Microsoft has been working on a new project for Linux kernel. The company has announced the Integrity Policy Enforcement (IPE), which happens to be a new code integrity feature for Linux. The project IPE is essentially a Linux Security Module or LSM that is nothing but an optional framework, allowing the Linux kernel to support additional security features.
Integrity Policy Enforcement (IPE) project
With the introduction of IPE, Microsoft wants to solve the code integrity issue for Linux. For those who don’t know, Linux operating system powers Microsoft’s Azure cloud services.
In its detailed documentation, Microsoft wrote:
“IPE helps the owner of a system ensure that only code they have authorized is allowed to execute.”
Meaning, the Integrity Policy Enforcement will allow the execution of code that is built and authorized by a trusted source. Linux kernel already attempts to address the code integrity problem to some extent, courtesy of device-mapper verity to ensures integrity for a block device, in addition to fs-verity that ensures integrity for a filesystem.
However, Microsoft says these measures lack run-time verification that binaries are sourced from these locations. Microsoft aims to address this gap with the help of IPE, which is divided into two major parts: IPE Core and IPE Properties.
While IPE Core is a configurable policy that the Linux Security Module provides, IPE Properties make sure that the kernel provides deterministic attributes to evaluate files against.
Code integrity consists of both software quality and coverage that enables Linux kernel developers to ensure their code is written without any room for error. Microsoft identifies it as one of the most effective measures to mitigate security risks with modern systems.
Code integrity combined with Private Key Infrastructure and code signing, kernel developers can also control the execution of all binaries and code that is known to authorized, trusted sources.
Furthermore, it prevents and eliminates attacks, as follows:
- Linker hijacking (LD_PRELOAD, LD_AUDIT, DLL Injection)
- Binary rewriting
- Malicious binary execution/loading
IPE is designed for use in embedded systems such as a network firewall device in a data center, where the highest level of security is required.
However, IPE has certain limitations. For example, it cannot verify the integrity of anonymous executable memory and interpreted languages programs.