usbsas - Simplifying Secure Transfers from Untrusted USB Devices with Microkernel-Style Isolation

Introduction to the usbsas Project

usbsas is an innovative open-source solution designed to safely manage and transfer data from untrusted USB mass storage devices. Licensed under GNU GPLv3, it aims to enhance the security of handling USB devices by minimizing potential vulnerabilities within the USB stack.

Project Description

usbsas employs a "defense in depth" strategy, prioritizing security by limiting privileges. Traditionally, USB-related processes occur within the privileged kernel space, potentially exposing systems to security risks. Usbsas changes this by moving these tasks to user space and dividing them into separate processes, each running in a limited secure computing mode known as seccomp.

The primary objective of usbsas is to serve as a secure kiosk or sheep dip station. It ensures a safe transfer of files from an untrusted USB device to a trusted one, operating efficiently on GNU/Linux systems and written in the Rust programming language.

Key Features

usbsas offers several robust features:

File Reading: It allows reading files from an untrusted USB device without relying on kernel modules like uas, usb_storage, or filesystem modules. It supports file systems like FAT, exFat, ext4, NTFS, and ISO9660.
Virus Scanning: Files can be analyzed using a remote antivirus service.
File Transfer: Enables copying files to a trusted USB device using file systems like FAT, exFAT, and NTFS.
Remote Upload: Files can be uploaded to a remote server.
USB Imaging and Wiping: Provides functionality to create an image of a USB device or wipe it clean.

Applications

usbsas finds its utility in several applications:

Web Client/Server: The primary application, designed for deploying as a secure USB-to-USB file transfer kiosk.
Fuse Implementation: Allows mounting USB devices in a read-only mode using usbsas.
Python Integration: Usbsas can be utilized in Python environments, broadening its utility for developers.

Documentation

Comprehensive documentation is available to aid users and developers:

Architecture and technical details
Guidelines for building and using usbsas
Instructions for deploying as a kiosk
Information on creating a Live ISO
Developer documentation can be generated using the $ cargo doc command.

Contribution

The usbsas project welcomes contributions in many forms, including code enhancements, bug reports, packaging, documentation improvements, and translations.

Licensing

usbsas is bundled with dependencies licensed under various terms:

ntfs3g is under GPLv2
FatFs uses a custom BSD-style license
fontawesome is covered by CC BY 4.0 (icons), SIL OFL 1.1 (fonts), and MIT (code)
bootstrap falls under the MIT license

usbsas is free software distributed under the terms of the GNU General Public License. It is offered in the hope of usefulness, yet without any warranty. The license details are accessible, ensuring the project's ethos of open-source contribution and accessibility.