Many modern operating systems distinguish between processes executing in kernel mode and processes executing in user mode. Kernel-mode processes (such as device drivers) may generally execute arbitrary instructions and perform arbitrary operations on devices. User-mode processes (such as applications), on the other hand, may be limited to a subset of functionality. The division between kernel-mode processes and user-mode processes may protect a computing system from errors in user-mode applications causing system-wide faults or malicious applications inappropriately using system resources.
An operating system may secure a device such that the device is only accessible from certain process contexts. A context proxy operating within such a process context may then allow trusted user-mode applications to access the secured device indirectly by communicating with the secured device on behalf of the trusted user-mode applications. Unfortunately, requiring all communications from a user-mode application to the device to first pass through the context proxy may degrade the performance of the user-mode application and may also introduce another failure point in interactions with the device. Alternatively, an operating system could allow any application to communicate with a device from any context. Unfortunately, the device would then be vulnerable to untrustworthy applications. Accordingly, the instant disclosure identifies a need for additional systems and methods for securing access to kernel devices.