Thread (7 messages) 7 messages, 2 authors, 2012-01-12

Filtering USB storage data in kernel module

From: Abhijit Pawar <hidden>
Date: 2011-11-18 15:35:48

On 11/18/2011 08:16 PM, Greg KH wrote:
On Fri, Nov 18, 2011 at 06:36:18PM +0530, Abhijit Pawar wrote:
quoted
On 11/17/2011 08:19 PM, Greg KH wrote:
quoted
On Thu, Nov 17, 2011 at 02:15:35PM +0530, Abhijit Pawar wrote:
quoted
Hi All,
I need to filter  the data written/read to and from the USB storage
disk.
Why?
I want to build a secure machine with data protection. I want to
have a security around the machine where anyone can attach a usb
disk and copy the data. but i want to make the copied data useless
unless it has the trust relation with the host to which its
connected.
So if one has copied data from one secured machine and get that usb
disk to other machine, he should see the encrypted garbage data.
Interesting idea.
quoted
quoted
What are you wanting to do at "filter" time?
I want to encrypt the write data packets and decrypt the read data packets.
quoted
Why just USB disks?  What makes them special?
They are the one which can be attached to the system easily.
quoted
How are you going to determine if a disk is a USB device or not?
You forgot to answer this question :)
Yeah, I forgot that one. I am not very sure but if I can patch the USB 
core before it attaches the speficied class driver to the USB device. 
May be I can try and send some control request and get the class of the 
device.  I think its not required as USB core itself will understand the 
class of the device and try to attach the proper driver. At this point 
of time, I will have some patch which will pass on the information to my 
module.
I am not sure if there are any intercepting points or any functions / 
structures exported in the USB core stack.
quoted
quoted
quoted
Now the way USB is made known to OS is through SCSI and then
respective filesystem ( mostly usbfs).
Not really, usbfs is only one way, and it has nothing to do with usb
disks.
quoted
So is there any way I can intercept this stack and have my kernel module
invoked so that I will get the data.
Not easily.
Even if its hard, can you please give  details of how do I achieve this?
quoted
quoted
I have been thinking on two approaches:

1. Use VFS and write a proxy filesystem for USB device which will filter
the data.
2. checking SCSI and any intercepting point.
Again, what are you trying to "filter"?  That will determine where you
make changes.
thanks, greg k-h
So what choice do I have now for this?
Lots of work, best of luck with this task, it will not be simple or
easy.

greg k-h
Thanks. Its not that simple. I need to check the sCSI family code as 
well as USB core. Also VFS may be involved. :(  :)

Regards,
Abhijit Pawar
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help