×

Configuration of isolated extensions and device drivers

  • US 8,074,231 B2
  • Filed: 06/30/2006
  • Issued: 12/06/2011
  • Est. Priority Date: 10/26/2005
  • Status: Active Grant
First Claim
Patent Images

1. A computer storage device having processor executable instructions that, when executed by a processor, perform a method comprising:

  • obtaining an untrusted device driver, wherein the untrusted device driver is a set of executable instructions;

    determining a set of computing resources required for execution of the set of executable instructions of the untrusted device driver, wherein the determining act comprises obtaining a processor-readable manifest associated with the untrusted device driver, the device-driver manifest specifying the set of computing resources required for execution of the set of executable instructions of the untrusted device driver, the set of computing resources selected from a group consisting of a hardware resource, a memory, an input/output port, an interrupt request line, and an inter-process communication channel; and

    providing one or more trusted local-access objects for use by the untrusted device driver for access to the required set of computing resources, the one or more trusted local-access objects being exclusive gateways that provide the only means of access to the required set of computing resources for the untrusted device driver, wherein the providing act, in response to the determining act, comprises generating one or more trusted local-access objects for use by the untrusted device driver for access to at least one computing resource of the required set of computing resources, the one or more trusted local-access objects being provided by an operating system and comprising executable instructions, wherein the generating of the one or more trusted local-access objects for access to at least one particular computing resource comprises;

    obtaining a set of executable instructions associated with the at least one particular computing resource;

    providing access for the untrusted device driver to the obtained set of executable instructions that is associated with the at least one particular computing resource; and

    initiating execution of the set of executable instructions of the untrusted device driver and the executable instructions of the one or more trusted local-access objects.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×