Welcome to the ICE Linux project!
ICE Linux (short for Integrity/Confidentiality Enhanced Linux) is operating system security model designed to maintain operating system security properties integrity and confidentiality. In practice, the security model is implemented as a kernel patch and handful of user space utilities, designed to make the platform immune or resistant to typical exploitation techniques.
Specifically, the laid out security model gives no specific guidance on availability, as that is subject to configuration via user-defined security event responses. For example, in certain deployment scenarios the system owner may decide that it is in his best interest to generate a security alarm and immediately shutdown the instance to ensure no further damage will be inflicted by the suspected security breach, until the security response team has had its say on the incident.
Key building blocks of ICE Linux:
- Root of Trust embedded into the kernel in pure software using PKI
- Industrial grade Elliptic-Curve Cryptography (ECC) implementation at the kernel level
- Software Secure Element (SSE) as a loadable kernel module that is resistant to key extraction and dynamic key abuse techniques.
- Threat modeling under the assumption that the adversary already has root privileges on the target system
- Active and allegedly strong integrity protection framework resistant to tampering attempts
- Capability to execute user-defined security policy responses upon detected security events
These topics will be discussed in more details in future posts.
Due to its strong integrity protection foundation ICE Linux inherently mitigates many software vulnerabilities, and even certain hardware vulnerabilities such as Spectre, Meltdown, and the latest SgxSpectre variant.
Due to its strong integrity protection foundation ICE Linux inherently mitigates many software vulnerabilities, and even certain hardware vulnerabilities such as Spectre, Meltdown, and the latest SgxSpectre variant.
Related work
The Linux Security Module (LSM) framework provides a convenient way of implementing additional security features on top of the stock Linux Kernel. ICE Linux fully supports all standard LSM implementations, and should be viewed as a Defense-in-Depth protective layer beneath the LSM framework after all else has failed.
Integrity Measurement Architecture (IMA) is a related kernel feature that has some common surface with ICE Linux. IMA appears to aim at more sophisticated features, such as remote attestation, where ICE Linux focuses on a rather limited but focused set of features aiming at pragmatic and strong enforcement of critical system software integrity.
