[teacup50]

The security of such a thing assumes that:

1) The system can't be compromised through input data.

2) There's no other output mechanism by which an attacker could retrieve data (or watch the plane crash, which technically counts as output).

I'm not sure I buy the idea for contexts where a genuine security airgap is required.

[cnvogel]

You normally use such a scheme to pass data from the more critical to the less critical system. For example in nuclear power plants (that's where I know this scheme from) your low-safety systems can use data acquired by a highly safety relevant system (e.g. to display the pressure, temperature and power generation of the reactor core without being able to influence the safety systems that primarily acquired the values).

[teacup50]

Ah! Thanks, that clarification makes way more sense.