1. Field of the Invention
The present invention relates to the protection of computer systems. More particularly, the present invention relates to a system and method for loading drivers.
2. Description of the Related Art
The operating system's kernel offers the most fundamental and therefore important operating system services. The fundamental nature of these services also makes the services such powerful tools that whatever controls the services can ultimately control everything else on the system. Failure or compromise of such powerful and fundamental services can be catastrophic, so it is logical and important to implement a kernel protection scheme.
PatchGuard is Microsoft's kernel protection scheme for 64-bit platforms. Microsoft has taken the approach of blanket denial of access to kernel structures by non-Microsoft kernel code. However, malware and security products both use System Service Dispatch Table (SSDT) hooks to wield the fundamental power of the operating system services. Such “blind justice” as blanket denial of kernel access to security products and malware writers alike is overkill.
What is needed is a kernel protection scheme that protects against unauthorized modifications to the system service dispatch table but which also allows access by legitimate security vendors necessary to continue innovating and providing alternative security models to compliment those of the underlying operating system.