Skip to main content
Browse by:

Effective March 10, 2020, all Duke-sponsored events over 50 people have been cancelled, rescheduled, postponed or virtualized.
Please check with the event contact regarding event status. For more information, please see

Defending Operating Systems from Malicious Peripherals

Event Image
Icon calendar
Tuesday, February 12, 2019
Icon time
12:00 pm - 1:00 pm
Icon speaker
Jing Tian, PhD Candidate - Department of Computer and Information Science and Engineering, University of Florida

Modern peripherals are external devices that can connect with a computer system and provide extra functionality, such as keyboards, headsets, speakers, and smartphones. The connection is usually established via standard protocols, including USB, Bluetooth, and NFC. Modern operating systems implement these protocol stacks within the kernel and provide device drivers to serve different peripherals. Due to the current security model of "Trust-by-default", malicious peripherals can compromise the system after being connected even without the user noticing. In this talk, we review some highlights of peripheral attacks, such as BadUSB and BlueBorne attacks. We show how to build a generic security framework for all I/O subsystems within the Linux kernel to defend against malicious peripherals. We then formally verify the recent USB Type-C Authentication protocol and demonstrate why it is still challenging to authenticate a peripheral even with trust anchors. We conclude with how future work such as device fingerprinting can enable safer computing.

Contact: Ellen Currin