USBIPS: A Framework for Protecting A Host against Malicious Behaviors behind USB Peripherals

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：15

、訪客IP：13.59.173.30

姓名

王駿逸(Chun-Yi Wang) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

(USBIPS: A Framework for Protecting A Host against Malicious Behaviors behind USB Peripherals)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

近年來，以USB為媒介的攻擊手法變得越來越複雜。從社交工程到信號注入，現代的攻擊手法涵蓋了廣泛的攻擊面向。為了應對這些挑戰，資安社群已採用了越來越多技術深入卻範圍零散的防禦措施。無論基於USB的攻擊採用何種面向的手法，許多個人和企業所關注的最重要風險是服務中斷和資料外洩。電腦的作業系統負責管理USB周邊設備，然而透過USB周邊設備的惡意攻擊可以導致服務中斷或從作業系統內竊取資料，例如BadUSB這類型的攻擊。儘管有相關研究提出使用USB防火牆的概念，例如USBFILTER和USBGuard等方法，來防禦USB周邊設備的惡意行為，但它們仍無法有效地阻止現實世界中的入侵。

本論文的重點是在電腦作業系統內建構一個稱為USBIPS的安全架構，以防禦惡意的USB周邊設備，其中包括三項主要研究，目的是為了探索惡意行為的本質，並對於以USB為媒介的入侵手法建立持續性的防護。首先，我們提出一種基於行為的偵測機制，置重點於偵測以USB為媒介或與USB結合運用的攻擊行為。其次，我們提出了一種基於白名單的USB存取控制方法的創新思維。最後，我們開發並實現了一套端點偵測與回應（EDR）系統，並構建了第一個以USB入侵防護為主的通用安全架構。藉由集中式的威脅分析架構，此系統可以進行持續性的防護，並能偵測未知的惡意行為。透過解決關鍵的安全與效能挑戰，本論文中的這些研究成果，不僅使現今常用的作業系統足以抵禦來自不受信任的USB周邊設備攻擊，也為後續的研究工作開創了一條寬敞大道。

摘要(英)

USB-based attacks have increased in complexity in recent years. Modern attacks now incorporate a wide range of attack vectors, from social engineering to signal injection. To address these challenges, the security community has responded with a growing set of fragmented defenses. No matter what vector a USB-based attack operated, the most important risks that most people and enterprises care about are service crashes and data loss. The host operating system is responsible for managing USB peripherals; however, malicious ones can crash a service or steal data from the OS, such as BadUSB attacks. Although some methods work as a USB firewall, such as USBFILTER and USBGuard were proposed to defend against malicious USB peripherals, they still cannot stop the intrusions in the real world.

The focus of this dissertation is on building a security framework called USBIPS within operating systems to defend against malicious USB peripherals, which includes three major efforts to explore the nature of malicious behaviors and to build persistent protection from USB-based intrusions. We first present a behavior-based detection mechanism focusing on the attacks combined with USB peripherals. We then introduce a novel idea of a whitelisting-based method for USB access control. We finally develop an Endpoint Detection and Response (EDR) system to build the first generic security framework for USB-based intrusion protection. Withing the centralized threat analysis framework, the protection works persistently and could have the capability to detect unknown malicious behaviors. By addressing key security and performance challenges, these works pave the way for hardening modern operating systems against attacks from untrusted USB peripherals.

關鍵字(中)

★ USB peripheral
★ HID (Human Interface Device)
★ protocol masquerading
★ USB firewall
★ EDR (Endpoint Detection and Response)

關鍵字(英)

★ USB peripheral
★ HID (Human Interface Device)
★ protocol masquerading
★ USB firewall
★ EDR (Endpoint Detection and Response)

