Protection from USB-based Attacks (USB Steward)

Universal Serial Bus (USB) devices such as thumb drives are useful and ubiquitous, however they serve as vectors for attacks. For example, unsuspecting personnel can easily carry malicious software or hardware into secure environments on USB thumb drives. Malicious USB devices present a significant risk to users, but USB and commercial operating systems do not protect against malicious devices. ATC-NY, in collaboration with Architecture Technology Corporation, is developing USB Steward, a USB firewall that drastically reduces the risk presented by malicious USB hardware. USB Steward is a physical device that separates the host computer and an untrusted USB device, filtering communication between the host and device and enforcing the USB standards. USB Steward combines existing and novel approaches in innovative ways to solve problems not addressed by existing software-based controls while enabling users at secure facilities to use USB devices.

By combining physical separation of the host and the device with USB firewall software, USB Steward will prevent or mitigate the risk of malicious code in storage, storage bait-and-switch, monitoring devices, data leaks across device boundaries, keyboard/mouse emulation, remote control, and electronic attack. USB Steward will allow more secure use of USB devices by researchers, visitors, and employees at controlled facilities.