The goal is to eliminate all known security flaws before the driver is released.Ĭreating more secure drivers requires the cooperation of the system architect (consciously thinking of potential threats to the driver), the developer implementing the code (defensively coding common operations that can be the source of exploits), and the test team (proactively attempting to find weakness and vulnerabilities). Developers must consider these issues during the design and implementation phase in order to minimize the likelihood of such vulnerabilities. When most developers are working on their driver, their focus is on getting the driver to work properly, and not on whether a malicious attacker will attempt to exploit vulnerabilities within their code.Īfter a driver is released, however, attackers can attempt to probe and identify security flaws. In addition, vulnerabilities in driver code can allow an attacker to gain access to the kernel, creating a possibility of compromising the entire OS.
Driver security overviewĪ security flaw is any flaw that allows an attacker to cause a driver to malfunction in such a way that it causes the system to crash or become unusable. This article provides a driver security checklist for driver developers to help reduce the risk of drivers being compromised.
0 kommentar(er)
