Advanced

Strict separation between OS and USB driver using a hypervisor

Svensson, Johan LU (2016) EITM01 20152
Department of Electrical and Information Technology
Abstract
During 2014, an attack called the BadUSB attack surfaced. This attack allows the attacker to reflash the firmware of a USB devices and make it perform malicious tasks. One particularly interesting attack whose source code has been released recently includes modifying a USB flash drive into also acting as a keyboard thus enabling it to send malicious keystrokes.
This thesis presents a modified version of the BitVisor hypervisor along with other possible protection mechanisms and evaluates their efficiency in protecting against this specific kind of attack along with BadUSB attacks in general. In order to test the hypervisor, the initial thought was to construct a BadUSB attack device using the source code made available to the public.... (More)
During 2014, an attack called the BadUSB attack surfaced. This attack allows the attacker to reflash the firmware of a USB devices and make it perform malicious tasks. One particularly interesting attack whose source code has been released recently includes modifying a USB flash drive into also acting as a keyboard thus enabling it to send malicious keystrokes.
This thesis presents a modified version of the BitVisor hypervisor along with other possible protection mechanisms and evaluates their efficiency in protecting against this specific kind of attack along with BadUSB attacks in general. In order to test the hypervisor, the initial thought was to construct a BadUSB attack device using the source code made available to the public. When no vulnerable devices were found, emulation of the attack was tried instead. However, emulation did not work either, thus the focus of the evaluation became strictly theoretical. The outcome was that the hypervisor prototype was efficient in protecting against this specific type of BadUSB attack but not against BadUSB attacks in general. The same conclusions were also reached for the other protection mechanisms investigated and evaluated in the thesis. (Less)
Please use this url to cite or link to this publication:
author
Svensson, Johan LU
supervisor
organization
course
EITM01 20152
year
type
H2 - Master's Degree (Two Years)
subject
report number
LU/LTH-EIT 2016-486
language
English
id
8870309
date added to LUP
2016-04-05 13:40:33
date last changed
2016-05-11 14:29:48
@misc{8870309,
  abstract     = {During 2014, an attack called the BadUSB attack surfaced. This attack allows the attacker to reflash the firmware of a USB devices and make it perform malicious tasks. One particularly interesting attack whose source code has been released recently includes modifying a USB flash drive into also acting as a keyboard thus enabling it to send malicious keystrokes. 
This thesis presents a modified version of the BitVisor hypervisor along with other possible protection mechanisms and evaluates their efficiency in protecting against this specific kind of attack along with BadUSB attacks in general. In order to test the hypervisor, the initial thought was to construct a BadUSB attack device using the source code made available to the public. When no vulnerable devices were found, emulation of the attack was tried instead. However, emulation did not work either, thus the focus of the evaluation became strictly theoretical. The outcome was that the hypervisor prototype was efficient in protecting against this specific type of BadUSB attack but not against BadUSB attacks in general. The same conclusions were also reached for the other protection mechanisms investigated and evaluated in the thesis.},
  author       = {Svensson, Johan},
  language     = {eng},
  note         = {Student Paper},
  title        = {Strict separation between OS and USB driver using a hypervisor},
  year         = {2016},
}