HomeWinBuzzer NewsMicrosoft Announces IPE, an Attempt to Solve Linux's Code Integrity Problem

Microsoft Announces IPE, an Attempt to Solve Linux’s Code Integrity Problem

Microsoft's IPE looks to fill the gaps in Linux Kernel security with a code integrity solution that includes run-time verification and a configurable policy.


Ten years ago, offering solutions to competing OSes would have felt alien. Today, the company is a significant contributor to , owing to its multi-OS cloud infrastructure. With those customers in mind, it has this week announced a method to solve Linux's code integrity issues.

Integrity Policy Enforcement, or IPE, is a Linux security module that will optionally enhance user's safety. According to documentation on GitHub, the module lets admins configure a policy that allows only code they have previously authorized to execute.

While the Linux kernel has several existing methods for integrity verification, Microsoft says these lack “a measure of run-time verification that binaries are sourced from these locations”.

With IPE, server admins should be able to prevent attacks like binary rewriting, malicious binary execution, and linker hijacking. These are all scary as they require little effort but can have a huge impact. Still, it's worth noting that this isn't for your average user.

“IPE is designed for use in devices with a specific purpose like embedded systems (e.g. network firewall device in a data center), where all software and configuration is built and provisioned by the owner,” it explains. “Ideally, a system which leverages IPE is not intended for general purpose computing and does not utilize any software or configuration built by a third party.”

Even so, it could be many weeks before IPE becomes widely available. The module is currently in a Request for Comments (RFC) state and will have to wait on feedback before anyone can utilize it.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News