IEEE Kingston Section

IEEE

Protecting Portable Storage with Host Validation

IEEE Kingston Section is proud to announce the following Technical Talk.

Title: Protecting Portable Storage with Host Validation

Time: Thursday April 26 at 2:00 PM

Location:Queen’s University, Room 302, Walter Light Hall

Speaker:  Dr. Kevin Butler, Assistant Professor of Computer and Information Science at the University of Oregon in Eugene, Director of the Oregon Security Infrastructure Research and Information Security (OSIRIS) Laboratory.

Abstract: Portable storage devices such as USB flash drives have become virtually ubiquitous in daily life. They are as useful to students in college as to a soldier transferring data in a combat theatre. However, the security risks posed by using these devices are all too real: after malicious code on a flash drive infected operational networks, the Department of Defense banned their use. However, while numerous attempts have been made to secure hosts from malicious devices, very little research has considered the symmetrical problem of ensuring the protection of sensitive data from potentially compromised hosts. This talk describes our work in developing the Kells portable storage system, which validates a host system’s integrity state before allowing sensitive information to be disclosed. Using continual measurements of system state, we show through formal reasoning that such a device enforces guarantees that data is read and written while the host is in a good state. Our results show that writes can incur less than a 2% overhead with Kells. Additionally, we consider physical-layer techniques for uniquely identifying hosts by identifying attributes of the USB bus using classifiers and show machine types can be differentiated with over 92% accuracy.

Speaker Bio: Kevin Butler is an Assistant Professor of Computer and Information Science at the University of Oregon in Eugene, where he directs the Oregon Security Infrastructure Research and Information Security (OSIRIS) Laboratory. Kevin’s research focuses on the security of storage, systems, and networks. He has also examined malware propagation and web systems, and was a member of the EVEREST study of voting machines for the State of Ohio. Prior to receiving his Ph.D. in computer science and engineering from the Pennsylvania State University in 2010, Kevin worked in the Secure Systems Group at AT&T Labs-Research. He received his MS in electrical engineering from Columbia University and his B.Sc. in electrical engineering from Queen’s University in Kingston.

This seminar is intended for a general audience interested in Electrical and Computer Engineering. All are welcome!