a file system for safely interacting with untrusted usb
play

A file system for safely interacting with untrusted USB flash drives - PowerPoint PPT Presentation

Feb 22, 2023 •34 likes •774 views

A file system for safely interacting with untrusted USB flash drives Ke Zhong , Zhihao Jiang , Ke Ma , and Sebastian Angel University of Pennsylvania Shanghai Jiao Tong University Most Storage has moved to cloud! USB flash drives

  1. A file system for safely interacting with untrusted USB flash drives Ke Zhong , Zhihao Jiang ⋆ , Ke Ma ⋆ , and Sebastian Angel University of Pennsylvania ⋆ Shanghai Jiao Tong University

  2. Most Storage has moved to cloud!

  3. USB flash drives remain popular u Legacy data u No network connections u Store confidential data − Bitcoin keys − Medical records − ID photos

  4. USB stack has several issues u Trust-by-default design principle u Devices can bypass kernel and access memory (DMA) u Driver code tends to be buggy − There are many drivers by third party producers u Masquerade as other devices − A device could declare to be a keyboard

  5. USB stack has several issues u Trust-by-default design principle u Devices can bypass kernel and access memory (DMA) Could be exploited by u Driver code tends to be buggy a malicious flash drive − There are many drivers by third party producers u Masquerade as other devices − A device could declare to be a keyboard

  6. USB stack has several issues u Trust-by-default design principle u Devices can bypass kernel and access memory (DMA) u Driver code tends to be buggy − There are many drivers by third party producers u Masquerade as other devices − A device could declare to be a keyboard

  7. Previous work u Packet filtering − Cinch: Security’16 − USBFilter: Security’16 u Device authentication − ProvUSB: CCS’16 u Sandbox the device − GoodUSB: ACSAS’15

  8. Limitation u Packet filtering − Malicious payload that changes dynamically avoids rule-based detection u Device authentication − Require new hardware/kernel modifications u Sandbox the device − False negative (i.e., a device is malicious but sandbox says it's ok)

  9. We propose RBFuse , which is a file system that accesses flash drives without interacting with the USB stack on the host machine

  10. Key idea RBFuse remaps memory space of host controller to a virtual machine, and exports file system of flash drives as a mountable virtual file system

  11. System overview IOMMU

  12. System overview Virtual machine VFS Server IOMMU

  13. System overview Virtual machine USB Directory VFS Server VFS Client IOMMU

  14. System overview Virtual machine USB Directory User space VFS daemon Server VFS Client IOMMU

  15. System overview Virtual machine USB Directory User space VFS daemon Server VFS Client Fuse kernel IOMMU driver

  16. How RBFuse runs Create a file Virtual machine “foo”! USB Directory VFS Server VFS Client IOMMU

  17. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr VFS Server VFS Client IOMMU

  18. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr VFS Server Execute VFS Client ① getattr IOMMU

  19. How RBFuse runs Create a file Virtual machine “foo”! USB Directory VFS “No such file” Server VFS Client “No such file” IOMMU

  20. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute VFS Client ① getattr IOMMU

  21. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute VFS Client ① getattr ② mknod IOMMU

  22. How RBFuse runs Create a file Virtual machine “foo”! USB Directory VFS “Succeed!” Server VFS Client “Succeed!” IOMMU

  23. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod IOMMU

  24. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod ③ getattr IOMMU

  25. How RBFuse runs Create a file Virtual machine “foo”! USB Directory VFS “foo exists!” Server VFS Client “foo exists!” IOMMU

  26. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr Done! VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod ③ getattr IOMMU

  27. Performance issues Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod ③ getattr IOMMU

  28. Performance issues Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod ③ getattr IOMMU Too many requests for accessing metadata 3,000 getattr calls are issued when reading 1,000 files

