Defending against malicious peripherals

Attacks on host computers by malicious peripherals are a growing problem. Inexpensive and powerful peripherals, which attach to plug-and-play buses, have made such attacks easy to mount. Making matters worse, commodity operating systems lack systematic defenses, and users are often not aware of the scope of the problem. We present Cinch, a pragmatic response to this threat. Cinch uses virtualization to place the hardware in a logically separate, untrusted machine, and includes an interposition layer between the untrusted machine and the protected one. This layer accepts or rejects interaction with devices and enforces security policies that are easily configured and extended by users. We show that Cinch integrates with existing OSes, enforces policies that thwart real world attacks, and has low overhead.