Annual Computer Security Applications Conference 2015

Full Program »

Defending Against Malicious USB Firmware with GoodUSB

View File

USB attacks are becoming more sophisticated. Rather than using USB devices solely as a delivery mechanism for host-side exploits, attackers are targeting the USB stack itself, embedding malicious code in device firmware to covertly request additional USB inter- faces, providing unacknowledged and malicious functionality that lies outside the apparent purpose of the device. This allows for attacks such as BadUSB, where a USB storage device with malicious firmware is capable of covertly acting as a keyboard as well, allowing it to inject malicious scripts into the host machine. We observe that the root cause of such attacks is that the USB Stack exposes a set of unrestricted device privileges and note that the most reliable information about a device’s capabilities comes from the end user’s expectation of the device’s functionality. We design and implement GoodUSB, a mediation architecture for the Linux USB Stack. We defend against BadUSB attacks by enforcing permissions based on user expectations of device functionality. GoodUSB includes a security image component to simplify use, and a honey- pot mechanism for observing suspicious USB activities. GoodUSB introduces only 5.2% performance overhead compared to the un- modified Linux USB subsystem. It is an important step forward in defending against USB attacks and towards allowing the safe deployment of USB devices in the enterprise.


Dave (Jing) Tian    
University of Florida
United States

Adam Bates    
University of Florida
United States

Kevin Butler    
University of Florida
United States


Powered by OpenConf®
Copyright©2002-2015 Zakon Group LLC