Hardware Dev Center

Collapse the table of content
Expand the table of content

Call to action and resources (Windows security model)

This article contains call to action recommendations and resources for the Windows security model.

  • Set strong default ACLs in calls to the IoCreateDeviceSecure routine.
  • Specify ACLs in the INF file for each device. These ACLs can loosen tight default ACLs if necessary.
  • Set the FILE_DEVICE_SECURE_OPEN characteristic to apply device object security settings to the device namespace.
  • Do not define IOCTLs that permit FILE_ANY_ACCESS unless such access cannot be exploited maliciously.
  • Use the IoValidateDeviceIoControlAccess routine to tighten security on existing IOCTLS that allow FILE_ANY_ACCESS.

For more information, see:

  • Writing Secure Code, Second Edition. LeBlanc, David and Michael Howard. Redmond, WA: Microsoft Press, 2001.
  • Inside Microsoft Windows 2000, Third Edition. Solomon, David A. and Mark Russinovich. Redmond, WA: Microsoft Press, 2000.
  • Windows Driver Kit (WDK)



Send comments about this topic to Microsoft

© 2015 Microsoft