Yajin Zhou,Xiaoguang Wang,Yue Chen,Zhi Wang

DOI: https://doi.org/10.1145/2660267.2660344

2014-01-01

Abstract:Software fault isolation (SFI) is an effective mechanism to confine untrusted modules inside isolated domains to protect their host applications. Since its debut, researchers have proposed different SFI systems for many purposes such as safe execution of untrusted native browser plugins. However, most of these systems focus on the x86 architecture. In recent years, ARM has become the dominant architecture for mobile devices and gains in popularity in data centers. Hence there is a compelling need for an efficient SFI system for the ARM architecture. Unfortunately, existing systems either have prohibitively high performance overhead or place various limitations on the memory layout and instructions of untrusted modules.In this paper, we propose ARMlock, a hardware-based fault isolation for ARM. It uniquely leverages the memory domain support in ARM processors to create multiple sandboxes. Memory accesses by the untrusted module (including read, write, and execution) are strictly confined by the hardware, and instructions running inside the sandbox execute at the same speed as those outside it. ARMlock imposes virtually no structural constraints on untrusted modules. For example, they can use self-modifying code, receive exceptions, and make system calls. Moreover, system calls can be interposed by ARMlock to enforce the policies set by the host. We have implemented a prototype of ARMlock for Linux that supports the popular ARMv6 and ARMv7 sub-architecture. Our security assessment and performance measurement show that ARMlock is practical, effective, and efficient.

Ding Wei,Lü Liang,Zhao Guangzhou

DOI: https://doi.org/10.3969/j.issn.1000-0380.2009.03.005

2009-01-01

Abstract:Aiming at the problem of the currently popular embedded operating system WinCE.NET,that is not fully supporting USB floppy driver,an implementing strategy for USB floppy based on WinCE.NET is put forward.By adopting stream interface driver model,the USB floppy driving program is developed;The control of USB floppy is implemented with UFI technology.The method and whole procedures for formatting USB floppy are given;the program has been applied successfully in ARM9-based multi-functional computerized embroidery machine.The program is simple and easy to use;it is good reference for developing driving program for similar USB devices.

Huamao Wu,Yuan Chen,Yajin Zhou,Yifei Wang,Lubo Zhang

DOI: https://doi.org/10.1109/dac56929.2023.10247974

2023-01-01

Abstract:Driver-originated vulnerabilities are well-known threats to modern monolithic kernels. However, existing driver isolation solutions either rely on Intel-only or newly-introduced CPU features (e.g., Intel VMFUNC, ARM MTE), or suffer from performance issues, making them unsuitable for existing ARM-based devices. In this work, we leverage a common hardware feature, named hardware watchpoint, to achieve lightweight driver isolation for off-the-shelf ARM devices. Specifically, we utilize watchpoints to prevent the possibly compromised driver from corrupting the rest kernel’s state arbitrarily. We implement a prototype for ARM64 Linux. The security analysis and performance evaluation show the efficiency and practicality of our solution.

Sankar E,Megha shyam Raju S,Sheshank Reddy K

DOI: https://doi.org/10.22214/ijraset.2023.51045

2023-04-30

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: A bug known as "Bad USB" allows a hacker to manipulate a USB flash drive's firmware. Malicious code is automatically activated when the Bad USB device is connected into the USB port of the host system. It is challenging to identify the malicious code since the host system interprets the harmful activities as legitimate ones required to load the USB device. Additionally, antivirus software is unable to detect firmware that has been modified because it examines the storage region rather than the firmware area. The vulnerability has a detrimental knock-on impact since a large number of computer peripherals (similar to USB flash drives, keyboards) are connected to the host machine using the USB protocols. Universal Serial Bus (USB) has become the primary connecting port for cutting-edge computers as a result of its universality. Programmability makes it easier for operating system and tackle manufacturers to develop their goods and associated firmware, but as of right now, a fix for the issue is unknown. In this article, we analyze the tampered area of the firmware that occurs when a good USB device is switched out with a bad one and provide a fix to ensure the integrity of the area when the USB thrills