論文目次

中文摘要. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
ABSTRACT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
謝誌. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
TABLE OF CONTENTS . . . . . . . . . . . . . . . . . . . . . . . vii
LIST OF FIGURES . . . . . . . . . . . . . . . . . . . . . . . . . ix
LIST OF TABLES . . . . . . . . . . . . . . . . . . . . . . . . . . xi
1 INTRODUCTION . . . . . . . . . . . . . . . . . . . . . 1
2 BACKGROUND . . . . . . . . . . . . . . . . . . . . . . 5
2.1 USB Security . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.1 USB Protocol . . . . . . . . . . . . . . . . . . . . . 6
2.1.2 USB Attacks and Defenses . . . . . . . . . . . . . . 8
2.2 Kernel Interfaces . . . . . . . . . . . . . . . . . . . . . 12
2.2.1 Linux API . . . . . . . . . . . . . . . . . . . . . . . 13
2.2.2 Windows API . . . . . . . . . . . . . . . . . . . . . 15
2.3 Endpoint detection and response . . . . . . . . . . . . 15
3 RESEARCH METHODS . . . . . . . . . . . . . . . . . . 17
3.1 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2 Design Principle . . . . . . . . . . . . . . . . . . . . . 18
3.3 Methodologies . . . . . . . . . . . . . . . . . . . . . . 18
3.3.1 USBIPS Device Classier . . . . . . . . . . . . . . . 20
3.3.2 Whitelisting-based USBIPS Access Controller . . . . 23
3.3.3 USBIPS Behavior-based Detector . . . . . . . . . . . 26
3.3.4 USBIPS Daemon & Service Observer . . . . . . . . . 31
3.3.5 USBIPS Server . . . . . . . . . . . . . . . . . . . . . 33
4 EVALUATION . . . . . . . . . . . . . . . . . . . . . . . 35
4.1 Eectiveness of Device Classication and Whitelistingbased
Access Control . . . . . . . . . . . . . . . . . . . 37
4.2 Eectiveness of Behavior-based Detection on HID . . . 38
4.3 Eectiveness of Behavior-based Detection on Storage . 40
4.3.1 Eectiveness of Behavior-based Detection on Network 40
5 CONCLUSION . . . . . . . . . . . . . . . . . . . . . . . 45
5.1 Comparison . . . . . . . . . . . . . . . . . . . . . . . . 45
5.2 Limitations . . . . . . . . . . . . . . . . . . . . . . . . 46
5.3 Future Work . . . . . . . . . . . . . . . . . . . . . . . 47
5.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . 48
REFERENCES . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

