Knogin
[Zarządzanie]

Security: Eurydice Cross-Domain Data Diode

Eurydice is the ANSSI (Agence nationale de la sécurité des systèmes d'information) open-source data diode transfer system, referenced in the French National Security Agency's interoperability designation INT-19.

Metadane modulu

Eurydice is the ANSSI (Agence nationale de la sécurité des systèmes d'information) open-source data diode transfer system, referenced in the French National Security Agency's interoperability designation INT-19.

Powrót do wszystkich modułów

Odwolanie do zrodla

content/modules/security-eurydice-data-diode.md

Ostatnia aktualizacja

18 mar 2026

Kategoria

Zarządzanie

Suma kontrolna tresci

a5389f374f41e57a

Tagi

management

Renderowana dokumentacja

Ta strona renderuje Markdown i Mermaid modulu bezposrednio z publicznego zrodla dokumentacji.

Overview#

Eurydice is the ANSSI (Agence nationale de la sécurité des systèmes d'information) open-source data diode transfer system, referenced in the French National Security Agency's interoperability designation INT-19. A data diode is a hardware-enforced unidirectional communications channel -- information can only flow in one direction; the receiving network has no physical capability to send data back to the source. Eurydice provides the software stack for packaging bundles, transmitting them across the diode hardware, and confirming delivery on the receiving side. Argus uses the Eurydice integration to push classified threat intelligence (as STIX bundles) from a lower-classification operations network to higher-classification analysis environments without creating any return-path exposure.

Key Features#

Unidirectional STIX Bundle Transfer#

Transmit STIX 2.1 bundles across a data diode via 

submitBundleViaDiode
. STIX bundles are serialised to JSON and passed to 
EurydiceClient.submit_bundle
, which wraps them in a Eurydice transfer envelope, applies sender identity and classification metadata, and delivers to the data diode endpoint. No acknowledgement is returned from the high-side network -- receipt confirmation must be handled through out-of-band means.

Classification-Aware Transfer Controls#

Every diode transfer carries an explicit classification label. Argus enforces that the classification of the STIX bundle matches the clearance level of the Eurydice endpoint configuration before transmitting. This prevents accidental submission of SECRET material to an endpoint only cleared for CONFIDENTIAL traffic.

Audit Trail for Every Transfer#

Every invocation of 

submitBundleViaDiode
writes an immutable 
log_interop_export
record capturing the bundle ID, sender URL endpoint, classification level, number of STIX objects in the bundle, and timestamp. This audit trail is mandatory for cross-domain transfer governance -- security officers can review exactly what intelligence crossed the diode and when.

Bundle Identity#

Each transfer carries a 

bundle_id
(a UUID generated by the calling service, distinct from STIX bundle IDs). This allows correlation across the audit log -- if a high-side operator reports receiving an incomplete bundle, the sender-side audit record for that 
bundle_id
confirms exactly what was submitted and at what time.

ANSSI INT-19 Alignment#

The EurydiceService implementation follows the ANSSI Interoperability Framework designation INT-19, which governs data diode software interfaces for French government and military systems. Configuration parameters (sender URL, API token) map directly to ANSSI-specified endpoint conventions.

Use Cases#

  • Classified Threat Intelligence Dissemination: CSIRT operators on an unclassified network discover a new threat actor campaign. The STIX bundle describing the campaign (TTPs, indicators, infrastructure) is passed through the Eurydice diode to the classified analysis network where it can be enriched against classified SIGINT and HUMINT sources without any risk of the classified environment reaching back to the unclassified side.
  • Air-Gapped Network Intelligence Push: Industrial control system operators managing critical infrastructure run their SCADA monitoring network completely air-gapped. Eurydice diode transfers allow threat intelligence from the connected operations network to be pushed into the air-gapped environment on a scheduled cadence.
  • Cross-Domain Exercise Support: During NATO or national cyber exercises running on multiple classification domains in parallel, Eurydice transfers allow the exercise injection team (unclassified) to push simulated threat scenarios (as STIX bundles) into the classified exercise environment for blue team participants.
  • Regulatory Compliance for Sensitive OES Sectors: Essential services operators in regulated sectors (energy, finance, health) required by NIS2 to share threat intelligence with national authorities can use Eurydice transfers to submit indicators to government-side high-side networks.

Integration#

Available via GraphQL: 

eurydiceTransfers
, 
eurydiceEndpoints
(queries); 
submitBundleViaDiode
, 
fetchEurydiceTransferStatus
(mutations). All operations require authentication and organisation scoping.

Works alongside the STIX/TAXII module (bundle generation before transfer), Post-Quantum Cryptography (bundle signing for cross-domain integrity assurance), and MISP (source of STIX-formatted indicator bundles for diode transmission).

Last Reviewed: 2026-03-18