Re[2]: [ntdev] best method/approach to secure my driver?

>Saturday, June 24, 2017 10:25 PM UTC from “Don Burn” :
>
>Well you can make the device exclusive so only one application can access
>it. Okay but what if anyone take my driver and load it into an environment where my application is not running?

>You obviously should set the SDDL string for the device to be very
>restrictive, assuming your service runs with a secure account. Even if I set the security descriptor of the device, it still can be accessed with enough privileges. nowadays getting administrator privileges is not a problem for hackers. UAC doesn’t help at all…

>Beyond that
>you are getting into the paranoid zone, things like passing some sort of
>security block between the driver and the application with an appropriate
>transformation by the application to make it harder for another application
>to fake it.
Do you know somehow? All the ideas I thought of, I found a way to bypass it.
- checking PID
- checking file integrity
- checking process address
>
>
>Don Burn
>Windows Driver Consulting
>Website: http://www.windrvr.com
>
>
>
>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@mail.ru
>Sent: Saturday, June 24, 2017 5:53 PM
>To: Windows System Software Devs Interest List < xxxxx@lists.osr.com >
>Subject: [ntdev] best method/approach to secure my driver?
>
>If my service communicates with my driver via DeviceIoControl, what is the
>best way to secure my driver from preventing being used by unauthorized
>applications? for example, random apps sending fake IOCTLs
>
>—
>NTDEV is sponsored by OSR
>
>Visit the list online at:
>< http://www.osronline.com/showlists.cfm?list=ntdev >
>
>MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
>drivers!
>Details at < http://www.osr.com/seminars >
>
>To unsubscribe, visit the List Server section of OSR Online at
>< http://www.osronline.com/page.cfm?name=ListServer >
>
>
>—
>NTDEV is sponsored by OSR
>
>Visit the list online at: < http://www.osronline.com/showlists.cfm?list=ntdev >
>
>MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
>Details at < http://www.osr.com/seminars >
>
>To unsubscribe, visit the List Server section of OSR Online at < http://www.osronline.com/page.cfm?name=ListServer >