Microsoft released detailed information about the company’s new Linux kernel project. The project is called Integrity Policy Enforcement (IPE) and is a Linux Security Module (LSM) that allows configurable policies to enforce integrity requirements across the entire system.
IPE is an attempt by Microsoft to solve the code integrity problem of Linux. It is divided into two main parts: “A configurable policy, provided by the LSM (“IPE Core”), and deterministic attributes provided by the kernel to evaluate files against, (“IPE Properties”).”
On Linux systems with IPE enabled, the system administrator can create a list of allowed binary files and then add the verification attributes that the kernel needs to check before running each binary file. If an attacker changes the binary file, IPE can also prevent the execution of malicious code.
With Private Key Infrastructure and code signing you can effectively control the execution of all binaries on a system to be restricted to a known subset. This eliminates attacks such as:
- Linker hijacking (LD_PRELOAD, LD_AUDIT, DLL Injection)
- Binary rewriting
- Malicious binary execution / loading
Microsoft stated that IPE is designed for devices with specific purposes, such as embedded systems (eg network firewall devices in data centers), where all software and configuration are built and provided by administrators.