Defending against malicious peripherals with Cinch
Sebastian Angel, Riad S. Wahby, Max Howald, Joshua B. Leners, and Michael Spilo, Zhen Sun, Andrew J. Blumberg, Michael Walfish
TL;DR
Cinch is a virtualization-based system that isolates peripherals to prevent malicious attacks, using a policy-driven interposition layer to secure host computers with minimal performance impact.
Contribution
This paper introduces Cinch, a novel virtualization approach with an interposition layer that enforces security policies against malicious peripherals.
Findings
Cinch effectively prevents real-world peripheral attacks.
The system integrates seamlessly with existing OSes.
Cinch maintains low overhead during operation.
Abstract
Malicious peripherals designed to attack their host computers are a growing problem. Inexpensive and powerful peripherals that attach to plug-and-play buses have made such attacks easy to mount. Making matters worse, commodity operating systems lack coherent defenses, and users are often unaware of the scope of the problem. We present Cinch, a pragmatic response to this threat. Cinch uses virtualization to attach peripheral devices to a logically separate, untrusted machine, and includes an interposition layer between the untrusted machine and the protected one. This layer regulates interaction with devices according to user-configured policies. Cinch integrates with existing OSes, enforces policies that thwart real-world attacks, and has low overhead.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Network Security and Intrusion Detection