Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article contains call to action recommendations and resources for the Windows security model.
- Set strong default ACLs in calls to the IoCreateDeviceSecure routine.
- Specify ACLs in the INF file for each device. These ACLs can loosen tight default ACLs if necessary.
- Set the FILE_DEVICE_SECURE_OPEN characteristic to apply device object security settings to the device namespace.
- Do not define IOCTLs that permit FILE_ANY_ACCESS unless such access cannot be exploited maliciously.
- Use the IoValidateDeviceIoControlAccess routine to tighten security on existing IOCTLS that allow FILE_ANY_ACCESS.
For more information, see:
- Writing Secure Code, Second Edition. LeBlanc, David and Michael Howard. Redmond, WA: Microsoft Press, 2003.
- Windows Internals, Part 1 / Windows Internals, Part 2, Sixth Edition. Mark Russinovich, David Solomon and Alex Ionescu. Redmond, WA: Microsoft Press, 2012.
- Windows Driver Kit (WDK)