參考文獻

[1] Apple, Hewlett-Packard, Intel, Microsoft, Renesas, STMicroelectronics, and Texas Instruments, Universal Serial Bus 3.2 Specification: Revision 1.0, Tech. Rep., Sep. 2017.
[2] Bluetooth SIG, Inc., Bluetooth Core Specification v5.0, Tech. Rep., Dec. 2016.
[3] K. Nohl, S. Kriÿler, and J. Lell, BadUSB - On accessories that turn evil, BlackHat, 2014.
[4] B. Lau, Y. Jang, C. Song, T. Wang, P. Chung, and P. Royal, Mactans: Injecting Malware into iOS Devices via Malicious Chargers, in Proceedings of the Black Hat USA Briefings, Las Vegas, NV, August 2013.
[5] D. J. Tian, G. Hernandez, J. I. Choi, V. Frost, C. Ruales, P. Traynor, H. Vijayakumar, L. Harrison, A. Rahmati, M. Grace, and K. R. B. Butler, ATtention spanned: Comprehensive vulnerability analysis of AT commands within the Android ecosystem, in 27th USENIX Security Symposium (USENIX Security 18), 2018. https://www.usenix.org/conference/usenixsecurity18/presentation/tian
[6] D. J. Tian, N. Scaife, A. Bates, K. R. B. Butler, and P. Traynor, Making USB Great Again with USBFILTER, In 25th USENIX Security Symposium (USENIX Security 16), Washington, D.C., 2016.
[7] D. Kope£ek, USBGuard, USBGuard project, 2016. https://usbguard.github.io/
[8] Y. W. Hsu, HERMES: A Light Weight Method to Simulate a USB Device or Pass a USB Firewall, Master thesis, National CentralUniversity, Taiwan, 2019.
[9] D. J. Tian, N. Scaife, D. Kumar, M. Bailey, A. Bates, and K. R. B. Butler, Plug & Pray" Today - Understanding USB Insecurity in Versions 1 through C, in Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2018.
[10] SystemSoft Corporation and Intel Corporation, Universal Serial Bus Common Class Specification, Revision 1.0, December 1997.
[11] The USB Device Working Group, USB Class Codes, 2015. https://www.usb.org/defined-class-codes
[12] USB Implementers Forum, Inc., USB Mass Storage Class Specification Overview, 2010. https://www.usb.org/sites/default/files/Mass_Storage_Specification_Overview_v1.4_2-19-2010.pdf
[13] __, USB Mass Storage Class CBI Transport, 2003. https://www.usb.org/sites/default/files/usb_msc_cbi_1.1.pdf
[14] K. Nohl, BadUSB Exposure: Hubs, November 2014. https://opensource.srlabs.de/projects/badusb/wiki/Hubs
[15] L. Letaw, J. Pletcher, and K. Butler, Host Identification via USB Fingerprinting, 2011 IEEE 6th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), May 2011.
[16] A. Bates, R. Leonard, H. Pruse, K. R. Butler, and D. Lowd, Leveraging USB to Establish Host Identity Using Commodity Devices, in Proceedings of the 2014 Network and Distributed System Security Symposium, ser. NDSS ′14, February 2014.
[17] K. Zetter and K. Poulsen, U.S. Intelligence Analyst Arrested in Wikileaks Video Probe, 2010. https://www.wired.com/2010/06/leak/
[18] K. Zetter, Snowden Smuggled Documents From NSA on a ThumbDrive, 2013. https://www.wired.com/2013/06/snowden-thumb-drive/
[19] Common Vulnerabilities and Exposures, CVE-2010-2568, 2010. https://cve.mitre.org/cgi-bin/cvename.cgi?name=
CVE-2010-2568
[20] N. Falliere, L. O′Murchu, and E. Chien, W32.Stuxnet Dossier, 2011. https://pax0r.com/hh/stuxnet/Symantec-Stuxnet-Update-Feb-2011.pdf
[21] D. Spill, M. Ossmann, and K. Busse, TURNIPSCHOOL – NSA playset, 2015. http://www.nsaplayset.org/turnipschool
[22] GoodFET, Facedancer21, 2016. http://goodfet.sourceforge.net/hardware/facedancer21/
[23] Y. Su, D. Genkin, D. Ranasinghe, and Y. Yarom, USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs, in 26th USENIX Security Symposium (USENIX Security 17), Vancouver, BC, 2017. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/su
