There will probably always be some degree of need to run closed source drivers, which obviously can't be trusted. The potential for damage could be limited if they could be placed in a virtual environment that allows them to see only the memory and I/O space allocated to them, and where the higher operating system could filter the information passed to and from them. Quite likely, some hardware changes would be necessary to censor the address space visible to such a driver, without slowing it down. With the first stirrings of open source hardware design starting to appear, it might be possible to begin developing a machine and kernel that could safely run an untrusted driver.
A second, and possibly more subtle problem, is untrusted hardware plugged into the bus. For example, if a network board phones home, that's pretty hard to detect, unless it's routed through a firewall. With an RF network board, that probably wouldn't be feasible. Disk controllers and DVD drives have so much firmware these days, it's anyone's guess what it might do.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/281/29395#29395