When you run a program, you want it to be the one you think you’re running. This week, Microsoft announced Integrity Policy Enforcement (IPE), a Linux Security Model released under the GPLv2.
IPE is targeted toward specific-purpose devices like network firewalls, not for general-purpose computing. It provides runtime verification that the code being executed matches the desired version. This allows administrators to detect and block altered binaries.
IPE is currently in the Request for Comments stage on the linux-security-module mailing list.