[24] USBKill, USBKill, 2016. https://www.usbkill.com/
[25] S. Stasiukonis, Social engineering, the USB way, Dark Reading, 2006.
[26] P. Sewers, US Govt. plant USB sticks in security study, 60% of subjects take the bait, 2011. https://thenextweb.com/insider/2011/06/28/us-govt-plant-usb-sticks-in-security-study-60-of-subjects-take-the-bait/
[27] J. R. Jacobs, Measuring the effectiveness of the USB flash drive as a vector for social engineering attacks on commercial and residential computer systems, Master′s thesis, Embry-Riddle Aeronautical University, 2011.
[28] M. Tischer, Z. Durumeric, S. Foster, S. Duan, A. Mori, E. Bursztein, and M. Bailey, Users Really Do Plug in USB Drives They Find, in Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P ′16), San Jose, California, USA, May 2016.
[29] M. J. Schwartz, How USB Sticks Cause Data Breach, Malware Woes, 2011. https://www.darkreading.com/risk-management/how-usb-sticks-cause-data-breach-malware-woes/d/d-id/
1099437
[30] D. Pauli, Secret defence documents lost to foreign intelligence, 2011. https://www.itnews.com.au/news/secret-defence-documents-lost-to-foreign-intelligence-278961
[31] H. J. Highland, The BRAIN virus: fact and fantasy, Computers & Security, vol. 7, no. 4, pp. 367-370, 1988.
[32] S. Shin and G. Gu, Conficker and Beyond: A Large-scale Empirical Study, in Proceedings of the 26th Annual Computer Security Applications Conference, ser. ACSAC ′10, 2010. https://dl.acm.org/doi/10.1145/1920261.1920285
[33] K. Zetter, Meet `Flame,′ The Massive Spy Malware In
ltrating Iranian Computers, Wired, 28 May 2012. https://www.wired.com/2012/05/flame/
[34] P. Szor, Duqu-threat research and analysis, McAfee Labs, 2011. https://scadahacker.com/library/Documents/Cyber_Events/McAfee%20-%20W32.Duqu%20Threat%20Analysis.pdf
[35] P. Oliveira Jr., FBI can turn on your web cam, and youd never know it, 8 Dec. 2013. https://nypost.com/2013/12/08/fbi-can-turn-on-your-web-cam/
[36] CBS/AP, BlackShades malware hijacked half a million computers, FBI says, 2014.
https://www.cbsnews.com/news/blackshades-malware-hijacked-half-a-million-computers-fbi-says/
[37] M. Brocker and S. Checkoway, iSeeYou: Disabling the MacBook webcam indicator LED, in 23rd USENIX Security Symposium (USENIX Security 14), 2014, pp. 337-352.
[38] T. Ater, Chrome Bugs Allow Sites to Listen to Your Private Conversations, 2014. https://www.talater.com/chrome-is-listening/
[39] M. Guri, M. Monitz, and Y. Elovici, USBee: air-gap covert-channel via electromagnetic emission from USB, in Privacy, Security and Trust (PST), 2016 14th Annual Conference on. IEEE, 2016, pp. 264-268.
[40] Hak5, USB Rubber Ducky, 2010. https://shop.hak5.org/products/usb-rubber-ducky-deluxe
[41] Hak5, USB Rubber Ducky Payloads, 2013. https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads
[42] S. Kamkar, USBdriveby, 2014. http://samy.pl/usbdriveby/
[43] J. Bang, B. Yoo, and S. Lee, Secure USB bypassing tool, digital investigation, vol. 7, pp. S114-S120, 2010.
[44] NCCGROUP, Umap2, 2018. https://github.com/nccgroup/umap2
[45] Google, Found Linux kernel USB bugs, 2017. https://github.com/google/syzkaller/blob/master/docs/linux/found_bugs_usb.md
[46] Z.Wang and A. Stavrou, Exploiting Smart-phone USB Connectivity for Fun and Profit, in Proceedings of the 26th Annual Computer Security Applications Conference, ser. ACSAC ′10. New York, NY, USA: ACM, 2010, pp. 357-366.
[47] K. Sridhar, S. Prasad, L. Punitha, and S. Karunakaran, EMI issues of universal serial bus and solutions, in INCEMIC-2003: 8th International Conference on Electromagnetic Interference and Compatibility, 2003, pp. 97-100.
