At the end of February, Microsoft unveiled its new Driver Security Guidance for Windows driver developers. The guidance is designed to help developers avoid or prevent the issues associated with a driver being attacked.
Microsoft’s guide comes on the heels of the Meltdown and Spectre snafu that affected every Intel chipset as well as some others made by AMD and ARM. Meltdown and Spectre, the bugs in the Intel chipsets, left users open to potential attacks from malicious software that could exploit the security flaws to spy deeply into processes and data.
What’s in the Guide
According to the guide, when computer developers are working on a driver—a software component that lets the operating system (OS) and a device communicate with each other—the focus tends to be on getting the driver to function properly. Developers are less focused on whether or not malicious attackers will attempt to exploit vulnerabilities within their code. The guide states that creating more secure drivers requires the cooperation of the system architect, the developer, and the test team.
“The goal is to eliminate all known security flaws before the driver is released,” says Microsoft.
In order to help developers achieve creating more secure drivers, the guide sets out a series of helpful tools. The guide includes:
- A driver security overview;
- A driver security checklist;
- Information on threat modeling for drivers;
- The Windows security model for driver developers; and
- How to use Microsoft’s Device Guard Readiness Tool to evaluate Hypervisor-protected Code Integrity (HVCI) driver compatibility.
Developers will find the topic of threat modeling particularly useful. Threat modeling is a way to categorize and analyze the potential threats to the driver. The threat modeling section of the guide explains how to:
- Identify the places where the driver could be vulnerable to an attack.
- Analyze the types of attacks that could be mounted.
- Ensure that the driver is designed in a way that it can prevent attacks.
Though this guide was designed for Microsoft Windows OS driver developers, being aware of how to prevent or avoid potential malicious attacks on the driver is important in all OSs and all developers.
Find Microsoft’s Driver Security Guidance here.