Conference Paper
BibTex RIS Cite
Year 2022, Volume: 21 , 241 - 247, 31.12.2022
https://doi.org/10.55549/epstem.1225679

Abstract

Threat and Vulnerability Modelling of Malicious Human Interface Devices

Year 2022, Volume: 21 , 241 - 247, 31.12.2022
https://doi.org/10.55549/epstem.1225679

Abstract

The threats posed by malicious Human Interface Devices (HID) have greater potential for harm
owing to the inherent trust given to them by the respective Operating Systems (OS). While HIDs vary in terms
of hardware and software, the OS detects them as genuine, providing access to the malicious HID to perform
and execute privileged actions as if it came from a genuine user. Since the threat can bypass normal security
controls, it poses a significant challenge to security managers. While the insider (both unintentional and
malicious) threat level posed by the malicious HIDs is high, research in the domain of mapping HIDs to HID
attack vectors and the exploited vulnerabilities is scarce, which is evident from the paucity of research outputs in
a Google Scholar search. Accordingly, the objective of this research is to create a model that maps HIDs to
vulnerability categories aligned to attacks. In this connection, the paper proposes an HID Threat Vulnerability
model (HidTV) that identifies the malicious HID types and evaluates the nature of HID related threats and the
corresponding vulnerabilities that are exploited. The resulting model can provide security managers with a
visibility of critical vulnerabilities, map specific HIDs to threats and vulnerabilities and formulate security
policies to defend and mitigate against these threats. From an academic perspective, the paper provides a
foundation for researchers to evaluate and propose detective and mitigation strategies for specific attack paths.
While there are genuine uses for HIDs, this paper focuses on the ways they can be intentionally exploited for
malicious purposes.

There are 0 citations in total.

Details

Primary Language English
Subjects Engineering
Journal Section Articles
Authors

Mathew Nıcho

Ibrahim Sabry

Publication Date December 31, 2022
Published in Issue Year 2022Volume: 21

Cite

APA Nıcho, M., & Sabry, I. (2022). Threat and Vulnerability Modelling of Malicious Human Interface Devices. The Eurasia Proceedings of Science Technology Engineering and Mathematics, 21, 241-247. https://doi.org/10.55549/epstem.1225679