Microsoft announces IPE, a new code integrity feature for Linux

Microsoft says IPE (Integrity Policy Enforcement) was designed for immutable and embedded systems (e.g. network firewall device in a data center).

Linux Tux

read this

​Microsoft's love affair with Linux deepens

After testing the waters for years, Microsoft has launched its first service, Azure Cloud Switch, that's based on Linux.

Read More

Microsoft published this week details about a new project the company has been working for the Linux kernel.

Named Integrity Policy Enforcement -- or IPE -- the project is a Linux security module (LSM). LSMs are optional add-ons for the Linux kernel that enable additional security features.

According to a documentation page published on Monday, IPE is Microsoft's attempt to solve the code integrity problem for Linux -- an operating system the company broadly uses in its Azure cloud service.

On Linux systems where IPE is enabled, system administrators can create a list of binaries that are allowed to execute and then add the verification attributes the kernel needs to check for each binary before allowing it to run. If binaries have been altered by an attacker, IPE can block the execution of the malicious code.

Not intended for the general Linux userbase

Microsoft says that IPE is not intended for general-purpose computing. The IPE LSM was designed for very specific use cases where security is paramount, and administrators need to be in full control of what runs on their systems.

Examples include embedded systems, such as network firewall devices running in a data center, or Linux servers running strict and immutable configurations and applications.

"IPE, similar to SELinux, supports two modes of operation: permissive and enforce," Microsoft said.

"Permissive mode performs the same checks as enforce mode, and logs policy violations, but will not enforce the policy. This allows users to test policies before enforcing them."

Microsoft has published today the specs for the new IPE module. The IPE is currently in an RFC (request for comments) state. It will take some time before it ships with the actual Linux kernel.

The Linux kernel already includes a LSM for code integrity, named Integrity Measurement Architecture (IMA). Microsoft said that IPE differs from IMA because "it has no dependency on the filesystem metadata" and because IPE attributes "are deterministic properties that exist solely in the kernel," meaning IPE doesn't need additional code like IMA needs IMA signatures.