Dave Tian, Ph.D. Candidate
Department of Computer and Information Science and Engineering
University of FloridaABSTRACT
Modern peripherals are external devices that can connect with a
computer system and provide extra functionality, such as keyboards,
headsets, speakers, and smartphones. The connection is usually
established via standard protocols, including USB, Bluetooth, and NFC.
Modern operating systems implement these protocol stacks within the
kernel and provide device drivers to serve different peripherals. Due
to the current security model of "Trust-by-default", malicious
peripherals can compromise the system after being connected even
without the user noticing. In this talk, we review some highlights of
peripheral attacks, such as BadUSB and BlueBorne attacks. We show how
to build a generic security framework for all I/O subsystems within
the Linux kernel to defend against malicious peripherals. We then
formally verify the recent USB Type-C Authentication protocol and
demonstrate why it is still challenging to authenticate a peripheral
even with trust anchors. We conclude with how future work such as
device fingerprinting can enable safer computing.
BIO
Dave (Jing) Tian is a PhD candidate in the Department of Computer and
Information Science and Engineering (CISE) at the University of
Florida. His research interests include embedded systems security,
operating system security, trusted computing, and network security. He
was the lead graduate of the Florida Institute for Cyber Security
(FICS) Research. He has been a software engineer at Nokia R&D (former
Lucent Technologies) for 4 years. He has authored and co-authored 18
papers, and 9 of them published at the "Big 4" top-tier security
conferences, including IEEE S&P, USENIX Security, and ACM CCS.
culture
food
technology
11
Views
22/03/2019 Last update