Making USB great again with USBFilter

Dave Tian, Nolen Scaife, Adam Bates, Kevin R.B. Butler, Patrick Traynor

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

USB provides ubiquitous plug-and-play connectivity for a wide range of devices. However, the complex nature of USB obscures the true functionality of devices from the user, and operating systems blindly trust any physically-attached device. This has led to a number of attacks, ranging from hidden keyboards to network adapters, that rely on the user being unable to identify all of the functions attached to the host. In this paper, we present USBFILTER, which provides the first packet-level access control for USB and can prevent unauthorized interfaces from successfully connecting to the host operating system. USBFILTER can trace individual USB packets back to their respective processes and block unauthorized access to any device. By instrumenting the host’s USB stack between the device drivers and the USB controller, our system is able to filter packets at a granularity that previous works cannot — at the lowest possible level in the operating system. USBFILTER is not only able to block or permit specific device interfaces; it can also restrict interfaces to a particular application (e.g., only Skype can access my webcam). Furthermore, our experimental analysis shows that USBFILTER introduces a negligible (3-10µs) increase in latency while providing mediation of all USB packets on the host. Our system provides a level of granularity and extensibility that reduces the uncertainty of USB connectivity and ensures unauthorized devices are unable to communicate with the host.

Original languageEnglish (US)
Title of host publicationProceedings of the 25th USENIX Security Symposium
PublisherUSENIX Association
Pages415-430
Number of pages16
ISBN (Electronic)9781931971324
StatePublished - 2016
Event25th USENIX Security Symposium - Austin, United States
Duration: Aug 10 2016Aug 12 2016

Publication series

NameProceedings of the 25th USENIX Security Symposium

Conference

Conference25th USENIX Security Symposium
Country/TerritoryUnited States
CityAustin
Period8/10/168/12/16

ASJC Scopus subject areas

  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Making USB great again with USBFilter'. Together they form a unique fingerprint.

Cite this