Visible to the public LBM: A Security Framework for Peripherals within the Linux Kernel

TitleLBM: A Security Framework for Peripherals within the Linux Kernel
Publication TypeConference Paper
Year of Publication2019
AuthorsTian, Dave Jing, Hernandez, Grant, Choi, Joseph I., Frost, Vanessa, Johnson, Peter C., Butler, Kevin R. B.
Conference Name2019 IEEE Symposium on Security and Privacy (SP)
KeywordsBluetooth, bluetooth security, composability, computer network security, computer peripheral equipment, Computer peripherals, Cyber physical system, cyber physical systems, eBPF, eBPF packet filtering mechanism, external GPU, filtering theory, general security framework, host operating system, Human Behavior, Kernel, LBM framework, Linux, Linux (e)BPF modules, Linux kernel, Linux Operating System Security, Linux-Kernel, malicious peripherals, malicious USB, Metrics, NFC devices, operating systems (computers), OS software stacks, Peripheral, peripheral attack surface, powerful filtering functionality, Predictive Metrics, Protocols, pubcrawl, resilience, Resiliency, security, smartphones, standardized communication protocols, Universal Serial Bus, USB

Modern computer peripherals are diverse in their capabilities and functionality, ranging from keyboards and printers to smartphones and external GPUs. In recent years, peripherals increasingly connect over a small number of standardized communication protocols, including USB, Bluetooth, and NFC. The host operating system is responsible for managing these devices; however, malicious peripherals can request additional functionality from the OS resulting in system compromise, or can craft data packets to exploit vulnerabilities within OS software stacks. Defenses against malicious peripherals to date only partially cover the peripheral attack surface and are limited to specific protocols (e.g., USB). In this paper, we propose Linux (e)BPF Modules (LBM), a general security framework that provides a unified API for enforcing protection against malicious peripherals within the Linux kernel. LBM leverages the eBPF packet filtering mechanism for performance and extensibility and we provide a high-level language to facilitate the development of powerful filtering functionality. We demonstrate how LBM can provide host protection against malicious USB, Bluetooth, and NFC devices; we also instantiate and unify existing defenses under the LBM framework. Our evaluation shows that the overhead introduced by LBM is within 1 ms per packet in most cases, application and system overhead is negligible, and LBM outperforms other state-of-the-art solutions. To our knowledge, LBM is the first security framework designed to provide comprehensive protection against malicious peripherals within the Linux kernel.

Citation Keytian_lbm_2019