Best Practices for Secure and Reliable Device Drivers (Windows CE 5.0)
Device drivers should not unexpectedly crash or unexpectedly elevate privilege.
The following list shows best practices for security and reliability:
- Use SetProcPermissions and structured exception handling (SEH) when an internal thread accesses an externally provided buffer. Do not use SetProcPermissions when in the thread context of the caller.
SEH is also known as __try/__except blocks.
- Use SEH only as needed.
- Check access permissions on nested pointers in IOCTL calls.
- Check access permissions on nested pointers in non-stream interface driver entry points, such as the GWES keyboard functions.
- Use the Ceddk.dll functions to access hardware.
Do not use the macros in Wdm.h.
- Check return values for any function calls that can fail or return unexpected results.
- Use DEBUGCHK or a related macro to check assumptions, but appropriately handle the error circumstances that can occur.
- Verify that any applications that call into a device driver are trusted.
You might need to impose device access limitations in your device driver's entry points or IOCTLs.
- Check the trust of the calling application with the CeGetCallerTrust function. Then, if necessary, enforce access to trusted callers only with the DEVFLAGS_TRUSTEDCALLERONLY Flags registry value.
- Perform thorough threat modeling and mitigation.
- Use the PREfast Analysis Tool.
Send Feedback on this topic to the authors