Verifying a service caller to a driver

Hello. Any ideas on how a driver can determine only it’s associated service should be the one to communicate with the driver?

I’ve had a look and there are no cert checks API in DDK. MS code is able to do it via Code Integrity module, but how is a 3rd party driver then supposed to ensure only his service can communicate with his driver. Every scenario I thought of from filepath verification, image name, etc all have the potential of being spoofed by an actor. Cert verification is the best way to ensure the service talking to my driver is truly mine, but I don’t see any obvious way of invoking it.

There is one little terminology issue: “associated service” is the term for the driver assigned to a PnP device. i assume you’re just asking how to restrict your driver to one user-mode application.

Frankly, there’s nothing you can do that is bulletproof, just like everything in user mode. Any clever lock you create can be picked by a hacker. Like all security issues, there’s a serious cost/benefit analysis to be done. You can keep spending more money on security schemes, but you hit diminishing returns very quickly. Really, who’s going to want to use your driver?

If your service starts at startup, you can make your driver “exclusive” so only one app at a time can open it. That will certainly protect against casual users. A sufficiently motivated hacker could write their own service app and force it to start before yours, but why would they do that?

I suspect you want to use a Service SID. Look up service isolation… you can lock-down your device object and only allow access to the service with the specific SID.

Peter

1 Like