Preventing BDA Minidriver Threats
The threats that can be introduced into a BDA minidriver can be prevented in the following ways:
Threats in the signal transport stream
BDA minidrivers should not interpret the contents of signal payloads because such contents could be destructive. BDA minidrivers should only assemble the payloads' buffers and pass them on to the next filter.
If BDA minidrivers interpret payloads, they should carefully verify the contents when parsing such contents from the payloads.
Threats from special-purpose IOCTLs
BDA minidrivers should not expose interfaces to applications that allow those applications to have direct control of buses, memory, or any other hardware. Therefore, processing for all special-purpose IOCTLs should be removed from BDA minidrivers. Such IOCTLs include, for example, vendor-created debugging IOCTLs. To process such IOCTLs, BDA minidrivers would implement an IRP_MJ_DEVICE_CONTROL dispatch routine.
Threats from direct WDM dispatch routines
BDA minidrivers should not provide WDM dispatch routines that bypass the Kernel Streaming (KS) class model. BDA minidrivers should use the AVStream module of the KS driver to provide dispatch and automation routines because it also provides security checks. To provide direct WDM dispatch routines, BDA minidrivers would implement any of the IRP major function codes.