Universal serial bus based software attacks and protection solutions

Dung Vu Pham, Ali Syed, Malka N. Halgamuge
2011 Digital Investigation. The International Journal of Digital Forensics and Incident Response  
Autorun Hack tool Malware a b s t r a c t Information security risks associated with Universal Serial Bus (USB) storage devices have been serious issues since 2003, which marked the wide adoption of USB technologies in the computing industry, especially in corporate networks. Due to the insecure design and the open standards of USB technologies, attackers have successfully exploited various vulnerabilities in USB protocols, USB embedded security software, USB drivers, and Windows Autoplay
more » ... es to launch various software attacks against host computers and USB devices. The purposes of this paper are: (i) to provide an investigation on the currently identified USB based software attacks on host computers and USB storage devices, (ii) to identify the technology enablers of the attacks, and (iii) to form taxonomy of attacks. The results show that a multilayered security solution framework involving software implementations at the User Mode layer in the operating systems can help eliminate the root cause of the problem radically. ª (M.N. Halgamuge). a v a i l a b l e a t w w w . s c i e n c e d i r e c t . c o m j o u r n a l h o m e p a g e : w w w . e l s e v i e r . c o m / l o c a t e / d i i n d i g i t a l i n v e s t i g a t i o n 7 ( 2 0 1 1 ) 1 7 2 e1 8 4
doi:10.1016/j.diin.2011.02.001 fatcat:ogcnr5dcsbh7bfwr4av5jrkeuq