Microsoft announces IPE, a new code integrity feature for Linux


Microsoft published this week details about a new project the company has been working for the Linux kernel. Named Integrity Policy Enforcement — or IPE — the project is a Linux security module (LSM). LSMs are optional add-ons for the Linux kernel that enable additional security features.

According to a documentation page published on Monday, IPE is Microsoft’s attempt to solve the code integrity problem for Linux — an operating system the company broadly uses in its Azure cloud service.

On Linux systems where IPE is enabled, system administrators can create a list of binaries that are allowed to execute and then add the verification attributes the kernel needs to check for each binary before allowing it to run. If binaries have been altered by an attacker, IPE can block the execution of the malicious code.

[Source: ZDNet]