Name: Integrity Policy Enforcement: Full System Integrity Verification - Deven Bowers, Microsoft
Start: 2020-07-01T13:55:00-0500
End: 2020-07-01T14:40:00-0500

NOTE: The event will be held in Central Daylight Time (CDT), UTC -5.
View More Details & Registration

Back To Schedule

Integrity Policy Enforcement: Full System Integrity Verification - Deven Bowers, Microsoft

Feedback form is now closed.

WATCH NOW

Code integrity is widely recognized as one of the most effective security mitigations for modern threats, especially those targeting high-value systems. Authoring, maintaining, and enforcing a system-wide integrity policy can be challenging for system builders today.

We'll present our work including a new LSM, Integrity Policy Enforcement (IPE), and in-kernel signature verification of DM-Verity root hashes. We'll also demonstrate a fully worked example and discuss challenges
such as dynamic code generation and providing authentication mechanisms around data integrity.

The IPE LSM provides a flexible integrity policy mechanism that allows integrity verification requirements to be specified for all files on the system and from an arbitrary number of filesystems. A variety of integrity
verification mechanisms may be utilized as the framework is easy to extend.

Speakers

Deven Bowers

Software Engineer, Microsoft

I graduated college in 2017 from UNC-Chapel Hill. I joined Microsoft shortly after, where I worked on code integrity (CI) systems in NTOS until late 2019, at which I transitioned to working on CI in Linux as my primary responsibility at Microsoft. I presented at LSS 2020 on my Integrity... Read More →

IntegrityPolicyEnforcementIPE LSSNA2020 pdf

Wednesday July 1, 2020 1:55pm - 2:40pm CDT
LSS Room 1

Refereed Presentation

Skill Level Intermediate
Session Slides Included

Linux Security Summit North America 2020

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Deven Bowers