Call to action and resources (threat modeling for drivers)
This article contains call to action recommendations and resources for threat modeling for drivers.
For driver developers:
- Make threat modeling a required part of driver design.
- Stay current with the latest security news and bulletins.
- Become familiar with the security and reliability issues that apply to your driver and device type. For more information, see the device-specific sections of the Windows DDK.
- Understand which checks the operating system, I/O manager, and any higher-level drivers perform before user requests reach your driver—and which checks they do not perform.
- Use tools from the Windows DDK and the WHDC web site to test and verify your driver.
Howard, Michael, and David LeBlanc.
Writing Secure Code, Second Edition. Redmond, WA: Microsoft Press, 2003.
Microsoft Hardware and Driver Developer Information
Common Driver Reliability Problems white paper
Cancel Logic in Windows Drivers white paper
Windows Security Model: What Every Driver Writer Needs to Know white paper
Microsoft Windows Driver Development Kit (DDK)
See “Driver Programming Techniques” in “Kernel-Mode Drivers Architecture”
Certification Program Requirements and Policies