Computers often need to be connected to printers, cameras, and USB flash drives and other hardware, but the small pieces of software that enable communications with these peripherals, known as “device drivers,” have a bad reputation. Experts believe that device driver failures are responsible for about 85 percent of crashes on Windows machines, and poorly written device drivers can also introduce security holes on an otherwise protected computer. Part of the problem is that a device driver can’t easily be examined by anyone outside the company that created it.
“Device drivers are terrible,” says Vitaly Chipounov, a researcher in the Dependable Systems Lab at the Ecole Polytechnique Federale de Lausanne (EPFL) in Switzerland. At the Usenix Annual Technical Conference in Boston last week, Chipounov demonstrated a software tool that could help protect computers from dodgy drivers by identifying problems before they reach a user’s system.
Chipounov’s tool can test device drivers without requiring access to the underlying code. It works by loading a driver into a virtual computer and simulating its behavior, checking for problems like sudden freezes or crashes. The tool works without communicating with a corresponding real piece of hardware. Even so, by simulating the way that hardware interacts with the driver, it can show how a driver will respond when connected to buggy piece of equipment. Once the tool finds a problem, it can provide information about the cause, which can help identify a fix.
The researchers worked with six popular device drivers written for Windows, and they found 14 serious bugs. Some of the drivers they tested had been certified as compatible with Windows by Microsoft. The researchers say this shows that their tool could make the certification of device drivers better. Their experiments revealed a pattern in the way some related drivers failed, which suggests that the hardware vendors responsible may have copied code from one buggy device driver to another. “At least they should copy and paste code that works,” Chipounov jokes.
The stability and security of device drivers is an important problem, says Vinod Ganapathy, an assistant professor of computer science at Rutgers University. On Linux, Mac, and Windows computers, device drivers are typically given the same privileges as the operating system itself, he says. Many of these drivers are written by third-party vendors, and do not undergo the same level of testing as the operating system. Some device drivers posted to the Web are modified to contain malicious code.
“Malicious device drivers can perform a variety of nefarious activities, such as hiding the presence of malicious programs and snooping on networking traffic,” says Ganapathy. “Benign-but-vulnerable device drivers also pose similar risks, because an attacker can hijack vulnerabilities to perform the same kinds of malicious activities.”
Other researchers are working on different ways of making device drivers more secure. Ganapathy and Michael Swift at the University of Wisconsin-Madison, for example, have developed ways to implement drivers so that they are isolated from the core of the operating system.
The EPFL researchers want to empower users to test drivers themselves. The current version of their tool requires a lot of technical expertise, so it’s only suitable for use by hardware or software vendors who might use it to debug or certify drivers. But the researchers’ vision is for end users to be able to determine whether to install a driver or not. They say the tool could be added to an operating system. It could automatically present the user with a “Test Now” button for new drivers, letting them check for problems before they occur.
Gain the insight you need on security at EmTech Digital.