Call to action and resources (Windows security model)
This article contains call to action recommendations and resources for the Windows security model.
- Set strong default ACLs in calls to the IoCreateDeviceSecure routine.
- Specify ACLs in the INF file for each device. These ACLs can loosen tight default ACLs if necessary.
- Set the FILE_DEVICE_SECURE_OPEN characteristic to apply device object security settings to the device namespace.
- Do not define IOCTLs that permit FILE_ANY_ACCESS unless such access cannot be exploited maliciously.
- Use the IoValidateDeviceIoControlAccess routine to tighten security on existing IOCTLS that allow FILE_ANY_ACCESS.
For more information, see:
- Writing Secure Code, Second Edition. LeBlanc, David and Michael Howard. Redmond, WA: Microsoft Press, 2003.
- Windows Internals, Part 1 / Windows Internals, Part 2, Sixth Edition. Mark Russinovich, David Solomon and Alex Ionescu. Redmond, WA: Microsoft Press, 2012.
- Windows Driver Kit (WDK)