Knogin
[Developers]

Security: Eurydice Cross-Domain Data Diode

Air gaps exist for a reason. When classified analysis networks cannot afford any physical return path to unclassified environments, software controls alone are insufficient. A data diode is a hardware-enforced unidirecti

Back to All Modules
Category: ManagementLast Updated: Mar 18, 2026
management

Overview#

Air gaps exist for a reason. When classified analysis networks cannot afford any physical return path to unclassified environments, software controls alone are insufficient. A data diode is a hardware-enforced unidirectional communications channel: information can only flow in one direction, and the receiving network has no physical capability to send data back to the source.

Eurydice is the ANSSI (Agence nationale de la sécurité des systèmes d'information) open-source data diode transfer system, referenced in the French National Security Agency's interoperability designation INT-19. It provides the software stack for packaging bundles and transmitting them across diode hardware. Argus integrates Eurydice to push classified threat intelligence, as STIX bundles or indicator exports, from a lower-classification operations network to higher-classification analysis environments without creating any return-path exposure.

Key Features#

Unidirectional STIX Bundle Transfer#

Transmit STIX 2.1 bundles across a data diode via submitStixViaEurydice. STIX bundles are serialised to JSON and passed to the Eurydice sender path, which wraps them in a transfer envelope, applies sender identity and classification metadata, and delivers them to the data diode endpoint.

Classification-Aware Transfer Controls#

Every diode transfer carries an explicit classification label. Argus enforces that the classification of the STIX bundle matches the clearance level of the Eurydice endpoint configuration before transmitting. This prevents accidental submission of SECRET material to an endpoint cleared only for CONFIDENTIAL traffic.

Audit Trail for Every Transfer#

Every invocation of submitStixViaEurydice or submitIndicatorsViaEurydice writes an immutable log_interop_export record capturing the transfer destination, classification level, and transfer metadata. This audit trail is mandatory for cross-domain transfer governance. Security officers can review what intelligence crossed the diode and when.

Bundle Identity#

Each transfer carries a bundle_id (a UUID generated by the calling service, distinct from STIX bundle IDs). This allows correlation across the audit log. If a high-side operator reports receiving an incomplete bundle, the sender-side audit record for that bundle_id confirms exactly what was submitted and at what time.

ANSSI INT-19 Alignment#

The EurydiceService implementation follows the ANSSI Interoperability Framework designation INT-19, which governs data diode software interfaces for French government and military systems. Configuration parameters (sender URL, API token) map directly to ANSSI-specified endpoint conventions.

Use Cases#

  • Classified Threat Intelligence Dissemination: CSIRT operators on an unclassified network discover a new threat actor campaign. The STIX bundle describing the campaign (TTPs, indicators, infrastructure) is passed through the Eurydice diode to the classified analysis network where it can be enriched against classified SIGINT and HUMINT sources without any risk of the classified environment reaching back to the unclassified side.
  • Air-Gapped Network Intelligence Push: Industrial control system operators managing critical infrastructure run their SCADA monitoring network completely air-gapped. Eurydice diode transfers allow threat intelligence from the connected operations network to be pushed into the air-gapped environment on a scheduled cadence.
  • Cross-Domain Exercise Support: During NATO or national cyber exercises running on multiple classification domains in parallel, Eurydice transfers allow the exercise injection team (unclassified) to push simulated threat scenarios as STIX bundles into the classified exercise environment for blue team participants.
  • Regulatory Compliance for Sensitive OES Sectors: Essential services operators in regulated sectors (energy, finance, health) required by NIS2 to share threat intelligence with national authorities can use Eurydice transfers to submit indicators to government-side high-side networks.

Integration#

Available via GraphQL: submitStixViaEurydice, submitIndicatorsViaEurydice (mutations). All operations require authentication and organisation scoping.

Works alongside the STIX/TAXII module (bundle generation before transfer), Post-Quantum Cryptography (bundle signing for cross-domain integrity assurance), and MISP (source of STIX-formatted indicator bundles for diode transmission).

Open Standards#

  • OASIS STIX 2.1: The primary payload format for cross-domain transfers; bundles are serialised as application/stix+json JSON and submitted verbatim through the diode without modification to the STIX object graph.
  • ANSSI Interoperability Framework INT-19: The French national security agency's designation governing data diode software interfaces; the EurydiceService and its configuration parameters conform directly to the INT-19 endpoint conventions for sender-side API integration.
  • OASIS TAXII 2.1: The companion transport standard to STIX; the module integrates alongside the STIX/TAXII module so that bundles generated via TAXII collection endpoints can be forwarded onward through the Eurydice diode without re-serialisation.
  • RFC 7519, JSON Web Token (JWT): Bearer tokens used to authenticate every call to the Eurydice sender REST API are issued as JWTs, with the Authorization: Bearer header pattern applied consistently across all diode client requests.
  • RFC 7517 / OAuth 2.0: The GraphQL mutations that invoke the diode transfer are gated behind the platform's OAuth 2.0 authenticated session, ensuring only authorised, organisation-scoped callers can initiate classified transfers.
  • EU NIS2 Directive (2022/2555): The use-cases section explicitly references NIS2 obligations for Operators of Essential Services to share threat intelligence with national authorities; the capability provides a compliant, unidirectional channel for those mandatory disclosures.
  • RFC 5053 / Reed-Solomon Forward Error Correction: The Lidi component of the Eurydice stack applies FEC encoding (Reed-Solomon or equivalent erasure codes) to diode payloads so that the receiving side can recover data despite packet loss on the one-way physical link; the integration client carries redundancy-factor parameters that map to the Lidi FEC API.

Last Reviewed: 2026-03-18 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.