Chun-Yi Wang,Fu-Hau Hsu

2024-09-19

Abstract:USB-based attacks have increased in complexity in recent years. Modern attacks incorporate a wide range of attack vectors, from social engineering to signal injection. The security community is addressing these challenges using a growing set of fragmented defenses. Regardless of the vector of a USB-based attack, the most important risks concerning most people and enterprises are service crashes and data loss. The host OS manages USB peripherals, and malicious USB peripherals, such as those infected with BadUSB, can crash a service or steal data from the OS. Although USB firewalls have been proposed to thwart malicious USB peripherals, such as USBFilter and USBGuard, they cannot prevent real-world intrusions. This paper focuses on building a security framework called USBIPS within OSs to defend against malicious USB peripherals. This includes major efforts to explore the nature of malicious behavior and build persistent protection from USB-based intrusions. We first present a behavior-based detection mechanism focusing on attacks integrated into USB peripherals. We then introduce the novel idea of an allowlisting-based method for USB access control. We finally develop endpoint detection and response system to build the first generic security framework that thwarts USB-based intrusion. Within a centralized threat analysis framework, it provides persistent protection and may detect unknown malicious behavior. By addressing key security and performance challenges, these efforts help modern OSs against attacks from untrusted USB peripherals.

Cryptography and Security

Yiru Xu,Hao Sun,Jianzhong Liu,Yuheng Shen,Yu Jiang

DOI: https://doi.org/10.1109/sp54263.2024.00051

2024-01-01

Abstract:The Universal Serial Bus (USB) is an essential component in modern operating systems, allowing for a wide assortment of peripherals to connect conveniently to a computer. The USB stack in an operating system usually consists of the following two components: the host-side driver and the device-side gadget driver, both of which are security-critical. If any vulnerabilities in these privileged-mode drivers are exploited, a malicious or malformed device could crash the whole system. Fuzzing, a popular automated vulnerability detection technology, has been applied to testing kernel components such as drivers with varying degrees of success. However, existing works mainly focus on one side and test drivers through emulating malicious input from userspace or peripherals while neglecting intricate internal states triggered only through interaction between the two boundaries, leaving a multitude of bugs exposed.In this paper, we propose Saturn, a host-gadget synergistic USB driver fuzzing approach, aiming to cover the entire handling chain throughout the USB communication. To achieve this, Saturn first leverages extracted driver information to attach gadgets systematically and trigger more driver types, facilitating the transition to interactive logic. Then, Saturn performs a persistent synergistic fuzzing process through canonical operation injection on both sides to play their own important roles, significantly expanding the states explored and exposing bugs in such logic. Compared to the state-of-the-art USB fuzzers, such as Syzkaller, USBFuzz and FUZZUSB, Saturn improves the branch coverage statistics on the corresponding stack by 1.53×, 3.69× and 2.3×, respectively. In addition, Saturn found 26 previously unknown bugs, among which are 4 CVEs, including drivers on each side.

L. Jin-gang

Abstract:This paper introduces a new security and reliability mechanism of the file system of Linux-limiting OS physical storage space,and make it can’t be rewritten.Will be relatively independent of the operating system installed in the physical space,and other applications software in the physical separation of space,the operating system will be installed into a physical storage medium limited to read-only,so that the operating system installed can not be rewritten on the physical layer,so as to achieve secure and reliable;at the same time,user space and system space isolated from each other in the physical space,when users need to install software or preserve documents,can be transparent in the storage space.Then describes its design principle and implement details,and comes to the conclusion of providing security and reliability without performance loss by giving fully test results.

Computer Science,Engineering

LIU Wei-peng,HU Jun,LIU Yi

DOI: https://doi.org/10.3969/j.issn.1002-137X.2008.11.026

2008-01-01

Computer Science

Abstract:Encrypted file system is an effective method to protect sensitive data of system and user from disclosing on operating system level.This paper first investigates several famous encrypted file system and points out their limits,such as use method,key protection,management and performance,then discusses a scheme of transparent encrypted and decrypted file system based on UsbKey from design objective,architecture,and implementation.This scheme is based on Linux operating system,at the same time,uses UsbKey to storage and protect key.Using LSM framework and redirecting the "read" and "write" operation of inode implement transparent encrypted and decrypted function.This paper gives some lights on the research and implementation of transparent encrypted and decrypted file system in Linux.

