Harmful devices considered harmless

Attacks on host computers by malicious peripherals are a growing problem; the inexorable advance of powerful, small, cheap peripherals, which attach to plug-and-play buses, has made such attacks easy to mount. At the same time, commodity operating systems lack systematic defenses. We present Cinch, a pragmatic response to this threat. Cinch transforms USB peripherals to untrusted network endpoints, thereby allowing users and administrators to deploy a rich, existing toolbox from network security (firewalls, VPNs, DPIs, etc.) to defend the computer in a systematic way. Cinch uses virtualization technology to place the hardware in a logically separate and untrusted machine, and includes an interposition layer between the untrusted machine and the protected one. This layer accepts or rejects interaction with devices and enforces strict standards-compliant behavior, presenting to the protected machine the abstraction of “well-behaved” peripherals. We show that Cinch can be easily implemented on existing operating systems, concisely expresses policies that thwart many real-world attacks, and has low overhead.