[48] D. Oswald, B. Richter, and C. Paar, Side-channel attacks on the Yubikey 2 one-time password generator, in InternationalWorkshop on Recent Advances in Intrusion Detection, Springer, 2013, pp. 204-222.
[49] A. Davis, Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions, in Blackhat USA, Jul. 2013.
[50] __, COTTONMOUTH-I, 2008. https://nsa.gov1.info/dni/nsa-ant-catalog/usb/index.html#COTTONMOUTH-I
[51] NSA/DNI, COTTONMOUTH-II, 2008. https://nsa.gov1.info/dni/nsa-ant-catalog/usb/index.html#COTTONMOUTH-II
[52] mich, Inside a low budget consumer hardware espionage implant, 2017. https://ha.cking.ch/s8_data_line_locator/
[53] ALLOYSEED, GIM Answer Monitor USB Charging Data Cable GPS Locator, 2017. https://www.aliexpress.com/item/1m-GPS-Positioning-Pick-up-Line-Tracker-Remote-Tracking-Cable-GIM-Answer-Monitor-USB-Charging-Data/32813314360.html?trace=msiteDetail2pcDetail
[54] B. Leung, Surjtech′s 3M USB A-to-C cable completely violates the USB spec. Seriously damaged my laptop, 2016.
https://www.amazon.com/review/R2XDBFUD9CTN2R/ref=cm_cr_rdp_perm
[55] P. C. Johnson, S. Bratus, and S. W. Smith, Protecting Against Malicious Bits On the Wire: Automatically Generating a USB Protocol Parser for a Production Kernel, in Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC), 2017.
[56] S. Angel, R. S. Wahby, M. Howald, J. B. Leners, M. Spilo, Z. Sun, A. J. Blumberg, and M. Walfish, Defending against Malicious Peripherals with Cinch, in Proceedings of the 25th USENIX Security Symposium, 2016.
[57] Linfo, Kernel Definition, Bellevue Linux Users Group, Retrieved Sep. 2016. http://www.linfo.org/kernel.html
[58] A. S. Tanenbaum, Modern Operating Systems (3rd ed.), Prentice Hall, pp. 50-51, 2008.
[59] A. Rubini, Kernel System Calls, linux.it, Retrieved Nov. 2014. http://www.linux.it/~rubini/docs/ksys/ksys.html
[60] K. Vervloesem, Choosing between portability and innovation, LWN.net, Mar. 2011. https://lwn.net/Articles/430598/
[61] __, Interview: Lennart Poettering - Lennart Poettering will give a talk about "Systemd: beyond init" at FOSDEM 2011, fosdem.org, 2011. https://archive.fosdem.org/2011/interview/lennart-poettering.html
[62] M. Kerrisk, netlink(7) - Linux manual page, man7.org, Jun. 2020. https://man7.org/linux/man-pages/man7/netlink.7.html
[63] M. Russinovich, Inside Native Applications, docs.microsoft.com, Nov. 2006. https://docs.microsoft.com/en-us/sysinternals/resources/inside-native-applications
[64] GrantMeStrength, v-kents, DCtheGeek, stevewhims, JKirsch1, drewbatgit, jameshkramer, mijacobs, and msatranjr, Windows API index, docs.microsoft.com, Mar. 2018. https://docs.microsoft.com/en-us/windows/win32/apiindex/windows-api-list
[65] M. Russinovich, Inside Native Applications, docs.microsoft.com, Nov. 2006. https://docs.microsoft.com/en-us/sysinternals/resources/inside-native-applications
[66] __, Top 6 EDR Tools Compared, Cynet, Dec. 2020. https://www.cynet.com/endpoint-protection-and-edr/top-6-edr-tools-compared/
[67] __, Endpoint Detection and Response (EDR), Techopedia, May. 2019. https://www.techopedia.com/definition/33710/endpoint-detection-and-response-edr
[68] M. Rouse, DEFINITION - endpoint detection and response (EDR), TechTarget, Jun. 2019. https://searchsecurity.techtarget.com/definition/endpoint-detection-and-response-EDR
[69] Comodo, What is EDR?, Cynet, Mar. 2019. https://enterprise.comodo.com/blog/what-is-endpoint-detection-response/
[70] Wazuh Inc., Wazuh · The Open Source Security Platform, Wazuh.com, 2020. https://wazuh.com/
