Device Driver Safety Through a Reference Validation Mechanism

Abstract

Device drivers typically execute in supervisor mode and thus must be fully trusted. This paper describes how to move them out of the trusted computing base, by running them without supervisor privileges and constraining their interactions with hardware devices. An implementation of this approach in the Nexus operating system executes drivers in user space, leveraging hardware isolation and checking their behavior against a safety specification. These Nexus drivers have performance comparable to in kernel, trusted drivers, with a level of CPU overhead acceptable for most applications. For example, the monitored driver for an Intel e 1000 Ethernet card has throughout comparable to a trusted driver for the same hardware under Linux. And a monitored driver for the Intel i810 sound card provides continuous playback. Drivers for a disk and a USB mouse have also been moved successfully to operate in user space with safety specifications.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2008
Accession Number
ADA507667

Entities

People

  • Dan Williams
  • Emin G. Sirer
  • Fred B. Schneider
  • Kevin Walsh
  • Patrick Reynolds

Organizations

  • Cornell University

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Data Rate
  • Device Drivers
  • Firmware
  • Hierarchies
  • Information Operations
  • Language
  • Mobile Devices
  • Monitoring
  • Operating Systems
  • Playback
  • Specifications
  • Systems Engineering
  • Validation

Fields of Study

  • Computer science

Readers

  • Applied Combinatorial Optimization and Logic Circuit Design.
  • Cybersecurity.
  • Database Systems and Applications

Technology Areas

  • Space