Security News > 2020 > April > Microsoft project proposed to aid Linux IoT code integrity
The latest twist in the romance arrived this week when the company published details of Integrity Policy Enforcement, a Linux Security Module designed to check the authenticity of binaries at runtime.
The Linux kernel has long supported LSMs for different specialised purposes, but Microsoft has spotted a gap in the protections these offer in server environments, specifically its own Azure Sphere IoT platform.
Using IPE would allow admins to ensure that only authorised code has permission to execute using code signing and by checking software against its known properties.
While not for general Linux computing, use cases for the IPE would include embedded Internet of Things systems, data center firewalls where the admins have full control over what should be running, and where binary code is "Immutable".
The biggest hazard is there is a lot of Linux around which is all too easy to spin up without considering security, especially when it comes to IoT systems.