[71] Wikimedia Foundation, Inc., Universally unique identifier, Wikipedia.org, 2021. https://en.wikipedia.org/wiki/Universally_unique_identifier
[72] Microsoft, Inc., WM_DEVICECHANGE message, Microsoft.com, 2021. https://docs.microsoft.com/en-us/windows/win32/devio/wm-devicechange
[73] Microsoft, Inc., DEV_BROADCAST_DEVICEINTERFACE_A structure (dbt.h), Microsoft.com, 2021. https://docs.microsoft.com/en-us/windows/win32/api/dbt/ns-dbt-dev_broadcast_deviceinterface_a
[74] P. Walters, The risks of using portable devices, Carnegie Mellon University, Produced for US-CERT, a government organization, 2012. http://www.us-cert.gov
[75] __, Social Engineering a USB Drive, 2016. https://www.cmu.edu/iso/aware/be-aware/usb.html
[76] __, IronKey, 2013. http://www.ironkey.com/en-US/resources/
[77] Kanguru Solutions, Secure Encrypted USB Flash Drives, https://www.kanguru.com/
[78] K. Butler, S. McLaughlin, and P. McDaniel, Kells: A Protection Framework for Portable Data, in Proceedings of the 26th Annual Computer Security Applications Conference, 2010.
[79] D. J. Tian, A. Bates, K. R. B. Butler, and R. Rangaswami, ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices, in Proceedings of the 2016 ACM Conference on Computer and Communications Security, CCS ′16, Oct. 2016.
[80] A. Bates, D. Tian, K. R. Butler, and T. Moyer, Trustworthy Whole-System Provenance for the Linux Kernel, in Proceedings of the 24th USENIX Security Symposium, Aug. 2015.
[81] S. N. Jones, C. R. Strong, D. D. E. Long, and E. L. Miller, Tracking Emigrant Data via Transient Provenance, in 3rd Workshop on the Theory and Practice of Provenance, TAPP′11, Jun. 2011.
[82] D. Pham, M. Halgamuge, A. Syed, and P. Mendis, Optimizing windows security features to block malware and hack tools on USB storage devices, in Progress in electromagnetics research symposium, 2010.
[83] OPSWAT, Metascan, 2013. https://www.opswat.com/products/metascan
[84] OLEA Kiosks, Inc., Malware Scrubbing Cyber Security Kiosk, 2015. http://www.olea.com/product/cyber-security-kiosk/
[85] Microsoft, Inc., Microsoft Windows Embedded 8.1 Industry. USB Filter (Industry 8.1), Microsoft.com, 2014. https://msdn.microsoft.com/en-us/library/dn449350(v=winembedded.82).aspx
[86] B. Yang, D. Feng, Y. Qin, Y. Zhang, and W. Wang, TMSUI: A Trust Management Scheme of USB Storage Devices for Industrial Control Systems, Cryptology ePrint Archive, Report 2015/022, 2015.
[87] S. A. Diwan, S. Perumal, and A. J. Fatah, Complete security package for USB thumb drive, Computer Engineering and Intelligent Systems, 5(8):30-37, 2014.
[88] S. Poeplau and J. Gassen, A Honeypot for Arbitrary Malware on USB Storage Devices, In 7th International Conference on Risk and Security of Internet and Systems, CRiSIS ′12, Oct. 2012.
[89] D. J. Tian, A. Bates, and K. R. B. Butler, Defending Against Malicious USB Firmware with GoodUSB, in Proceedings of the 31st Annual Computer Security Applications Conference, ACSAC ′15, 2015.
[90] Imation, IronKey Secure USB Devices Protect Against BadUSB Malware, 2014. http://www.ironkey.com/en-US/solutions/protect-against-badusb.html
[91] G. Hernandez, F. Fowze, D. J. Tian, T. Yavuz, and K. Butler, FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution, in 24th ACM Conference on Computer and Communications Security (CCS′17), Dallas, USA, 2017.
[92] F. Fowze, D. Tian, G. Hernandez, K. Butler, and T. Yavuz, ProXray: Protocol Model Learning and Guided Firmware Analysis, inIEEE Transactions on Software Engineering, vol. 47, Issue 9, Sep. 2019.
[93] Y. Li, J. M. McCune, and A. Perrig, VIPER: Verifying the Integrity of PERipherals′ Firmware, in Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 3-16, 2011.
