Using a USB host controller security extension for controlling changes in and auditing USB topology

US 20060218320A1
Filed: 03/25/2005
Published: 09/28/2006
Est. Priority Date: 03/25/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium having computer-executable instructions for performing steps, comprising:

receiving data associated with a USB device;

determining whether the data is allowed to be sent to the USB device; and

sending an instruction based on the determining to an entity, wherein the data is a result of program code associated with the USB device being executed outside of a trusted execution environment, wherein the data is received in the trusted execution environment, and wherein the entity is outside the trusted execution environment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Protecting computer systems from attacks that attempt to change USB topology and for ensuring that the system'"'"'s information regarding USB topology is accurate is disclosed. A software model is defined that, together with secure USB hardware, provides an ability to define policies using which USB traffic can be properly monitored and controlled. The implemented policy provides control over USB commands through a combination of software evaluation and hardware programming. Legitimate commands are evaluated and “allowed” to be sent to a USB device by a host controller. Illegitimate commands are evaluated and blocked. Additionally, the USB topology is audited to verify that the system'"'"'s topology map matches the actual USB topology.

59 Citations

View as Search Results

20 Claims

1. A computer-readable medium having computer-executable instructions for performing steps, comprising:
- receiving data associated with a USB device;
  
  determining whether the data is allowed to be sent to the USB device; and
  
  sending an instruction based on the determining to an entity, wherein the data is a result of program code associated with the USB device being executed outside of a trusted execution environment, wherein the data is received in the trusted execution environment, and wherein the entity is outside the trusted execution environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-readable medium of claim 1, having further computer-executable instructions for performing the step of:
    - determining that a security extension of a host controller is programmed to allow the data to be sent to the USB device.
  - 3. The computer-readable medium of claim 1, having further computer-executable instructions for performing the step of:
    - programming a security extension of a host controller to allow the data to be sent to the USB device.
  - 4. The computer-readable medium of claim 1, having further computer-executable instructions for performing the step of:
    - programming a security extension of a host controller to block the data from being sent to the USB device.
  - 5. The computer-readable medium of claim 1, wherein the instruction comprises directing that the data be sent to the USB device.
  - 6. The computer-readable medium of claim 1, wherein the instruction comprises directing that the data not be sent to the USB device.
  - 7. The computer-readable medium of claim 1, wherein receiving the data comprises receiving the data from a USB host controller driver.
  - 8. The computer-readable medium of claim 1, wherein the entity is a USB host controller driver.
  - 9. The computer-readable medium of claim 1, wherein the program code is part of a device driver associated with the USB device.
  - 10. The computer-readable medium of claim 1, wherein the data comprises a USB command.
  - 11. The computer-readable medium of claim 10, wherein the USB command is a setup command.

12. A computer-readable medium having computer-executable instructions for performing steps, comprising:
- receiving map data indicative of a topology map of a USB topology, wherein the map data is received from an area outside of a trusted execution environment;
  
  receiving device data describing a device from each device in the USB topology; and
  
  comparing in a trusted execution environment the map data and the device data.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computer-readable medium of claim 12, wherein the device data is received from a buffer of a USB security extension.
  - 14. The computer-readable medium of claim 12, having further computer-executable instructions for performing the steps of:
    - sending data to resume hub ports in the USB topology;
      
      receiving ports data indicative of a number of active ports in the USB topology; and
      
      comparing the ports data to the device data.
  - 15. The computer-readable medium of claim 12, having further computer-executable instructions for performing the steps of:
    - identifying a device in the USB topology that is an input device;
      
      requesting a user to generate input data using the input device;
      
      receiving data associated with the requesting; and
      
      comparing in the trusted execution environment received data with the input data.
  - 16. The computer-readable medium of claim 15, having further computer-executable instructions for performing the step of:
    - programming a security extension of a host controller to divert data generated as a result of the requesting to a buffer of a USB security extension.

17. A computer system, comprising:
- means for receiving data associated with a USB device;
  
  means for determining whether the data is allowed to be sent to the USB device; and
  
  means for sending an instruction based on the determining to an entity, wherein the data is a result of program code associated with the USB device being executed outside of a trusted execution environment, wherein the data is received in the trusted execution environment, and wherein the entity is outside the trusted execution environment.
- View Dependent Claims (18, 19, 20)
- - 18. The computer system of claim 17, further comprising:
    - means for determining that a security extension of a host controller is programmed to allow the data to be sent to the USB device.
  - 19. The computer system of claim 17, further comprising:
    - means for programming a security extension of a host controller to block the data from being sent to the USB device.
  - 20. The computer system of claim 17, wherein the instruction comprises directing that the data be sent to the USB device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Williams, Mark, Avraham, Idan, Wooten, David R., Ray, Kenneth D.

Granted Patent

US 7,761,618 B2
Time in Patent Office

Days
Field of Search
US Class Current

710/62
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 2221/2101   Auditing as a secondary aspect

Using a USB host controller security extension for controlling changes in and auditing USB topology

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Using a USB host controller security extension for controlling changes in and auditing USB topology

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links