摘要
讨论了近年来出现的恶意USB设备的攻击和防护技术.恶意设备可以利用USB接口协议,获得计算机管理员权限,自动运行恶意程序,获取所存资料甚至远程控制计算机等.为了研究并防护此类USB安全问题,设计开发了1款可以伪装成键盘的恶意USB设备.在网络隔离环境下,成功打开目标电脑中的程序,获取计算机内文件.整个过程不触发任何操作系统规则,发现后不能通过软件清除,对涉密计算机有较大的威胁.针对此类恶意USB设备研究了相应的防护技术.
This paper discusses research activities that investigated the risk and protection mechanism associated with USB devices. Using USB interface protocol,an adversary can mount suck an attack with an objective to get the administrator’s permission of computer,auto-running the malware. obtaining the stored information, even remotely controlling the computer. The work was validated through the design and implementation of a malicious USB device that can be disguised as the keyboard. Files stored in the computer are got remotely through this keyboard without violating any system rules. With high concealment,this method has high threat to classified computers, which cannot be found or removed by the anti-virus program. Furthermore, this paper proposes the corresponding protection mechanism of USB devices.
出处
《信息安全研究》
2016年第2期150-158,共9页
Journal of Information Security Research
基金
国家自然科学基金项目(61501458)