Bharath Kumar Reddy Vangoor,Prafful Agarwal,Manu Mathew,Arun Ramachandran,Swaminathan Sivaraman,Vasily Tarasov,Erez Zadok

DOI: https://doi.org/10.1145/3310148

2019-05-31

ACM Transactions on Storage

Abstract:Traditionally, file systems were implemented as part of operating systems kernels, which provide a limited set of tools and facilities to a programmer. As the complexity of file systems grew, many new file systems began being developed in user space. Low performance is considered the main disadvantage of user-space file systems but the extent of this problem has never been explored systematically. As a result, the topic of user-space file systems remains rather controversial: while some consider user-space file systems a “toy” not to be used in production, others develop full-fledged production file systems in user space. In this article, we analyze the design and implementation of a well-known user-space file system framework, FUSE, for Linux. We characterize its performance and resource utilization for a wide range of workloads. We present FUSE performance and also resource utilization with various mount and configuration options, using 45 different workloads that were generated using Filebench on two different hardware configurations. We instrumented FUSE to extract useful statistics and traces, which helped us analyze its performance bottlenecks and present our analysis results. Our experiments indicate that depending on the workload and hardware used, performance degradation (throughput) caused by FUSE can be completely imperceptible or as high as −83%, even when optimized; and latencies of FUSE file system operations can be increased from none to 4× when compared to Ext4. On the resource utilization side, FUSE can increase relative CPU utilization by up to 31% and underutilize disk bandwidth by as much as −80% compared to Ext4, though for many data-intensive workloads the impact was statistically indistinguishable. Our conclusion is that user-space file systems can indeed be used in production (non-“toy”) settings, but their applicability depends on the expected workloads.

computer science, software engineering, hardware & architecture

Hongzhang Yang,Yahui Yang,Yaofeng Tu,Ping Wang

DOI: https://doi.org/10.1109/cloud.2019.00080

2019-01-01

Abstract:Flash and RDMA (Remote Direct Memory Access) provide extremely high performance in storage and network hardware. However, a gap between distributed system and new hardware exists. Although RDMA speeds up memory access between two nodes, there are many serious problems to be solved when sending data or command from one flash to another flash. In this paper, we propose a distributed system on flash and RDMA, and implement a User-space Sendfile verb based on it. Experimental results show that the RPC in DSFR outperforms the traditional RPC mechanism by dozens of times, and the uSendfile reduces time overhead significantly.

Yanliang Zou,Chen Chen,Tongliang Deng,Jian Zhang,Xiaomin Zhu,Si Chen,Shu Yin

DOI: https://doi.org/10.1002/cpe.6905

2022-02-28

Concurrency and Computation: Practice and Experience

Abstract:User‐level file systems are usually adopted to bridge the gap between efficacy and efficiency of file system developments for new applications' I/O demands. And the widely known user‐space file system framework, FUSE, is commonly utilized to deployed user‐level file systems. This article first uses a popular stack‐able file system as a case study to exam how FUSE affects I/O performance. Based on the testing and analytical results, this article then presents SHC, an implementation method to implement a user‐level file system without FUSE intervention. Experimental results indicate that SHC improves write bandwidth by up to 5.6x compared with that of FUSE and present leading superiority on read cases.

Dave Tian,Grant Hernandez,Joseph I. Choi,Vanessa Frost,Peter C. Johnson,Kevin R. B. Butler,Dave Jing Tian

DOI: https://doi.org/10.1109/sp.2019.00041

2019-05-01

Abstract:Modern computer peripherals are diverse in their capabilities and functionality, ranging from keyboards and printers to smartphones and external GPUs. In recent years, peripherals increasingly connect over a small number of standardized communication protocols, including USB, Bluetooth, and NFC. The host operating system is responsible for managing these devices; however, malicious peripherals can request additional functionality from the OS resulting in system compromise, or can craft data packets to exploit vulnerabilities within OS software stacks. Defenses against malicious peripherals to date only partially cover the peripheral attack surface and are limited to specific protocols (e.g., USB). In this paper, we propose Linux (e)BPF Modules (LBM), a general security framework that provides a unified API for enforcing protection against malicious peripherals within the Linux kernel. LBM leverages the eBPF packet filtering mechanism for performance and extensibility and we provide a high-level language to facilitate the development of powerful filtering functionality. We demonstrate how LBM can provide host protection against malicious USB, Bluetooth, and NFC devices; we also instantiate and unify existing defenses under the LBM framework. Our evaluation shows that the overhead introduced by LBM is within 1 μs per packet in most cases, application and system overhead is negligible, and LBM outperforms other state-of-the-art solutions. To our knowledge, LBM is the first security framework designed to provide comprehensive protection against malicious peripherals within the Linux kernel.