  29. Performance issues Write 1024KB Virtual machine to “foo”! USB Directory ①write 128KB ②write 128KB VFS …… Server Execute ⑧write 128KB VFS Client ①write 128KB ②write 128KB …… IOMMU ⑧write 128KB Write requests are split into smaller chunks

  30. Performance issues Read 1024KB Virtual machine from “foo”! USB Directory ①read 128KB ②read 128KB VFS …… Server Execute ⑧read 128KB VFS Client ①read 128KB ②read 128KB …… IOMMU ⑧read 128KB Read requests are split into smaller chunks

  31. Compromised virtual machine Virtual machine USB Directory VFS Server VFS Client IOMMU Malicious

  32. Compromised virtual machine Virtual machine USB Directory VFS Compromised Server VFS Client IOMMU Malicious

  33. Compromised virtual machine Virtual machine USB Directory VFS Compromised Server VFS Client IOMMU ①Confidential data might be stolen ②Files transferred might be tampered ③Issue malformed file system responses Malicious

  34. Parsing errors Virtual machine USB Requests Directory Serialize VFS requests Server VFS Client Parse responses IOMMU

  35. Parsing errors Virtual machine USB Requests Directory Serialize VFS requests Server VFS Client Parse responses IOMMU Parsers, if not designed correctly, can be easily compromised to exploit memory errors and integer overflow.

  36. Agenda u How to address those challenges − Optimizations − Encrypted communication − Formally verified serializer and parser u Preliminary evaluation u Discussion & Conclusion

  37. Agenda u How to address those challenges − Optimizations − Encrypted communication − Formally verified serializer and parser u Preliminary evaluation u Discussion & Conclusion

  38. Caching metadata Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod ③ getattr IOMMU

  39. Caching metadata Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr getattr could be done locally VFS Client ① getattr at the VFS Client ② mknod ③ getattr IOMMU u Cache during initialization − RBFuse fetches and caches the metadata of all files and directories during initialization

  40. Caching metadata Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod ③ getattr IOMMU u Cache during initialization − RBFuse fetches and caches the metadata of all files and directories during initialization u Update metadata accordingly − Mknod, write, etc.

  41. Prefetching Read 1024KB Virtual machine from “foo”! USB Directory ①read 128KB ②read 128KB VFS …… Server Execute ⑧read 128KB VFS Client ①read 128KB ②read 128KB …… IOMMU ⑧read 128KB

  42. Prefetching Read 1024KB Virtual machine from “foo”! USB Directory ①read 128KB ②read 128KB VFS …… Server Execute ⑧read 128KB VFS Client read 128KB + 896KB IOMMU Read subsequent chunks for large file

  43. Prefetching Read all files Virtual machine in “dir” USB Directory ①read f1 ②read f2 VFS …… Server Execute ⑧read f8 VFS Client ①read f1 ②read f2 …… IOMMU ⑧read f8

  44. Prefetching Read all files Virtual machine in “dir” USB Directory ①read f1 ②read f2 VFS …… Server Execute ⑧read f8 VFS Client read f1 + f2 ~ f8 IOMMU Read other small files in the same directory

  45. Batching operations Write 1024KB Virtual machine to “foo”! USB Directory ①write 128KB ②write 128KB VFS …… Server Execute ⑧write 128KB VFS Client ①write 128KB ②write 128KB …… IOMMU ⑧write 128KB

  46. Batching operations Write 1024KB Virtual machine to “foo”! USB Directory write 128KB + write 128KB VFS + …… Server Execute + write 128KB VFS Client write 128KB + write 128KB + …… IOMMU u Multiple write are combined into one + write 128KB

  47. Batching operations Write 1024KB Virtual machine to “foo”! USB Directory write 128KB + write 128KB VFS + …… Server Execute + write 128KB VFS Client write 128KB + write 128KB + …… IOMMU u Multiple write are combined into one + write 128KB u Other requests related to write can also be merged − getattr, mknod, getattr, open, write, close u Speculatively respond to requests first − By monitoring remaining size of flash drives, if size permitted, then responds “succeed”

