a file system for safely interacting with untrusted usb
play

A file system for safely interacting with untrusted USB flash drives - PowerPoint PPT Presentation

Feb 22, 2023 •34 likes •774 views

A file system for safely interacting with untrusted USB flash drives Ke Zhong , Zhihao Jiang , Ke Ma , and Sebastian Angel University of Pennsylvania Shanghai Jiao Tong University Most Storage has moved to cloud! USB flash drives

  1. A file system for safely interacting with untrusted USB flash drives Ke Zhong , Zhihao Jiang ⋆ , Ke Ma ⋆ , and Sebastian Angel University of Pennsylvania ⋆ Shanghai Jiao Tong University

  2. Most Storage has moved to cloud!

  3. USB flash drives remain popular u Legacy data u No network connections u Store confidential data − Bitcoin keys − Medical records − ID photos

  4. USB stack has several issues u Trust-by-default design principle u Devices can bypass kernel and access memory (DMA) u Driver code tends to be buggy − There are many drivers by third party producers u Masquerade as other devices − A device could declare to be a keyboard

  5. USB stack has several issues u Trust-by-default design principle u Devices can bypass kernel and access memory (DMA) Could be exploited by u Driver code tends to be buggy a malicious flash drive − There are many drivers by third party producers u Masquerade as other devices − A device could declare to be a keyboard

  6. USB stack has several issues u Trust-by-default design principle u Devices can bypass kernel and access memory (DMA) u Driver code tends to be buggy − There are many drivers by third party producers u Masquerade as other devices − A device could declare to be a keyboard

  7. Previous work u Packet filtering − Cinch: Security’16 − USBFilter: Security’16 u Device authentication − ProvUSB: CCS’16 u Sandbox the device − GoodUSB: ACSAS’15

  8. Limitation u Packet filtering − Malicious payload that changes dynamically avoids rule-based detection u Device authentication − Require new hardware/kernel modifications u Sandbox the device − False negative (i.e., a device is malicious but sandbox says it's ok)

  9. We propose RBFuse , which is a file system that accesses flash drives without interacting with the USB stack on the host machine

  10. Key idea RBFuse remaps memory space of host controller to a virtual machine, and exports file system of flash drives as a mountable virtual file system

  11. System overview IOMMU

  12. System overview Virtual machine VFS Server IOMMU

  13. System overview Virtual machine USB Directory VFS Server VFS Client IOMMU

  14. System overview Virtual machine USB Directory User space VFS daemon Server VFS Client IOMMU

  15. System overview Virtual machine USB Directory User space VFS daemon Server VFS Client Fuse kernel IOMMU driver

  16. How RBFuse runs Create a file Virtual machine “foo”! USB Directory VFS Server VFS Client IOMMU

  17. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr VFS Server VFS Client IOMMU

  18. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr VFS Server Execute VFS Client ① getattr IOMMU

  19. How RBFuse runs Create a file Virtual machine “foo”! USB Directory VFS “No such file” Server VFS Client “No such file” IOMMU

  20. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute VFS Client ① getattr IOMMU

  21. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute VFS Client ① getattr ② mknod IOMMU

  22. How RBFuse runs Create a file Virtual machine “foo”! USB Directory VFS “Succeed!” Server VFS Client “Succeed!” IOMMU

  23. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod IOMMU

  24. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod ③ getattr IOMMU

  25. How RBFuse runs Create a file Virtual machine “foo”! USB Directory VFS “foo exists!” Server VFS Client “foo exists!” IOMMU

  26. How RBFuse runs Create a file Virtual machine “foo”! USB Directory ① getattr Done! VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod ③ getattr IOMMU

  27. Performance issues Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod ③ getattr IOMMU

  28. Performance issues Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod ③ getattr IOMMU Too many requests for accessing metadata 3,000 getattr calls are issued when reading 1,000 files

  29. Performance issues Write 1024KB Virtual machine to “foo”! USB Directory ①write 128KB ②write 128KB VFS …… Server Execute ⑧write 128KB VFS Client ①write 128KB ②write 128KB …… IOMMU ⑧write 128KB Write requests are split into smaller chunks

  30. Performance issues Read 1024KB Virtual machine from “foo”! USB Directory ①read 128KB ②read 128KB VFS …… Server Execute ⑧read 128KB VFS Client ①read 128KB ②read 128KB …… IOMMU ⑧read 128KB Read requests are split into smaller chunks

  31. Compromised virtual machine Virtual machine USB Directory VFS Server VFS Client IOMMU Malicious

  32. Compromised virtual machine Virtual machine USB Directory VFS Compromised Server VFS Client IOMMU Malicious

  33. Compromised virtual machine Virtual machine USB Directory VFS Compromised Server VFS Client IOMMU ①Confidential data might be stolen ②Files transferred might be tampered ③Issue malformed file system responses Malicious

  34. Parsing errors Virtual machine USB Requests Directory Serialize VFS requests Server VFS Client Parse responses IOMMU

  35. Parsing errors Virtual machine USB Requests Directory Serialize VFS requests Server VFS Client Parse responses IOMMU Parsers, if not designed correctly, can be easily compromised to exploit memory errors and integer overflow.

