To enable access to an I/O device, the operating system loads a device driver stack. This is true whether the I/O device is an onboard device or an externally connected device. Typically, the operating system performs a plug-and-play process to automatically detect when a device has been connected and to load the appropriate device drivers into the stack. Once the device driver stack is created for a particular device, I/O requests targeting the device will be passed through the stack thereby allowing the drivers to handle the request appropriately.
In some cases, it may be desirable to prevent a user from accessing a particular device or a particular type of device. For example, an administrator may block users from accessing mass storage devices (e.g., USB flash drives) or webcams that are connected to or built into their computing devices. There are currently various techniques that can be employed to accomplish this type of blocking. For example, a USB port could be disabled to prevent any type of device from being connected to the computing device via the USB port. Alternatively, a computing device could be configured to block the loading of a device driver stack when a particular type of device is connected. Both of these examples represent all-or-nothing approaches to blocking access to devices. For example, if the computing device is configured to not load a device driver stack for a webcam, the webcam will remain inaccessible until the computing device is reconfigured (and possibly rebooted) to allow such access. Similarly, if the computing device is configured to load a device driver stack for the webcam, the webcam will remain accessible until the computing device is again reconfigured. There are currently no techniques for dynamically controlling access to a device.