Defending against malicious peripherals with Cinch
This addresses a growing security threat for users of commodity operating systems who are vulnerable to plug-and-play peripheral attacks.
The paper tackles the problem of malicious peripherals attacking host computers by introducing Cinch, a system that uses virtualization and an interposition layer to regulate device interactions based on user policies, achieving low overhead and thwarting real-world attacks.
Malicious peripherals designed to attack their host computers are a growing problem. Inexpensive and powerful peripherals that attach to plug-and-play buses have made such attacks easy to mount. Making matters worse, commodity operating systems lack coherent defenses, and users are often unaware of the scope of the problem. We present Cinch, a pragmatic response to this threat. Cinch uses virtualization to attach peripheral devices to a logically separate, untrusted machine, and includes an interposition layer between the untrusted machine and the protected one. This layer regulates interaction with devices according to user-configured policies. Cinch integrates with existing OSes, enforces policies that thwart real-world attacks, and has low overhead.