  36. Agenda u How to address those challenges − Optimizations − Encrypted communication − Formally verified serializer and parser u Preliminary evaluation u Discussion & Conclusion

  37. Agenda u How to address those challenges − Optimizations − Encrypted communication − Formally verified serializer and parser u Preliminary evaluation u Discussion & Conclusion

  38. Caching metadata Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod ③ getattr IOMMU

  39. Caching metadata Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr getattr could be done locally VFS Client ① getattr at the VFS Client ② mknod ③ getattr IOMMU u Cache during initialization − RBFuse fetches and caches the metadata of all files and directories during initialization

  40. Caching metadata Create a file Virtual machine “foo”! USB Directory ① getattr VFS ② mknod Server Execute ③ getattr VFS Client ① getattr ② mknod ③ getattr IOMMU u Cache during initialization − RBFuse fetches and caches the metadata of all files and directories during initialization u Update metadata accordingly − Mknod, write, etc.

  41. Prefetching Read 1024KB Virtual machine from “foo”! USB Directory ①read 128KB ②read 128KB VFS …… Server Execute ⑧read 128KB VFS Client ①read 128KB ②read 128KB …… IOMMU ⑧read 128KB

  42. Prefetching Read 1024KB Virtual machine from “foo”! USB Directory ①read 128KB ②read 128KB VFS …… Server Execute ⑧read 128KB VFS Client read 128KB + 896KB IOMMU Read subsequent chunks for large file

  43. Prefetching Read all files Virtual machine in “dir” USB Directory ①read f1 ②read f2 VFS …… Server Execute ⑧read f8 VFS Client ①read f1 ②read f2 …… IOMMU ⑧read f8

  44. Prefetching Read all files Virtual machine in “dir” USB Directory ①read f1 ②read f2 VFS …… Server Execute ⑧read f8 VFS Client read f1 + f2 ~ f8 IOMMU Read other small files in the same directory

  45. Batching operations Write 1024KB Virtual machine to “foo”! USB Directory ①write 128KB ②write 128KB VFS …… Server Execute ⑧write 128KB VFS Client ①write 128KB ②write 128KB …… IOMMU ⑧write 128KB

  46. Batching operations Write 1024KB Virtual machine to “foo”! USB Directory write 128KB + write 128KB VFS + …… Server Execute + write 128KB VFS Client write 128KB + write 128KB + …… IOMMU u Multiple write are combined into one + write 128KB

  47. Batching operations Write 1024KB Virtual machine to “foo”! USB Directory write 128KB + write 128KB VFS + …… Server Execute + write 128KB VFS Client write 128KB + write 128KB + …… IOMMU u Multiple write are combined into one + write 128KB u Other requests related to write can also be merged − getattr, mknod, getattr, open, write, close u Speculatively respond to requests first − By monitoring remaining size of flash drives, if size permitted, then responds “succeed”

Recommend

jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components

jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components

Department of Computer Science Institute of Systems Architecture, Operating Systems Group jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components Carsten Weinhold, Hermann Hrtig INTRODUCTION

429 views • 21 slides
Super Operations Dentry Operations Interacting with the VFS struct super_operations { struct

Super Operations Dentry Operations Interacting with the VFS struct super_operations { struct

V irtual Why add layers? Core Data Structures Only Exist Originally, operating systems supported just F ile system In Memory everything a process requires to file one file system. What changed? interact with an open file introduction of

65 views • 3 slides
MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage

MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage

MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage Services Seungyeop Han (syhan@cs.washington.edu) Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,

837 views • 37 slides
MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han, Haichen

MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han, Haichen

MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han, Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy, Thomas Anderson, and David Wetherall University of Washington *Georgia Institute of Technology 1 File

704 views • 42 slides
Interacting with the UNIX January 6, 2010, updated 2012 File System Derek Ruths Friday, 13

Interacting with the UNIX January 6, 2010, updated 2012 File System Derek Ruths Friday, 13

COMP 364 - Lecture #2 Interacting with the UNIX January 6, 2010, updated 2012 File System Derek Ruths Friday, 13 January, 12 Announcements TA : Javier Sanchez Galan (javier.sanchezgalan@mail.mcgill.ca) Office hours are now Mondays

404 views • 18 slides
Chapter 12: File System Implementation File System Structure File System Implementation

Chapter 12: File System Implementation File System Structure File System Implementation

Chapter 12: File System Implementation File System Structure File System Implementation Directory Implementation Allocation Methods Free-Space Management Efficiency and Performance Recovery Log-Structured File Systems

492 views • 47 slides
~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE SYSTEM MOUNTING PROTECTION EXTERNAL VIEW OF THE FILE MANAGER FILE MANAGEMENT FILE, IS A NAMED AND ORDERED COLLECTION OF INFORMATION COMPUTER SHOULD

342 views • 33 slides
File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System

File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System

File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System Performance Controlled Sharing Convenience: naming Reliability File System Workload File sizes Are most files small or large?

