allow the controlled transfer of data between security domains, commonly called cross-domain solutions (CDS) or guards, presents many common and some unique security challenges. In this paper, we explore lessons learned from building several CDS systems on SELinux. We explore the desired security properties of a CDS, define the role of the operating system in enforcing these security properties, and describe our experience using SELinux to fulfill the operating system role.