[94] MWR Labs., USB Fuzzing for the Masses, Jul. 2011. https://labs.mwrinfosecurity.com/blog/usb-fuzzing-for-the-masses/
[95] R. D. Vega, USB Attacks: Fun with Plug and 0wn, Oct. 2009. https://labs.mwrinfosecurity.com/assets/135/original/
mwrit2-usb-fun-with-plug-and-0wn2009-10-29.pdf
[96] M. Jodeit and M. Johns, USB Device Drivers: A Stepping Stone into your Kernel, DEEPSEC, Oct. 2009.
[97] S. Schumilo, R. Spenneberg, and H. Schwartke, Don′t trust your USB! How to find bugs in USB device drivers, In Blackhat Europe, Oct. 2014.
[98] Google, Found Linux kernel USB bugs, 2017. https://github.com/google/syzkaller/blob/master/docs/linux/foundbugsusb.md
[99] J. Patrick-Evans, L. Cavallaro, and J. Kinder, POTUS: Probing Off The-Shelf USB Drivers with Symbolic Fault Injection, In 11th USENIX Workshop on Offensive Technologies (WOOT 17), Vancouver, BC, 2017.
[100] H. Peng, USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation, In 29th USENIX Security Symposium (USENIX Security ′20), Aug. 2020.
[101] P. Johnson, S. Bratus, and S. Smith, Protecting Against Malicious Bits On the Wire: Automatically Generating a USB Protocol Parser for a Production Kernel, In Proceedings of the 33th Annual Computer Security Applications Conference, ACSAC ′17, 2017.
[102] D. Tian, G. Hernandez, J. I. Choi, V. Frost, P. C. Johnson, K. R. B. Butler, LBM: A Security Framework for Peripherals within the Linux Kernel, In 2019 IEEE Symposium on Security and Privacy (SP) San Francisco, CA, USA, May 2019.
[103] E. L. Loe, H.-C. Hsiao, T. H.-J. Kim, S.-C. Lee, S.-M. Chen, SandUSB: An Installation-Free Sandbox For USB Peripherals, In 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT). Reston, VA, USA, Dec. 2016.
[104] A. Bates, R. Leonard, H. Pruse, D. Lowd, and K. R. B. Butler, Leveraging USB to Establish Host Identity Using Commodity Devices, In Proceedings of the 21st ISOC Network and Distributed System Security Symposium (NDSS′14), San Diego, CA, USA, Feb. 2014.
[105] M. Neugschwandtner, A. Beitler, and A. Kurmus, A Transparent Defense Against USB Eavesdropping Attacks, In Proceedings of the 9th European Workshop on System Security, EuroSec ′16, 2016.
[106] Microsoft, Inc., Microsoft SQL Server Compact 4.0 SP1, 2020. https://www.microsoft.com/zh-tw/download/details.aspx?id=30709
[107] Microsoft, Inc., OLE DB Interfaces, 2016. https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ms709709(v=vs.85
[108] V. Blecha, Combining Raw Input and keyboard Hook to selectively block input from multiple keyboards, 2014. https://www.codeproject.com/Articles/716591/Combining-Raw-Input-and-keyboard-Hook-to-selective
[109] Nir Sofer, FileActivityWatch v1.65, 2018. https://www.nirsoft.net/utils/file_activity_watch.html
[110] Nir Sofer, DNSQuerySniffer v1.85, 2013. https://www.nirsoft.net/utils/dns_query_sniffer.html
[111] Microsoft, Inc., BCryptGenRandom function (bcrypt.h), 2016. https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom
[112] K. Alzhrani and A. Aljaedi, Windows and Linux Random Number Generation Process: A Comparative Analysis, In International Journal of Computer Applications vol. 113, no. 8, pp. 17-25, 2016.
[113] S. Cohney, A. Kwong, S. Paz, D. Genkin, N. Heninger, E. Ronen, and Y. Yarom, Pseudorandom Black Swans: Cache Attacks on CTR_DRBG, In 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, May 2020.
[114] T. Hoang and Y. Shen, Security Analysis of NIST CTR-DRBG, In 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, Aug. 2020.

指導教授

許富皓(Fu-Hau Hsu)

審核日期

2022-1-26

推文