This Article 
 Bibliographic References 
 Add to: 
Securing Pocket Hard Drives
October-December 2007 (vol. 6 no. 4)
pp. 18-23
Today, affordable storage media comes in various form factors with a wide range of capacities. USB is the most popular PC interface, offering data transfer rates as high as 480 Mbps (version 2.0), with enough power to operate storage devices such as 2.5" hard-disk drives. The Fire Wire interface offers similar capabilities. A few vendors offer software that lets users synchronize their email and network folders with USB storage. This lets them access these data items from several different computers. The U3 industry consortium promotes a model that lets users run programs, such as a Firefox Web browser, directly from the USB storage device, so users can access these applications even on PCs that don't have these applications preinstalled. Similarly, commonly used live CD-ROMs let you boot a PC from an OS resident on the CD-ROM. In this new mobile computing model called portable storage-based personalization, users can personalize a computer by booting from the USB storage media. Users' portable storage devices act as a pocket hard drive.

1. R. Caceres et al., "Reincarnating PCs with Portable Soulpads," Proc. 3rd Int'l Conf. Mobile Systems, Applications and Services (Mobisys 05), ACM Press, 2005, pp. 65–78.
2. N.L. Petroni Jr. et al., "Copilot—A Coprocessor-Based Kernel Runtime Integrity Monitor," Proc. 13th Security Symp., Usenix, 2004, pp. 179–194.
3. R. Lemos, "Researchers: Rootkits Headed for Bios," SecurityFocus,26 Jan. 2006,
4. S.T. King et al., "SubVirt: Implementing Malware with Virtual Machine," Proc. 2006 Symp. Security and Privacy, 2006; DOI: 10.11091SP.2006.38.
5. C.S. Collberg, C.D. Thomborson, and D. Low, "Breaking Abstractions and Unstructuring Data Structures," Proc. Int'l Conf. Computer Languages, IEEE CS Press, 1998, pp. 28–38.
6. S. Bhatkar, D. DuVarney, and R. Sekar, "Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits," Proc. 12th Usenix Security Symp., Usenix, 2003, pp. 105–120.
7. T. Garfinkel et al., "Compatibility Is Not Transparency: VMM Detection Myths and Realities," Proc. 11th Workshop Hot Topics in Operating Systems, Usenix, 2007;
8. J. Robin and C. Irvine, "Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor," Proc. 9th Usenix Security Symp., Usenix, 2000, pp. 129–144.
9. J. Franklin et al., "Towards Sound Detection of Virtual Machines," to be published in Botnet Detection, Springer, 2007.
1. S. Garriss et al., "Towards Trustworthy Kiosk Computing," to be published in Proc. 8th IEEE Workshop Mobile Computing Systems and Applications (HotMobile 07), IEEE Press, 2007.
2. A. Surie et al., Rapid Trust Establishment for Transient Use of Unmanaged Hardware, tech. report CMU-CS-06-176, School of Computer Science, Carnegie Mellon Univ., 2006.
3. W. Arbaugh, D. Farber, and J. Smith, "A Secure and Reliable Bootstrap Architecture," Proc. IEEE Symp. Security and Privacy, IEEE Press, 1997, pp. 65–71.
4. N.L. Petroni Jr. et al., "Copilot—A Coprocessor-Based Kernel Runtime Integrity Monitor," Proc. 13th Usenix Security Symp., Usenix, 2004, pp. 179–194.
5. R. Kennell and L.H. Jamieson, "Establishing the Genuinity of Remote Computer Systems," Proc. 12th Usenix Security Symp., Usenix, 2003, p. 21.
6. A. Seshadri et al., "Swatt: Software-Based Attestation for Embedded Devices," Proc. IEEE Symp. Security and Privacy, IEEE Press, 2004, pp. 272–282.
7. A. Seshadri et al., "Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems," Proc. 10th ACM Symp. Operating Systems Principles (SOSP 05), ACM Press, 2005, pp. 1–16.

Index Terms:
Universal Serial Bus,Application software,Data security,Operating systems,Hardware,Firewire,Prototypes,Portable computers,Drives,Ecosystems,portable storage device,security,mobile computing
"Securing Pocket Hard Drives," IEEE Pervasive Computing, vol. 6, no. 4, pp. 18-23, Oct.-Dec. 2007, doi:10.1109/MPRV.2007.85
Usage of this product signifies your acceptance of the Terms of Use.