Protecting Cryptographic Keys from Memory Disclosure Attacks
DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Implementing preinstallation environment media for use in user support
Proceedings of the 35th annual ACM SIGUCCS fall conference
Endpoint security: managing USB-based removable devices with the advent of portable applications
Proceedings of the 4th annual conference on Information security curriculum development
WDFIA '08 Proceedings of the 2008 Third International Annual Workshop on Digital Forensics and Incident Analysis
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
UMS-dev-sec: a proposed framework to address security concerns of UMS devices
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
| Hi-index | 0.00 |
Information security risks associated with Universal Serial Bus (USB) storage devices have been serious issues since 2003, which marked the wide adoption of USB technologies in the computing industry, especially in corporate networks. Due to the insecure design and the open standards of USB technologies, attackers have successfully exploited various vulnerabilities in USB protocols, USB embedded security software, USB drivers, and Windows Autoplay features to launch various software attacks against host computers and USB devices. The purposes of this paper are: (i) to provide an investigation on the currently identified USB based software attacks on host computers and USB storage devices, (ii) to identify the technology enablers of the attacks, and (iii) to form taxonomy of attacks. The results show that a multilayered security solution framework involving software implementations at the User Mode layer in the operating systems can help eliminate the root cause of the problem radically.