YE Xiao-Long,ZHOU Xue-Hai,CHEN Chao

DOI: https://doi.org/10.3969/j.issn.1003-3254.2012.09.013

2012-01-01

Abstract:In order to achieve high performance,traditional linux operating system run device drivers in kernel space.Unfortunately,this architecture inevitably decreases reliability and stability of the system.Based on commonly used equipment USB devices,this paper presents a new driver architecture which run device drivers as unprivileged user-level code,encapsulated into a process,this architecture also support features such as hotplug,driver management and so on.Experiments on several usb devices show it works well in user space without significant performance degradation.

Samantha Miller,Kaiyuan Zhang,Mengqi Chen,Ryan Jennings,Ang Chen,Danyang Zhuo,Tom Anderson

DOI: https://doi.org/10.48550/arXiv.2005.09723

2021-02-09

Abstract:High development velocity is critical for modern systems. This is especially true for Linux file systems which are seeing increased pressure from new storage devices and new demands on storage systems. However, high velocity Linux kernel development is challenging due to the ease of introducing bugs, the difficulty of testing and debugging, and the lack of support for redeployment without service disruption. Existing approaches to high-velocity development of file systems for Linux have major downsides, such as the high performance penalty for FUSE file systems, slowing the deployment cycle for new file system functionality. We propose Bento, a framework for high velocity development of Linux kernel file systems. It enables file systems written in safe Rust to be installed in the Linux kernel, with errors largely sandboxed to the file system. Bento file systems can be replaced with no disruption to running applications, allowing daily or weekly upgrades in a cloud server setting. Bento also supports userspace debugging. We implement a simple file system using Bento and show that it performs similarly to VFS-native ext4 on a variety of benchmarks and outperforms a FUSE version by 7x on 'git clone'. We also show that we can dynamically add file provenance tracking to a running kernel file system with only 15ms of service interruption.

Operating Systems

Magnus Jahnen

DOI: https://doi.org/10.48550/arXiv.1711.08139

2017-11-22

Abstract:This bachelor thesis describes the implementation of an Android framework to access mass storage devices over the USB interface of a smartphone. First the basics of USB (i.e. interfaces, endpoints and USB On the go) and accessing USB devices via the official Android API are discussed. Next the USB mass storage class is explained, which was de- signed by the USB-IF to access mobile mass storage like USB pen drives or external HDDs. For communication with mass storage devices, most important are the bulk-only transfer and the SCSI transparent command set. Furthermore file systems, for accessing directo- ries and files, are described. This thesis focuses on the FAT32 file system from Microsoft, because it is the most commonly used file system on such devices. After the theory part it is time to look at the implementation of the framework. In this section, the first concern is the purpose in general. Then the architecture of the framework and the actual implementation are presented. Important parts are discussed in detail. The thesis finishes with an overview of the test results on various Android devices, a short conclusion and an outlook to future developments. Moreover the current status of the developed framework is visualized.

Operating Systems

Youyou Lu,Jiwu Shu,Weimin Zheng

DOI: https://doi.org/10.5555/2591272.2591299

2013-01-01

Abstract:Flash memory has gained in popularity as storage devices for both enterprise and embedded systems because of its high performance, low energy and reduced cost. The endurance problem of flash memory, however, is still a challenge and is getting worse as storage density increases with the adoption of multi-level cells (MLC). Prior work has addressed wear leveling and data reduction, but there is significantly less work on using the file system to improve flash lifetimes. Some common mechanisms in traditional file systems, such as journaling, metadata synchronization, and page-aligned update, can induce extra write operations and aggravate the wear of flash memory. This problem is called write amplification from file systems. In order to mitigate write amplification, we propose an object-based flash translation layer design (OFTL), in which mechanisms are co-designed with flash memory. By leveraging page metadata, OFTL enables lazy persistence of index metadata and eliminates journals while keeping consistency. Coarse-grained block state maintenance reduces persistent free space management overhead. With byte-unit access interfaces, OFTL is able to compact and co-locate the small updates with metadata to further reduce updates. Experiments show that an OFTL-based system, OFSS, offers a write amplification reduction of 47.4%-89.4% in SYNC mode and 19.8%-64.0% in ASYNC mode compared with ext3, ext2, and btrfs on an up-to-date page-level FTL.