996 views • 62 slides
CSE 120 File System Interface What the user/programmer sees File System Implementation

CSE 120 File System Interface What the user/programmer sees File System Implementation

Overview CSE 120 File System Interface What the user/programmer sees File System Implementation How it works Summer, 2006 Day 9 File Systems Instructor: Neil Rhodes 2 What is a File? Typical Filesystem Named collection of related

175 views • 5 slides
File System Implementation Summer 2016 Cornell University Today File allocation Unix

File System Implementation Summer 2016 Cornell University Today File allocation Unix

CS 4410 Operating Systems File System Implementation Summer 2016 Cornell University Today File allocation Unix file system Log-structured file system 2 File system: two design problems User interface: File, directory,

363 views • 21 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Windows File System Efficiency and Stability of a file system are contradicting requirements. How

Windows File System Efficiency and Stability of a file system are contradicting requirements. How

Unit OS8: File System 8.6. Quiz Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Windows File System Efficiency and Stability of a file system are contradicting requirements. How can the

279 views • 11 slides
Distributed Systems - III Open a file, check status on a file, close a file; Read data

Distributed Systems - III Open a file, check status on a file, close a file; Read data

CSE 421/521 - Operating Systems What does Distributed File System Provide? Fall 2011 Provide access to and manipulation of data stored at remote servers using file system interfaces Lecture - XXV What are the file system interfaces?

236 views • 5 slides
File System Thierry Sans (recap) File System Abstraction File system specifics of which disk

File System Thierry Sans (recap) File System Abstraction File system specifics of which disk

File System Thierry Sans (recap) File System Abstraction File system specifics of which disk class it is using It issues block read/write requests to the generic block layer Provide an abstraction Goals Implement an abstraction (files) for

390 views • 37 slides
FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System

FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System

FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System Implementation Directory Implementation Allocation Methods Free-Space Management Discussion 11. Outline File-System Structure

516 views • 51 slides
Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work

Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work

Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work with Erik Riedel (Seagate Research), Ram Swaminathan (HP Labs), Qian Wang (Penn State), Kevin Fu (MIT) March 31 2003 Why care about storage

399 views • 27 slides
Week 10: File Management What is a file? Elements of file management File

Week 10: File Management What is a file? Elements of file management File

CPSC 410 / 611 : Operating Systems Week 10: File Management What is a file? Elements of file management File organization Directories File allocation UNIX file system Reading: Silberschatz, Chapter 10, 11

499 views • 13 slides
Speeding up file system checks in ext4 Theodore Ts'o Why File System Checks Are Necessary

Speeding up file system checks in ext4 Theodore Ts'o Why File System Checks Are Necessary

Speeding up file system checks in ext4 Theodore Ts'o Why File System Checks Are Necessary Software is not perfect Bugs in kernel (File system, VM, Device Driver code) Hardware is not perfect Disk errors Memory errors File

613 views • 24 slides
Chapter 11: File-System Interface File Concept Access Methods Directory Structure

Chapter 11: File-System Interface File Concept Access Methods Directory Structure

Chapter 11: File-System Interface File Concept Access Methods Directory Structure File System Mounting File Sharing Protection Operating System Concepts Silberschatz, Galvin and Gagne 2002 11.1 File Concept

387 views • 15 slides
File-System: Implementation Summer 2013 Cornell University 1 Today How is the file system

File-System: Implementation Summer 2013 Cornell University 1 Today How is the file system

CS 4410 Operating Systems File-System: Implementation Summer 2013 Cornell University 1 Today How is the file system implemented? Layered file system Directory implementation Allocation methods Free-space management 2

453 views • 18 slides
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules or library untrusted

797 views • 46 slides
Network File System - NFS NFS Specification NFS is a distributed file system (DFS) originally

Network File System - NFS NFS Specification NFS is a distributed file system (DFS) originally

Network File System - NFS NFS Specification NFS is a distributed file system (DFS) originally The NFS specification distinguishes between the implemented by Sun Microsystems. services provided by the mount mechanism and the remote file

105 views • 9 slides
File System Aging: Increasing the Relevance of File System Benchmarks Keith A. Smith Margo I.

File System Aging: Increasing the Relevance of File System Benchmarks Keith A. Smith Margo I.

File System Aging: Increasing the Relevance of File System Benchmarks Keith A. Smith Margo I. Seltzer Harvard University Division of Engineering and Applied Sciences File System Performance 3.0 Read Throughput (MB/sec) 2.5 2.0 1.5 1.0

541 views • 42 slides
CPSC 410/611: File Management What is a file? Elements of file management File

CPSC 410/611: File Management What is a file? Elements of file management File

CPSC 410 / 611 : Operating Systems CPSC 410/611: File Management What is a file? Elements of file management File organization Directories File allocation UNIX file system Reading: Silberschatz, Chapter 10, 11

186 views • 14 slides

More recommend