Device Driver-Based Appliances via a Security Event Notification Method
Publication Date: 2016-May-31
The IP.com Prior Art Database
Device Drivers are key elements for the correct funtionality of Operating System and devices of different nature. Properly controlling them in a distributed enviroment poses non trivial challanges for the infrastructure administators.
Page 01 of 5
Device Driver -
-Based Appliances via a Security Event Notification Method
Based Appliances via a Security Event Notification Method
In a diversified enterprise environment with a wide range of computer models and Operating System images, complete knowledge and control of the device drivers needed during the deployment for each hardware model/operating system combination is increasingly complex.
During the deployment, the reference image is installed on the target together with the device drivers that are needed for it to function correctly. However, after the deployment, a multitude of circumstances can concur to alter the state of the installed drivers.
In some instances, one or more drivers may not be working properly right from after they were installed. In other cases, there is the likelihood that operations performed on the machine, such as the installation/removal of additional devices, or updates of software or firmware, may result in a change in the actual state of the drivers with respect to their initial or reference state.
Moreover, there is a strong risk that any suspicious driver, or that any malware could be installed on the system, masked as an OEM driver or, more dangerously, installed in the form of a default driver that has been hacked.
In the context of an enterprise, where security is increasingly important, this problem represents a serious threat.
Our solution addresses this need by providing a system that guarantees an effective and precise control of the devices installed on a system, allowing the IT infrastructure administrator to receive alerts and information about suspicious situations.
While our solution is discussed here in terms of Operating and Computer systems, it is applicable to a broader set of end user apparatus that rely on hardware devices operated by means of device drivers such as smartphones, tablets, ATMs etc. in general in all those situations where a malicious device driver can lead to malfunction or damage.
With the proposed solution the system will be able to detect any unexpected alteration of the status of the device drivers on the target machine and report the Security Driver Change Event back to the server.
On the server, the nature of the change is evaluated and the proper Alert Level is computed for the notification to a system administrator who can then take the proper actions.
Page 02 of 5
On the server, the change events and the corresponding alert levels are saved in order to allow auditing and analisys on the alert level is computed for the notification to a system administrator who can then take the proper actions.
To allow an effective an reliable computation of the device and devic...