Microsoft has released details about a new project called Integrity Policy Enforcement (IPE) that it was working on for the Linux kernel. IPE is a Linux Security Module (LSM) which are optional plugins to the Linux kernel designed to enable additional security features. On its documentation page, Microsoft explained how IPE is trying to solve the code integrity problem, saying: “IPE is a Linux security module, which allows a configurable policy to enforce system-wide integrity requirements. It tries to solve the problem of code integrity: that whatever code is being executed (or files being read) is identical to the version created by a trusted source. In short, IPE helps a system owner ensure that only code that he has authorized can run. On Linux systems with IPE enabled, system administrators can create a list of binaries that are allowed to run and add verification attributes that the kernel must check for each binary before allowing it to run. If an attacker has modified a binary, IPE can block the execution of malicious code.