L4 Driver Security

Björn Döbel doebel at os.inf.tu-dresden.de
Wed Jun 20 12:24:37 CEST 2012

Hi again,

>> 3. Untrusted, untested drivers can cause system crashes.
> Of course.

There's one thing to add, though: By running device drivers in dedicated
user-level processes, a crashing driver in the common case only takes
down its own process, but the rest of the system continues to run.
That's a major advantage, because you can have a monitoring process that
then restarts the driver [1] this way.

However, even a user space driver can still crash the system if it goes
rampant by misprogramming the DMA engine and you don't use an IOMMU.


[1] J. Herder et al. "Failure resilience for device drivers", DSN 2007

More information about the l4-hackers mailing list