Attacks to the security of a computer system may take a form of attacking data associated with peripheral devices that are connected to the computer system through a universal serial bus (USB). Such peripheral devices include digital telephone lines, modems, mice, printers, scanners, game controllers, keyboards, and other peripheral devices. For example, snooping attacks may be directed to intercepting data such as a credit card number inputted through a keyboard. Another attack may substitute a device of the attacker's choice with a computer system's keyboard and deceive the system into communicating with the device as if it was the keyboard.
Computer systems may include a trusted execution environment that includes trusted software. Trusted software is executed only in the trusted execution environment through use of processor support such that the software is not vulnerable to attacks. The trusted execution environment may be isolated or partitioned from the execution of other software on, for example, an operating system of a computer system. Such isolation may help ensure the security of certain operations performed on the computer. In a computer system with a trusted execution environment, it may be desirable to secure certain USB peripheral devices to protect against attacks on or associated with the peripheral devices.
Peripheral USB devices are connected to and communicate with a computer system, that is, a “host,” through a host controller. Peripheral USB devices send data to and receive data from the host through the host controller. Program code controlling the operation of the host controller, that is, the host controller driver (HCD), may reside on the host outside of the trusted execution environment. The host controller driver receives data from program code controlling or associated with each peripheral device. Such program code may be the device driver for each peripheral device. The host controller driver sends data to the appropriate device through the host controller. The host controller driver makes sure that data sent to the host controller from a peripheral is delivered to the appropriate device driver.
For certain peripheral devices called trusted devices, data associated with the USB devices may be diverted to the trusted execution environment. Trusted, that is, secure, USB devices send data to and receive data from the trusted execution environment. Data sent by a trusted device, such as a trusted keyboard, may be diverted by secure hardware located within the host controller for processing in the trusted execution environment. This secure hardware is referred to as a “security extension” (SE). Likewise, data sent to a trusted USB device may be sent from the trusted execution environment, thus ensuring that the trusted device remains secure. Some of the peripheral devices may not be of a primary security concern and therefore data associated with such devices may not be sent via the trusted execution environment.
The hardware SE on the host controller may not be accessible for program code running outside the trusted execution environment on the host. For example, the HCD may be executed outside the trusted execution environment, and therefore may be unable to control security related activity that takes place when hardware is programmed to secure certain peripheral devices. Trusted software executing in the trusted execution environment may likewise be unable to use the host controller driver to monitor or control USB traffic associated with the SE and may otherwise be unable to control the host controller. Additionally, USB device drivers executing outside the trusted execution environment may control USB devices that were originally not trusted but that became trusted. These device drivers, however, may be unable to access the security extension.
Therefore, there is a need for methods and apparatus to enable trusted software to monitor and control USB traffic associated with the SE and the devices in the USB topology.