TY - JOUR T1 - Threat and Vulnerability Modelling of Malicious Human Interface Devices AU - Nıcho, Mathew AU - Sabry, Ibrahim PY - 2022 DA - December DO - 10.55549/epstem.1225679 JF - The Eurasia Proceedings of Science Technology Engineering and Mathematics JO - EPSTEM PB - ISRES Publishing WT - DergiPark SN - 2602-3199 SP - 241 EP - 247 VL - 21 LA - en AB - The threats posed by malicious Human Interface Devices (HID) have greater potential for harmowing to the inherent trust given to them by the respective Operating Systems (OS). While HIDs vary in termsof hardware and software, the OS detects them as genuine, providing access to the malicious HID to performand execute privileged actions as if it came from a genuine user. Since the threat can bypass normal securitycontrols, it poses a significant challenge to security managers. While the insider (both unintentional andmalicious) threat level posed by the malicious HIDs is high, research in the domain of mapping HIDs to HIDattack vectors and the exploited vulnerabilities is scarce, which is evident from the paucity of research outputs ina Google Scholar search. Accordingly, the objective of this research is to create a model that maps HIDs tovulnerability categories aligned to attacks. In this connection, the paper proposes an HID Threat Vulnerabilitymodel (HidTV) that identifies the malicious HID types and evaluates the nature of HID related threats and thecorresponding vulnerabilities that are exploited. The resulting model can provide security managers with avisibility of critical vulnerabilities, map specific HIDs to threats and vulnerabilities and formulate securitypolicies to defend and mitigate against these threats. From an academic perspective, the paper provides afoundation for researchers to evaluate and propose detective and mitigation strategies for specific attack paths.While there are genuine uses for HIDs, this paper focuses on the ways they can be intentionally exploited formalicious purposes. KW - Human interface device (HID) KW - Malicious HID KW - HID threats KW - HID vulnerabilities. UR - https://doi.org/10.55549/epstem.1225679 L1 - https://dergipark.org.tr/en/download/article-file/2858448 ER -