| 摘要 |
Techniques for allowing peripheral-device manufacturers to specify drivers for use with these devices and then loading these manufacturer-specified drivers in a manner that constrains operation of the drivers are described herein. In some instances, the techniques constrain operation of the drivers by loading these drivers into isolated containers. By loading such a driver into an isolated container, the techniques protect the host computer from harm caused by a buggy or malicious device driver. Furthermore, by loading a device driver that a manufacturer of the corresponding device specifies, the techniques allow this manufacturer to select a driver that is unlikely to harm the peripheral device itself In tandem, the techniques provide a framework that protects both the peripheral device and the host computer to which the peripheral device couples.
|
