The new project is called Integrity Policy Enforcement or simply IPE from the enforcement of political integrity. The project is essentially a security module Linux (LSM from Linux security module). LSMs are optional add-ons for the kernel Linux allowing additional security features.
According to the documentation page published on Monday, IPE is her effort Microsoft to solve the code integrity problem for Linux, an operating system that the company makes extensive use of in Azure cloud service.
In systems Linux Once IPE is enabled, administrators will be able to create a list of binaries that will allow them to execute and add authentication features. So the kernel will check each binary before allowing it to be executed. If the binaries have been modified by an attacker, the IPE will be able to prevent malicious code from being executed.
OR Microsoft states that IPE is not intended for home computers. IPE LSM is designed for very specific use cases where security is paramount and administrators must have complete control over what is running on their systems.
OR Microsoft published today the specifications for the new IPE module. IPE is currently in place in RFC mode (available for comments from request for comments), and it looks like it will be time before it is sent to add to its kernel Linux.
Its core Linux it already includes an LSM for code integrity, called Integrity Measurement Architecture (or IMA). THE Microsoft stated that IPE differs from IMA because it "does not depend on file system metadata" and because IPE features "have core properties that are unique to the kernel", which means that IPE does not need additional code like IMA does. , the IMA signatures.