Filtering USB storage data in kernel module

Abhijit Pawar apawar.linux at gmail.com
Fri Nov 18 10:35:48 EST 2011 

On 11/18/2011 08:16 PM, Greg KH wrote:
> On Fri, Nov 18, 2011 at 06:36:18PM +0530, Abhijit Pawar wrote:
>> On 11/17/2011 08:19 PM, Greg KH wrote:
>>> On Thu, Nov 17, 2011 at 02:15:35PM +0530, Abhijit Pawar wrote:
>>>> Hi All,
>>>> I need to filter  the data written/read to and from the USB storage
>>>> disk.
>>> Why?
>> I want to build a secure machine with data protection. I want to
>> have a security around the machine where anyone can attach a usb
>> disk and copy the data. but i want to make the copied data useless
>> unless it has the trust relation with the host to which its
>> connected.
>> So if one has copied data from one secured machine and get that usb
>> disk to other machine, he should see the encrypted garbage data.
> Interesting idea.
>
>>> What are you wanting to do at "filter" time?
>> I want to encrypt the write data packets and decrypt the read data packets.
>>> Why just USB disks?  What makes them special?
>> They are the one which can be attached to the system easily.
>>> How are you going to determine if a disk is a USB device or not?
> You forgot to answer this question :)
Yeah, I forgot that one. I am not very sure but if I can patch the USB 
core before it attaches the speficied class driver to the USB device. 
May be I can try and send some control request and get the class of the 
device.  I think its not required as USB core itself will understand the 
class of the device and try to attach the proper driver. At this point 
of time, I will have some patch which will pass on the information to my 
module.
I am not sure if there are any intercepting points or any functions / 
structures exported in the USB core stack.
>
>>>> Now the way USB is made known to OS is through SCSI and then
>>>> respective filesystem ( mostly usbfs).
>>> Not really, usbfs is only one way, and it has nothing to do with usb
>>> disks.
>>>
>>>> So is there any way I can intercept this stack and have my kernel module
>>>> invoked so that I will get the data.
>>> Not easily.
>> Even if its hard, can you please give  details of how do I achieve this?
>>>> I have been thinking on two approaches:
>>>>
>>>> 1. Use VFS and write a proxy filesystem for USB device which will filter
>>>> the data.
>>>> 2. checking SCSI and any intercepting point.
>>> Again, what are you trying to "filter"?  That will determine where you
>>> make changes.
>> thanks, greg k-h
>> So what choice do I have now for this?
> Lots of work, best of luck with this task, it will not be simple or
> easy.
>
> greg k-h
Thanks. Its not that simple. I need to check the sCSI family code as 
well as USB core. Also VFS may be involved. :(  :)

Regards,
Abhijit Pawar

More information about the Kernelnewbies mailing list