Strict separation between OS and USB driver using a hypervisor
(2016) EITM01 20152Department of Electrical and Information Technology
- Abstract
- During 2014, an attack called the BadUSB attack surfaced. This attack allows the attacker to reflash the firmware of a USB devices and make it perform malicious tasks. One particularly interesting attack whose source code has been released recently includes modifying a USB flash drive into also acting as a keyboard thus enabling it to send malicious keystrokes.
This thesis presents a modified version of the BitVisor hypervisor along with other possible protection mechanisms and evaluates their efficiency in protecting against this specific kind of attack along with BadUSB attacks in general. In order to test the hypervisor, the initial thought was to construct a BadUSB attack device using the source code made available to the public.... (More) - During 2014, an attack called the BadUSB attack surfaced. This attack allows the attacker to reflash the firmware of a USB devices and make it perform malicious tasks. One particularly interesting attack whose source code has been released recently includes modifying a USB flash drive into also acting as a keyboard thus enabling it to send malicious keystrokes.
This thesis presents a modified version of the BitVisor hypervisor along with other possible protection mechanisms and evaluates their efficiency in protecting against this specific kind of attack along with BadUSB attacks in general. In order to test the hypervisor, the initial thought was to construct a BadUSB attack device using the source code made available to the public. When no vulnerable devices were found, emulation of the attack was tried instead. However, emulation did not work either, thus the focus of the evaluation became strictly theoretical. The outcome was that the hypervisor prototype was efficient in protecting against this specific type of BadUSB attack but not against BadUSB attacks in general. The same conclusions were also reached for the other protection mechanisms investigated and evaluated in the thesis. (Less)
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/8870309
- author
- Svensson, Johan LU
- supervisor
- organization
- course
- EITM01 20152
- year
- 2016
- type
- H2 - Master's Degree (Two Years)
- subject
- report number
- LU/LTH-EIT 2016-486
- language
- English
- id
- 8870309
- date added to LUP
- 2016-04-05 13:40:33
- date last changed
- 2016-05-11 14:29:48
@misc{8870309, abstract = {{During 2014, an attack called the BadUSB attack surfaced. This attack allows the attacker to reflash the firmware of a USB devices and make it perform malicious tasks. One particularly interesting attack whose source code has been released recently includes modifying a USB flash drive into also acting as a keyboard thus enabling it to send malicious keystrokes. This thesis presents a modified version of the BitVisor hypervisor along with other possible protection mechanisms and evaluates their efficiency in protecting against this specific kind of attack along with BadUSB attacks in general. In order to test the hypervisor, the initial thought was to construct a BadUSB attack device using the source code made available to the public. When no vulnerable devices were found, emulation of the attack was tried instead. However, emulation did not work either, thus the focus of the evaluation became strictly theoretical. The outcome was that the hypervisor prototype was efficient in protecting against this specific type of BadUSB attack but not against BadUSB attacks in general. The same conclusions were also reached for the other protection mechanisms investigated and evaluated in the thesis.}}, author = {{Svensson, Johan}}, language = {{eng}}, note = {{Student Paper}}, title = {{Strict separation between OS and USB driver using a hypervisor}}, year = {{2016}}, }