Filtering USB storage data in kernel module

Abhijit Pawar apawar.linux at gmail.com
Fri Nov 18 08:06:18 EST 2011


On 11/17/2011 08:19 PM, Greg KH wrote:
> On Thu, Nov 17, 2011 at 02:15:35PM +0530, Abhijit Pawar wrote:
>> Hi All,
>> I need to filter  the data written/read to and from the USB storage
>> disk.
> Why?
I want to build a secure machine with data protection. I want to have a 
security around the machine where anyone can attach a usb disk and copy 
the data. but i want to make the copied data useless unless it has the 
trust relation with the host to which its connected.
So if one has copied data from one secured machine and get that usb disk 
to other machine, he should see the encrypted garbage data.
>
> What are you wanting to do at "filter" time?
I want to encrypt the write data packets and decrypt the read data packets.
> Why just USB disks?  What makes them special?
They are the one which can be attached to the system easily.
> How are you going to determine if a disk is a USB device or not?
>
>> Now the way USB is made known to OS is through SCSI and then
>> respective filesystem ( mostly usbfs).
> Not really, usbfs is only one way, and it has nothing to do with usb
> disks.
>
>> So is there any way I can intercept this stack and have my kernel module
>> invoked so that I will get the data.
> Not easily.
Even if its hard, can you please give  details of how do I achieve this?
>> I have been thinking on two approaches:
>>
>> 1. Use VFS and write a proxy filesystem for USB device which will filter
>> the data.
>> 2. checking SCSI and any intercepting point.
> Again, what are you trying to "filter"?  That will determine where you
> make changes.
thanks, greg k-h
So what choice do I have now for this?



More information about the Kernelnewbies mailing list