Loading…
NOTE: The event will be held in Central Daylight Time (CDT), UTC -5.

View More Details for Open Source Summit + Embedded Linux Conference North America 2020
Registration Information.
Back To Schedule
Wednesday, July 1 • 1:55pm - 2:40pm
Integrity Policy Enforcement: Full System Integrity Verification - Deven Bowers, Microsoft

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Code integrity is widely recognized as one of the most effective security mitigations for modern threats, especially those targeting high-value systems. Authoring, maintaining, and enforcing a system-wide integrity policy can be challenging for system builders today.

We'll present our work including a new LSM, Integrity Policy Enforcement (IPE), and in-kernel signature verification of DM-Verity root hashes. We'll also demonstrate a fully worked example and discuss challenges
such as dynamic code generation and providing authentication mechanisms around data integrity.

The IPE LSM provides a flexible integrity policy mechanism that allows integrity verification requirements to be specified for all files on the system and from an arbitrary number of filesystems. A variety of integrity
verification mechanisms may be utilized as the framework is easy to extend.

Speakers
avatar for Deven Bowers

Deven Bowers

Software Engineer, Microsoft
I work on Code Integrity (CI) systems within both NTOS (Windows) + Linux. My current main area of work is Integrity Policy Enforcement (IPE), an upcoming Linux Security Module that compliments the existing LSMs, and allows system builders to enforce integrity requirements on user... Read More →



Wednesday July 1, 2020 1:55pm - 2:40pm CDT
Linux Security Summit Theater
  Linux Security Summit