Seminar: Defending Operating Systems from Malicious Peripherals

 

Jing (Dave) Tian

Ph.D. Candidate, University of Florida

Thursday, February 28
9:00am - 10:15am
310 Kelly Hall

Jing (Dave) Tian

Abstract:

Modern peripherals are external devices that can connect with a computer system and provide extra functionality, such as  keyboards, headsets, speakers, and smartphones. The connection is usually established via standard protocols, including USB, Bluetooth, and NFC. Modern operating systems implement these protocol stacks within the kernel and  provide device drivers to serve different peripherals. Due to the current security model of "Trust-by-default", malicious  peripherals can compromise the system after being connected even without the user noticing. In this talk, we review  some highlights of peripheral attacks, such as BadUSB and BlueBorne attacks. We show how to build a generic security  framework for all I/O subsystems within the Linux kernel to defend against malicious peripherals. We then formally verify  the recent USB Type-C Authentication protocol and demonstrate why it is still challenging to authenticate a peripheral  even with trust anchors. We conclude with how future work such as device fingerprinting can enable safer computing.

Biography:

Dave (Jing) Tian is a PhD candidate in the Department of Computer and Information Science and Engineering (CISE) at  the University of Florida. His research interests include embedded systems security, operating system security, trusted  computing, and network security. He was the lead graduate of the Florida Institute for Cyber Security (FICS) Research. He has been a software engineer at Nokia R&D (former Lucent Technologies) for 4 years. He has authored and co-authored 18  papers, and 9 of them published at the "Big 4" top-tier security conferences, including IEEE S&P, USENIX Security, and  ACM CCS.