| 摘要 |
Technologies managing cross ring memory accesses by a device driver on a computing device includes configuring a memory page table associated with the device driver to disable cross ring memory accesses by the device driver, trapping attempted cross ring memory accesses by the device driver, and denying the attempted cross ring memory access if the device driver is determined to be malicious. If the device driver is determined not to be malicious, the memory page table is updated to allow the attempted cross ring memory access. The device driver may be analyzed to determine whether the device driver is malicious by comparing the device driver and the attempted cross ring memory access to security data, such as a device driver fingerprint and/or cross ring memory access heuristics, stored on the computing device. |