Nizomiddin Ochilov

DOI: https://doi.org/10.37394/23202.2022.21.24

2022-11-24

WSEAS TRANSACTIONS ON SYSTEMS

Abstract:The relevance of this study is determined by insecure data storage on personal computers, as it is the main operating system that performs authentication and file access control. Bypassing these security rules is possible in case of using another open-source operating system on the same personal computer. The aim of this work is the research and development of file encryptors, disk encryptors and file system encryptors. Each of them has its shortcomings which manifest themselves during development. Combining the advantages of file encryptors and file system encryptors helped to overcome those shortcomings. The userspace filesystem library was used for this purpose. The study involved the methods aimed at designing and developing the Udev daemon file system for Linux using the OpenSSL library. The file system design was mathematically modelled and formally verified through a test parser. The file system also has its own authentication and authorization procedures to provide uniform access across multiple operating systems. The Udev daemon file system is the result of this work. Each file is encrypted with a separate key to protect against cryptanalysis. This key is encrypted with the owner’s private key, thereby enabling him/her to change the ownership. The passphrase is used to decrypt the user’s private key. The developed file system has passed authentication and access control testing successfully. The file system shows best performance with file sizes 1 KB to 256 MB. Encryption-caused performance degradation was also measured and found to be within acceptable limits. This Udev daemon stackable file system is available for all Unix clones with OpenSSL libraries. The prospects for further work are the development of a file system using several combined methods from a list of existing design and development methods for file systems.

Pasquale Caporaso,Giuseppe Bianchi,Francesco Quaglia

2024-10-29

Abstract:The demand for data protection measures against unauthorized changes or deletions is steadily increasing. These measures are essential for maintaining the integrity and accessibility of data, effectively guarding against threats like ransomware attacks that focus on encrypting large volumes of stored data, as well as insider threats that involve tampering with or erasing system and access logs. Such protection measures have become crucial in today's landscape, and hardware-based solutions like Write-Once Read-Many (WORM) storage devices, have been put forth as viable options, which however impose hardware-level investments, and the impossibility to reuse the blocks of the storage devices after they have been written. In this article we propose VaultFS, a Linux-suited file system oriented to the maintenance of cold-data, namely data that are written using a common file system interface, are kept accessible, but are not modifiable, even by threads running with (effective)root-id. Essentially, these files are supported via the write-once semantic, and cannot be subject to the rewriting (or deletion) of their content up to the end of their (potentially infinite) protection life time. Hence they cannot be subject to ransomware attacks even under privilege escalation. This takes place with no need for any underlying WORM device -- since ValutFS is a pure software solution working with common read/write devices (e.g., hard disks and SSD). Also, VaultFS offers the possibility to protect the storage against Denial-of-Service (DOS) attacks, possibly caused by un-trusted applications that simply write on the file system to make its device blocks busy with non-removable content.

Cryptography and Security

Zhou Qiang,Li Shanping

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.10.033

2007-01-01

Abstract:A design of user mode file system based on Linux is introduced.A kernel module and a user mode daemon are adopted.The user mode file system can improve the flexibility of file system,and it is easy for redevelopment.The detailed issues about the design are presented,and the practical example and application scope are proposed.

Youyou Lu,Jiwu Shu,Wei Wang

DOI: https://doi.org/10.5555/2591305.2591313

2014-01-01

Abstract:Hierarchical namespaces (directory trees) in file systems are effective in indexing file system data. However, the update patterns of namespace metadata, such as intensive writeback and scattered small updates, exaggerate the writes to flash storage dramatically, which hurts both performance and endurance (i.e., limited program/erase cycles of flash memory) of the storage system. In this paper, we propose a reconstructable file system, ReconFS, to reduce namespace metadata writeback size while providing hierarchical namespace access. ReconFS decouples the volatile and persistent directory tree maintenance. Hierarchical namespace access is emulated with the volatile directory tree, and the consistency and persistence of the persistent directory tree are provided using two mechanisms in case of system failures. First, consistency is ensured by embedding an inverted index in each page, eliminating the writes of the pointers (indexing for directory tree). Second, persistence is guaranteed by compacting and logging the scattered small updates to the metadata persistence log, so as to reduce write size. The inverted indices and logs are used respectively to reconstruct the structure and the content of the directory tree on reconstruction. Experiments show that ReconFS provides up to 46.3% performance improvement and 27.1% write reduction compared to ext2, a file system with low metadata overhead.