Universal serial bus based software attacks and protection solutions

Dung Vu Pham, Ali Syed, Malka N. Halgamuge

Research output: Contribution to journalArticlepeer-review

22 Citations (Scopus)


Information security risks associated with Universal Serial Bus (USB) storage devices have been serious issues since 2003, which marked the wide adoption of USB technologies in the computing industry, especially in corporate networks. Due to the insecure design and the open standards of USB technologies, attackers have successfully exploited various vulnerabilities in USB protocols, USB embedded security software, USB drivers, and Windows Autoplay features to launch various software attacks against host computers and USB devices. The purposes of this paper are: (i) to provide an investigation on the currently identified USB based software attacks on host computers and USB storage devices, (ii) to identify the technology enablers of the attacks, and (iii) to form taxonomy of attacks. The results show that a multilayered security solution framework involving software implementations at the User Mode layer in the operating systems can help eliminate the root cause of the problem radically.
Original languageEnglish
Pages (from-to)172-184
Number of pages13
JournalDigital Investigation
Issue number3-4
Publication statusPublished - Apr 2011


Dive into the research topics of 'Universal serial bus based software attacks and protection solutions'. Together they form a unique fingerprint.

Cite this