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components

jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components

Department of Computer Science Institute of Systems Architecture, Operating Systems Group jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components Carsten Weinhold, Hermann Hrtig INTRODUCTION

429 views • 21 slides
Super Operations Dentry Operations Interacting with the VFS struct super_operations { struct

Super Operations Dentry Operations Interacting with the VFS struct super_operations { struct

V irtual Why add layers? Core Data Structures Only Exist Originally, operating systems supported just F ile system In Memory everything a process requires to file one file system. What changed? interact with an open file introduction of

65 views • 3 slides
MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage

MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage

MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage Services Seungyeop Han (syhan@cs.washington.edu) Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,

837 views • 37 slides
MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han, Haichen

MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han, Haichen

MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han, Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy, Thomas Anderson, and David Wetherall University of Washington *Georgia Institute of Technology 1 File

704 views • 42 slides
Interacting with the UNIX January 6, 2010, updated 2012 File System Derek Ruths Friday, 13

Interacting with the UNIX January 6, 2010, updated 2012 File System Derek Ruths Friday, 13

COMP 364 - Lecture #2 Interacting with the UNIX January 6, 2010, updated 2012 File System Derek Ruths Friday, 13 January, 12 Announcements TA : Javier Sanchez Galan (javier.sanchezgalan@mail.mcgill.ca) Office hours are now Mondays

404 views • 18 slides
Chapter 12: File System Implementation File System Structure File System Implementation

Chapter 12: File System Implementation File System Structure File System Implementation

Chapter 12: File System Implementation File System Structure File System Implementation Directory Implementation Allocation Methods Free-Space Management Efficiency and Performance Recovery Log-Structured File Systems

492 views • 47 slides
~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE SYSTEM MOUNTING PROTECTION EXTERNAL VIEW OF THE FILE MANAGER FILE MANAGEMENT FILE, IS A NAMED AND ORDERED COLLECTION OF INFORMATION COMPUTER SHOULD

341 views • 33 slides
File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System

File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System

File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System Performance Controlled Sharing Convenience: naming Reliability File System Workload File sizes Are most files small or large?

996 views • 62 slides
CSE 120 File System Interface What the user/programmer sees File System Implementation

CSE 120 File System Interface What the user/programmer sees File System Implementation

Overview CSE 120 File System Interface What the user/programmer sees File System Implementation How it works Summer, 2006 Day 9 File Systems Instructor: Neil Rhodes 2 What is a File? Typical Filesystem Named collection of related

175 views • 5 slides
File System Implementation Summer 2016 Cornell University Today File allocation Unix

File System Implementation Summer 2016 Cornell University Today File allocation Unix

CS 4410 Operating Systems File System Implementation Summer 2016 Cornell University Today File allocation Unix file system Log-structured file system 2 File system: two design problems User interface: File, directory,

362 views • 21 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Windows File System Efficiency and Stability of a file system are contradicting requirements. How

Windows File System Efficiency and Stability of a file system are contradicting requirements. How

Unit OS8: File System 8.6. Quiz Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Windows File System Efficiency and Stability of a file system are contradicting requirements. How can the

279 views • 11 slides
Distributed Systems - III Open a file, check status on a file, close a file; Read data

Distributed Systems - III Open a file, check status on a file, close a file; Read data

CSE 421/521 - Operating Systems What does Distributed File System Provide? Fall 2011 Provide access to and manipulation of data stored at remote servers using file system interfaces Lecture - XXV What are the file system interfaces?

