On Wed, Oct 29, 2014 at 08:19:27PM +0100, Lodewijk andré de la porte wrote:

These fail together, I'd call them equally safe. Using an unusual (and small) stack is safer as exploits would be more expensive to obtain.

Probably better to airgap by having a secure microkernel (L4, how are you?) do the USB and another protocol (Ethernet for all I care) carry sanitized payload to the actual machine. Think of it as wearing a condom. Whatever the transferred payload is, making sure it's sanitized is vital and non-trivial. Probably would require interpreting and serializing it again, to unify the formatting.

USB condom, great name :-). Last time I amused myself with such idea (say, few months ago), I ended up reading specs of stm32f4 family of single board microcontrollers, mostly because my local shop sells them. They have like 1MB of flash, my fav has 192kB of ram (not sure, in one piece or banks? and yes, it's kilo-bytes, not kilo-bits, according to web page), I guess they have enough io pins to solder usb and/or ether connectors to them. Plus, ARM Cortex-M cpu @80+ MHz. Very very cute, for me. It's a bit of overkill but I really dislike boards with 512 bytes of ram (what kind of compiler could I fit into this? binary lambda self interpreter, maybe, cool, but what else besides it - and how much could I use it for computing rather than led blinking, although leds could make it look sexier). :-) Also, I myself would not use L4. No bad feelings about it but, sounds a bit too huge for this task, meybe? Since I don't know too much about all this stuff, I guess I'd start with C or Forth on bare metal. I had not enough time to make sure I could develop for it using Linux/BSD, since other OSes are no-no. -- Regards, Tomasz Rola -- ** A C programmer asked whether computer had Buddha's nature. ** ** As the answer, master did "rm -rif" on the programmer's home ** ** directory. And then the C programmer became enlightened... ** ** ** ** Tomasz Rola mailto:tomasz_rola@bigfoot.com **

On Thu, Oct 30, 2014 at 05:01:28PM +0100, Lodewijk andré de la porte wrote:

2014-10-30 16:21 GMT+01:00 Tomasz Rola :

...

Also, I myself would not use L4. No bad feelings about it but, sounds a bit too huge for this task, meybe? Since I don't know too much about all this stuff, I guess I'd start with C or Forth on bare metal. I had not enough time to make sure I could develop for it using Linux/BSD, since other OSes are no-no.

For me the reason for a kernel is existing drivers and a proven infrastructure. You want to make the protocol and data as non-native as possible, change it around as much as you can, to remove potential exploits. There's just too many exploits though :(... No way to protect against an exploited PDF, unless you want to reformat the PDF's (maybe into JPG?). You could theoretically do that on the fly with L4, but with bare-metal you'd be hurting yourself a lot.

Oh I see. Using L4 makes sense then. But, if concern goes as far as files prepared with hostile intent, I again mused myself once (what a muser I am) with idea of filtering this stuff through software/converter running on non-386 emulator, like PDP-10 (simh or something, running TOPS-* is optional), vax (again simh, some modern bsd should fit) or even S/380 (modified Hercules emulator, modern variation on S360 mainframe, hobby project, gnu software ported to MVS/380 which itself descends from one commercial mainframe os, which at one point of time became public domain - if memory serves, of course). Since those are all musings and no hard work, I cannot claim any kind of success or if this makes any sense or not at all. Seems doable, requires time and reading some old manuals written on typewriter and scanned, and the font is ugly and scales poorly on 6'' ebook reader... -- Regards, Tomasz Rola -- ** A C programmer asked whether computer had Buddha's nature. ** ** As the answer, master did "rm -rif" on the programmer's home ** ** directory. And then the C programmer became enlightened... ** ** ** ** Tomasz Rola mailto:tomasz_rola@bigfoot.com **

mroq qorm writes:

On Thu, Oct 30, 2014 at 3:21 PM, Tomasz Rola wrote:

...

USB condom, great name :-). http://syncstop.com/ - there was an open hardware version of this somewhere, but maybe all that went away when they got a new name and a hipster website ... not for the purpose you are discussing but still useful.

More generally, search for "charge only usb cable" and you'll find lots of things like this, e.g: http://www.ebay.com/itm/2M-6ft-LONG-THICK-Fast-Charging-ONLY-USB-Cable-WHITE-4-iPad-Air-2-mini-3-Retina-/291161982615?pt=US_Tablet_eReader_Chargers_Sync_Cables&hash=item43ca9b4697 http://www.ebay.com/itm/High-Speed-Charge-Only-Micro-USB-Charging-Cable-Android-Quality-Fast-Charger-/221266793926?pt=UK_MobilePhones_MobilePhoneAccessories_MobilePhoneChargers&hash=item33848755c6 http://www.ebay.com/itm/GYRRH-Micro-USB-Power-Charge-Only-Cable-3ft-91cm-Yellow-/131304066524?pt=US_USB_Cables_Hubs_Adapters&hash=item1e92550ddc Something like this, $1.99 including shipping: http://www.ebay.com/itm/Micro-USB-2-0-Charging-Charge-Only-Cable-For-Samsung-Galaxy-HTC-Nexus-Android-63-/111283024587?pt=US_Cell_Phone_PDA_Cables_Adapters&var=&hash=item19e8fc32cb is great for carrying around for charging your phone when you're travelling, just mark it in some way so you don't get frustrated when you can't sync your phone with it... Peter.

With respect to

More generally, search for "charge only usb cable" ...

at the other end of the spectrum, more or less, see the following. --dan -----------------8<------------cut-here------------8<----------------- kapricasecurity.com/skorpion Being secure is as easy as charging your phone. Simply connect your Android device to the Skorpion charger and it will be scanned for malware, viruses, and malicious rootkits while it charges. * Cutting edge security Ensure mobile device integrity with Kaprica's leading edge innovation. Nation-state quality technology can now be yours. * Clear scan results LED indicator lights let you know if risks have been detected or if your device is clean. A green light means no problems - a red one means trouble. * Part of your daily routine Scan whenever you need to charge - no hassle of extra steps or additional software. High level technology at your fingertips. How does it work? The Kaprica charger is a three-step system that happens automatically without any user interaction. * 01 Quick Scan In as little as 2 minutes you'll know if your mobile device has been infected with malware. * 02 Deep Scan In as little as 6 minutes, a deep scan reveals malicious changes to your OS. * 03 Report Scan Results Our web interface quickly and quietly identifies and reports on any malicious content and the cleanliness of your mobile device. Extensive reporting and interactive dashboard for enterprise-level IT administrators. Data collected by the Skorpion charger is sent back to Kaprica's servers and clearly displayed in the administrative dashboard.