
   @article{article_1225679, title={Threat and Vulnerability Modelling of Malicious Human Interface Devices}, journal={The Eurasia Proceedings of Science Technology Engineering and Mathematics}, volume={21}, pages={241–247}, year={2022}, DOI={10.55549/epstem.1225679}, author={Nıcho, Mathew and Sabry, Ibrahim}, keywords={Human interface device (HID), Malicious HID, HID threats, HID vulnerabilities.}, abstract={The threats posed by malicious Human Interface Devices (HID) have greater potential for harm
owing to the inherent trust given to them by the respective Operating Systems (OS). While HIDs vary in terms
of hardware and software, the OS detects them as genuine, providing access to the malicious HID to perform
and execute privileged actions as if it came from a genuine user. Since the threat can bypass normal security
controls, it poses a significant challenge to security managers. While the insider (both unintentional and
malicious) threat level posed by the malicious HIDs is high, research in the domain of mapping HIDs to HID
attack vectors and the exploited vulnerabilities is scarce, which is evident from the paucity of research outputs in
a Google Scholar search. Accordingly, the objective of this research is to create a model that maps HIDs to
vulnerability categories aligned to attacks. In this connection, the paper proposes an HID Threat Vulnerability
model (HidTV) that identifies the malicious HID types and evaluates the nature of HID related threats and the
corresponding vulnerabilities that are exploited. The resulting model can provide security managers with a
visibility of critical vulnerabilities, map specific HIDs to threats and vulnerabilities and formulate security
policies to defend and mitigate against these threats. From an academic perspective, the paper provides a
foundation for researchers to evaluate and propose detective and mitigation strategies for specific attack paths.
While there are genuine uses for HIDs, this paper focuses on the ways they can be intentionally exploited for
malicious purposes.}, publisher={ISRES Publishing}