236 views • 5 slides
File System Thierry Sans (recap) File System Abstraction File system specifics of which disk

File System Thierry Sans (recap) File System Abstraction File system specifics of which disk

File System Thierry Sans (recap) File System Abstraction File system specifics of which disk class it is using It issues block read/write requests to the generic block layer Provide an abstraction Goals Implement an abstraction (files) for

389 views • 37 slides
FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System

FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System

FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System Implementation Directory Implementation Allocation Methods Free-Space Management Discussion 11. Outline File-System Structure

516 views • 51 slides
Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work

Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work

Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work with Erik Riedel (Seagate Research), Ram Swaminathan (HP Labs), Qian Wang (Penn State), Kevin Fu (MIT) March 31 2003 Why care about storage

399 views • 27 slides
A Machine-Checked Theory of Floating Point Arithmetic John Harrison Intel Corporation, EY2-03

A Machine-Checked Theory of Floating Point Arithmetic John Harrison Intel Corporation, EY2-03

A Machine-Checked Theory of Floating Point Arithmetic 1 A Machine-Checked Theory of Floating Point Arithmetic John Harrison Intel Corporation, EY2-03 Introduction to IA-64 and HOL Light Floating point formats Ulps Rounding

254 views • 13 slides
Formal verification of IA-64 division algorithms John Harrison Intel Corporation IA-64

Formal verification of IA-64 division algorithms John Harrison Intel Corporation IA-64

Formal verification of IA-64 division algorithms 1 Formal verification of IA-64 division algorithms John Harrison Intel Corporation IA-64 overview HOL Light overview IEEE correctness Division on IA-64 Theory of division

289 views • 14 slides
Strategies & Obstacles in Strategies & Obstacles in Converting a Large Production

Strategies & Obstacles in Strategies & Obstacles in Converting a Large Production

Strategies & Obstacles in Strategies & Obstacles in Converting a Large Production Converting a Large Production Application to FORTRAN 90 Application to FORTRAN 90 David J. Gigrich May 19, 1999 Structural Analysis Computing The

359 views • 22 slides
Software Engineering Prof. Dr. Bertrand Meyer MarchJune 2007 Lecture 2: The Personal Software

Software Engineering Prof. Dr. Bertrand Meyer MarchJune 2007 Lecture 2: The Personal Software

Chair of Softw are Engineering Software Engineering Prof. Dr. Bertrand Meyer MarchJune 2007 Lecture 2: The Personal Software Process PSP: the background CMMI: Capability Maturity Model Integration (originally: CMM) From late 1980s,

718 views • 40 slides
USBProxy USB tinkering for hackers and makers Dominic Spill dominicgs@gmail.com Dominic Spill

USBProxy USB tinkering for hackers and makers Dominic Spill dominicgs@gmail.com Dominic Spill

USBProxy USB tinkering for hackers and makers Dominic Spill dominicgs@gmail.com Dominic Spill USBProxy developer Work on Ubertooth, BTBB, gr-bluetooth, Daisho, Unambiguous Encapsulation Other projects include fcc.io, BeagleDancer, PS/2 tap,

759 views • 19 slides
Notary: A Device for Secure Transaction Approval Athalye et al., presented by Jack Cook Overview

Notary: A Device for Secure Transaction Approval Athalye et al., presented by Jack Cook Overview

Notary: A Device for Secure Transaction Approval Athalye et al., presented by Jack Cook Overview Goals and Big Ideas Threat Model Strengths Weaknesses Evaluation Attack Defenses Discussion Questions

240 views • 20 slides
@cobbtechnologies @cobbtechnologies @cobbtech cobbtechnologies.com Title: Folders are Dead

@cobbtechnologies @cobbtechnologies @cobbtech cobbtechnologies.com Title: Folders are Dead

@cobbtechnologies @cobbtechnologies @cobbtech cobbtechnologies.com Title: Folders are Dead Mike Young Strategic Sales Executive Marc Klein Professional Services Manager cobbtechnologies.com INFORMATION SILOS ARE PROLIFERATING -- AND

436 views • 18 slides
implementation support system activity program m ing the application and control of

implementation support system activity program m ing the application and control of

Implementation support programming tools chapter 8 levels of services for program m ers windowing system s core support for separate and sim ultaneous user- implementation support system activity program m ing the

234 views • 6 slides

More recommend