Learnings from the Azure Linux Guard Journey at Microsoft Azure
LinuxGuard is an initiative at Microsoft Azure to improve the security of Linux based infrastructure, especially in the area of code integrity. Whereas LinuxGuard is being prototyped with AzureLinux, it uses open-source technologies and is designed to benefit the entire Linux Community and deployments that span cloud to edge to mobile. LinuxGuard uses image-based deployments with immutable filesystems that employ DM-Verity and a Unified Kernel Image. The kernel is configured to enforce SELinux as well as Integrity Protection Enforcement (IPE) through the associated Linux Security Modules. In this session, we would like to share the design of LinuxGuard as a Linux Image based System that is expected to be deployed at scale on Azure and some of the challenges that we faced with this design, solutions we are pursuing and elicit feedback from the community.