Protecting portable storage with host validation
Pages 651 - 653
Abstract
Portable storage devices, such as key-chain USB devices, are ubiquitous and used everywhere; users repeatedly use the same storage device in open computer laboratories, Internet cafes, and on office and home computers. Consequently, they are the target of malware that exploit the data present or use them as a means to propagate malicious software., e.g., Conficker and Agent.bz. We present the Kells mobile storage system, which limits untrusted or unknown systems from accessing sensitive data by continuously validating the accessing host's integrity state. We explore the design and operation of Kells, and implement a proof-of-concept USB 2.0 storage device of experimental hardware. Our experiments indicate nominal overheads associated with host validation, with a worst-case throughput overhead of 1.22% for reads and 2.78% for writes.
References
[1]
}}K. Butler, S. McLaughlin, and P. McDaniel. Kells: A Protection Framework for Portable Data. Technical Report NAS-TR-0134--2010, Network and Security Research Center, Pennsylvania State University, June 2010.
[2]
}}K. R. B. Butler, S. McLaughlin, and P. D. McDaniel. Rootkit-Resistant Disks. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS'08), Alexandria, VA, USA, Oct. 2008.
[3]
}}A. Datta, J. Franklin, D. Garg, and D. Kaynar. A Logic of Secure Systems and its Application to Trusted Computing. In Proceedings of the 30th IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2009.
[4]
}}L. Litty, H. A. Lagar-Cavilla, and D. Lie. Hypervisor Support for Identifying Covertly Executing Binaries. In Proceedings of the 17th USENIX Security Symposium, pages 243--258, San Jose, CA, USA, Aug. 2008.
[5]
}}Microsoft. BitLocker and BitLocker to Go. http://technet.microsoft.com/en-us/windows/dd408739.aspx, Jan. 2009.
[6]
}}A. G. Pennington, J. D. Strunk, J. L. Griffin, et al. Storage-based Intrusion Detection: Watching storage activity for suspicious behavior. In Proceedings of the 12th USENIX Security Symposium, Washington, DC, USA, Aug. 2003.
[7]
}}P. Porras, H. Saidi, and V. Yegneswaran. An Analysis of Conficker's Logic and Rendezvous Points. Technical report, SRI Computer Science Laboratory, Mar. 2009.
[8]
}}R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and Implementation of a TCG-based Integrity Measurement Architecture. In Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA, Aug. 2004.
[9]
}}Seagate Technology LLC. Self-Encrypting Hard Disk Drives in the Data Center. Technology Paper TP583.1-0711US, Nov. 2007.
[10]
}}A. Seshadri, M. Luk, E. Shi, et al. Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In Proceedings of ACM SOSP, Brighton, UK, 2005.
[11]
}}N. Shachtman. Under Worm Assault, Military Bans Disks, USB Drives. Wired, Nov. 2008.
[12]
}}L. St. Clair, J. Schiffman, T. Jaeger, and P. McDaniel. Establishing and Sustaining System Integrity via Root of Trust Installation. In ACSAC, Miami, FL, USA, Dec. 2007.
[13]
}}TCG. TPM Main: Part 1 - Design Principles. Specification Version 1.2, Level 2 Revision 103. TCG, July 2007.
[14]
}}TCG. TCG Storage Security Subsystem Class: Opal. Specification Version 1.0, Revision 1.0. Trusted Computing Group, Jan. 2009.
Index Terms
- Protecting portable storage with host validation
Recommendations
Storage-Based Intrusion Detection
Storage-based intrusion detection consists of storage systems watching for and identifying data access patterns characteristic of system intrusions. Storage systems can spot several common intruder actions, such as adding backdoors, inserting Trojan ...
Rootkit-resistant disks
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityRootkits are now prevalent in the wild. Users affected by rootkits are subject to the abuse of their data and resources, often unknowingly. Suchmalware becomes even more dangerous when it is persistent-infected disk images allow the malware to exist ...
An update-aware storage system for low-locality update-intensive workloads
ASPLOS '12Traditional storage systems provide a simple read/write interface, which is inadequate for low-locality update-intensive workloads because it limits the disk scheduling flexibility and results in inefficient use of buffer memory and raw disk bandwidth. ...
Comments
Information & Contributors
Information
Published In
October 2010
782 pages
ISBN:9781450302456
DOI:10.1145/1866307
- General Chair:
- Ehab Al-Shaer,
- Program Chairs:
- Angelos D. Keromytis,
- Vitaly Shmatikov
Copyright © 2010 Copyright is held by the author/owner(s).
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 October 2010
Check for updates
Author Tags
Qualifiers
- Poster
Conference
CCS '10
Sponsor:
CCS '10: 17th ACM Conference on Computer and Communications Security 2010
October 4 - 8, 2010
Illinois, Chicago, USA
Acceptance Rates
CCS '10 Paper Acceptance Rate 55 of 325 submissions, 17%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 343Total Downloads
- Downloads (Last 12 months)7
- Downloads (Last 6 weeks)2
Reflects downloads up to 25 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in