[ZISC Lunch Seminar] Making USB Safer for Hosts and Peripherals

Wed 12Jul2017

Prof. Kevin Butler, University of Florida

From 12.30 until 14.00

At CNB/F/110, ETH Zurich

Universitätstrasse 6, 8092 Zurich

Abstract:

The Universal Serial Bus has become a pervasive means by which users connect peripherals to computers. USB devices were ubiquitous within organizations and enterprises, but their role in introducing malware and acting as vectors for data exfiltration have significantly curtailed their usage in these environments. We have found that USB hosts often blindly trust the peripherals attached to them, while devices also blindly trust hosts. In this talk, we discuss solutions to constrain USB device functionality by allowing user expectations of device operation to prevent unauthorized access to USB interfaces. We also consider how fine-grained permissions can be specified through the OS kernel to allow flexible and fine-grained protection to hosts. On the device side, we consider new USB storage devices capable of providing context about the hosts they connect into, and show how these capabilities can allow for malware tracking and attribution. We conclude by consider future challenges to assuring the security and trustworthiness of USB hosts and devices.

Download Event to Calendar