TY - GEN
T1 - Making USB great again with USBFilter
AU - Tian, Dave
AU - Scaife, Nolen
AU - Bates, Adam
AU - Butler, Kevin R.B.
AU - Traynor, Patrick
N1 - Publisher Copyright:
© 2016 Proceedings of the 25th USENIX Security Symposium. All rights reserved.
PY - 2016
Y1 - 2016
N2 - USB provides ubiquitous plug-and-play connectivity for a wide range of devices. However, the complex nature of USB obscures the true functionality of devices from the user, and operating systems blindly trust any physically-attached device. This has led to a number of attacks, ranging from hidden keyboards to network adapters, that rely on the user being unable to identify all of the functions attached to the host. In this paper, we present USBFILTER, which provides the first packet-level access control for USB and can prevent unauthorized interfaces from successfully connecting to the host operating system. USBFILTER can trace individual USB packets back to their respective processes and block unauthorized access to any device. By instrumenting the host’s USB stack between the device drivers and the USB controller, our system is able to filter packets at a granularity that previous works cannot — at the lowest possible level in the operating system. USBFILTER is not only able to block or permit specific device interfaces; it can also restrict interfaces to a particular application (e.g., only Skype can access my webcam). Furthermore, our experimental analysis shows that USBFILTER introduces a negligible (3-10µs) increase in latency while providing mediation of all USB packets on the host. Our system provides a level of granularity and extensibility that reduces the uncertainty of USB connectivity and ensures unauthorized devices are unable to communicate with the host.
AB - USB provides ubiquitous plug-and-play connectivity for a wide range of devices. However, the complex nature of USB obscures the true functionality of devices from the user, and operating systems blindly trust any physically-attached device. This has led to a number of attacks, ranging from hidden keyboards to network adapters, that rely on the user being unable to identify all of the functions attached to the host. In this paper, we present USBFILTER, which provides the first packet-level access control for USB and can prevent unauthorized interfaces from successfully connecting to the host operating system. USBFILTER can trace individual USB packets back to their respective processes and block unauthorized access to any device. By instrumenting the host’s USB stack between the device drivers and the USB controller, our system is able to filter packets at a granularity that previous works cannot — at the lowest possible level in the operating system. USBFILTER is not only able to block or permit specific device interfaces; it can also restrict interfaces to a particular application (e.g., only Skype can access my webcam). Furthermore, our experimental analysis shows that USBFILTER introduces a negligible (3-10µs) increase in latency while providing mediation of all USB packets on the host. Our system provides a level of granularity and extensibility that reduces the uncertainty of USB connectivity and ensures unauthorized devices are unable to communicate with the host.
UR - http://www.scopus.com/inward/record.url?scp=85041431393&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85041431393&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85041431393
T3 - Proceedings of the 25th USENIX Security Symposium
SP - 415
EP - 430
BT - Proceedings of the 25th USENIX Security Symposium
PB - USENIX Association
T2 - 25th USENIX Security Symposium
Y2 - 10 August 2016 through 12 August 2016
ER -