Device drivers constitute a large fraction of the code in commodity operating systems. Over 35,000 drivers with over 112,000 versions exist for Windows XP, while over 3.1 million lines out of 5.4 million lines of the Linux kernel is device driver code. As several recent exploits against device drivers show, drivers are rife with bugs that compromise system security.
Exploits against device drivers are dangerous because commodity operating systems execute drivers in kernel address space. A compromised driver can modify kernel data structures or execute arbitrary code with kernel privilege. Prior techniques that protect commodity OS kernels from device drivers either suffer from low performance or are limited to specific classes of vulnerabilities, such as memory errors. Inspired by user-mode driver frameworks, this project applies a three-pronged approach to the problem of protecting kernel data from vulnerabilities in device drivers. First, this project will develop techniques to monitor kernel data structure updates initiated by device drivers and ensure that they do not compromise the integrity of these data structures. Second, it will develop techniques to limit driver access to kernel memory via DMA without requiring hardware support yet taking advantage of it if available. Third, it will develop new techniques for recovering from compromised drivers.
These techniques are applicable to legacy device drivers on standalone commodity operating systems and require minimal changes to the operating system. In addition, they impose negligible overheads on common-case performance of device drivers and are thus practical for use even with high-throughput devices.
