•Mediates data transfer between
machines
–Drag / drop, Cut / paste, Shared
folders
•Problems
–Red → Green :
Malware entering
–Green → Red : Information
leaking
•Possible policy
–Allowed transfers
(configurable). Examples:
•No transfer of “.exe” from R to
G
•Only transfer ASCII text from R
to G
–Non-spoofable user intent;
warning dialogs
–Auditing
•Synchronous virus checker; third
party hooks, ...