Microsoft has released details about the new Linux kernel project the company has been working on. The project, called Integrity Policy Enforcement (IPE), is the Linux Security Module (LSM), which allows configurable policies to enforce integrity requirements throughout the system.
IPE is Microsoft’s attempt to address Linux’s code integrity issues. There are two main sections: configurable policies provided by LSM (“IPE Core”) and the deterministic properties provided by the kernel for evaluating files (“IPE Properties”). IpE is currently in the RFC state.
On IPE-enabled Linux systems, the system administrator can create a list of binaries that are allowed to be executed, and then add the validation properties that the kernel needs to check before running each binary. IPE can also prevent the execution of malicious code if an attacker changes the binary.
Microsoft says IPE is designed for devices with specific purposes, such as embedded systems (e.g. network firewall devices in the data center), where all software and configurations are built and provided by administrators. Ideally, systems that utilize IPE do not apply to general computing and do not use any software or configurations built by third parties.
IPE supports two modes of operation: permissive mode (similar to the permissive mode of SELinux) and enforce mode. Where, the enforce mode is the default mode. Permissive mode performs the same checks as the enforce mode and logs the policy violations, but it does not enforce the policy, which allows the user to test the enforce policy before it.
In addition, Microsoft claims that, unlike LSMs (such as IMas) already available in the Linux kernel for code integrity, IPE does not depend on file system metadata, and because ipE properties are deterministic properties that exist only in the kernel, it does not require additional code that requires IMA signatures like IMA.