> You can't even fix the problem with one-way information flow between critical and non-critical components, because there are valid reasons for wanting to send information the other way.
You could combine one-way information flow with a default-deny firewall on the opposite direction, with very strict format checks. If implemented properly, only a few exact packets would be able to pass, with a result similar to a bundle of discrete wires. (It would be a set of rules somewhat like: allow only the exact packet 010203x4, with x being only 1, 2, or 3.)
Of course, that adds cost, power, and space usage, since the firewall would have to be a separate discrete component, and you would need one for each device straddling separate integrity domains. You also lose flexibility, since you would have to replace the firewall component if you need to add more functionality in the direction it filters.