NOTE: The event will be held in Central Daylight Time (CDT), UTC -5.

View More Details for Open Source Summit + Embedded Linux Conference North America 2020
Registration Information.
Back To Schedule
Wednesday, July 1 • 1:55pm - 2:40pm
Integrity Policy Enforcement: Full System Integrity Verification - Deven Bowers, Microsoft

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Code integrity is widely recognized as one of the most effective security mitigations for modern threats, especially those targeting high-value systems. Authoring, maintaining, and enforcing a system-wide integrity policy can be challenging for system builders today.

We'll present our work including a new LSM, Integrity Policy Enforcement (IPE), and in-kernel signature verification of DM-Verity root hashes. We'll also demonstrate a fully worked example and discuss challenges
such as dynamic code generation and providing authentication mechanisms around data integrity.

The IPE LSM provides a flexible integrity policy mechanism that allows integrity verification requirements to be specified for all files on the system and from an arbitrary number of filesystems. A variety of integrity
verification mechanisms may be utilized as the framework is easy to extend.

avatar for Deven Bowers

Deven Bowers

Software Engineer, Microsoft
I graduated college in 2017 from UNC-Chapel Hill. I joined Microsoft shortly after, where I worked on code integrity (CI) systems in NTOS until late 2019, at which I transitioned to working on CI in Linux as my primary responsibility at Microsoft. I presented at LSS 2020 on my Integrity... Read More →

Wednesday July 1, 2020 1:55pm - 2:40pm CDT
Linux Security Summit Theater
  Linux Security Summit