Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Re: [ntdev] best method/approach to secure my driver?

Tim_RobertsTim_Roberts Member - All Emails Posts: 12,914
On Jun 25, 2017, at 6:36 PM, Alex don <xxxxx@mail.ru> wrote:
>
> Thanks for replies. I think I did not clarify an important point about this topic, I don't want to prevent anyone from sending IOCTLs to my driver, since I think it's impossible, any process with enough privileges or running as SYSTEM can make modifications in the system or impersonate my service, the most important point is to prevent anyone from using my driver, for example if it does some "dangerous" function that can be abused by an attacker, say if I am writing a firewall solution, my service may send an IOCTL to block all outgoing connections, so if anyone takes my driver, it could abuse this functionality. How do I prevent this? All these methods can be easily bypassed:

I think all of the responders understood your situation quite well. It's important for you to understand that anything you do in user mode can be hacked. What you need to do Is realistically assess the danger of each breach, and balance that danger against the cost of your protection.

Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 25 Feb 2019 OSR Seminar Space
Developing Minifilters 8 April 2019 OSR Seminar Space