General Page
AIX Trusted Execution is a security tool native to the AIX Operating System. AIX Trusted Execution is designed to protect and validate the integrity of the operating system. AIX Trusted Execution provides a powerful countermeasure against ransomware and all types of malware.
Multiple consulting service options are available for this service. Options range from minimal proof-of-concept (PoC) to full deployment across the entire enterprise.
Multiple consulting service options are available for this service. Options range from minimal proof-of-concept (PoC) to full deployment across the entire enterprise.
Trusted Signature Database
The Trusted Signature Database (TSD) is a flat file installed by the AIX operating system. The TSD lists all the files that are trusted by AIX. Every file registered to the database is considered a ”trusted file”. Each file registered specifies a stanza of expected file attributes. This database is a core component used by AIX Trusted Execution’s runtime integrity verification functionality and system audit functionality.
Digital Signatures
AIX Trusted Execution uses RSA digital signatures to validate the integrity of trusted files. A digital signature is a cryptographic value that can be used to verify the authenticity of a file. Files registered in the TSD with a signature can be cryptographically verified for their authenticity by AIX Trusted Execution. This capability detects alteration of IBM published files by an attacker.
Allowlisting
Allowlisting is a security best practice for reducing cybersecurity risk by detecting or preventing execution of unauthorized software. In the context of AIX Trusted Execution, allowlisting is the process of registering AIX authorized executable files to the TSD. AIX Trusted Execution can either detect or prevent execution of unregistered executables.
Runtime Integrity Verification
The runtime integrity verification of AIX Trusted Execution provides automatic integrity checking performed by the AIX kernel. Numerous runtime policy configurations are possible that provide a range of detection and prevention capabilities. Provides such things as: detection of the execution of unregistered scripts, mandating files to be installed in specific directories for execution, preventing the execution of a file when not consistent with its TSD stanza definition.
System Audit
The system audit function of AIX Trusted Execution verifies the correctness of all files registered in the TSD. Depending on AIX level, the number of files can range from 4,000-8,000. The system audit function is typically run at the command-line or configured in a crontab job. The system audit function detects such things as improper file permissions, ownership, or cryptographic failures that could correspond to modification of files by an attacker.
Complement to Traditional Malware Prevention
Since AIX Trusted Execution does not maintain a database of known malware, it is best complemented with the use of a traditional endpoint malware prevention and detection solution. This combination is recommended by many existing security control frameworks, such as the CIS Critical Security Controls
Common Use Cases
The Trusted Signature Database (TSD) is a flat file installed by the AIX operating system. The TSD lists all the files that are trusted by AIX. Every file registered to the database is considered a ”trusted file”. Each file registered specifies a stanza of expected file attributes. This database is a core component used by AIX Trusted Execution’s runtime integrity verification functionality and system audit functionality.
Digital Signatures
AIX Trusted Execution uses RSA digital signatures to validate the integrity of trusted files. A digital signature is a cryptographic value that can be used to verify the authenticity of a file. Files registered in the TSD with a signature can be cryptographically verified for their authenticity by AIX Trusted Execution. This capability detects alteration of IBM published files by an attacker.
Allowlisting
Allowlisting is a security best practice for reducing cybersecurity risk by detecting or preventing execution of unauthorized software. In the context of AIX Trusted Execution, allowlisting is the process of registering AIX authorized executable files to the TSD. AIX Trusted Execution can either detect or prevent execution of unregistered executables.
Runtime Integrity Verification
The runtime integrity verification of AIX Trusted Execution provides automatic integrity checking performed by the AIX kernel. Numerous runtime policy configurations are possible that provide a range of detection and prevention capabilities. Provides such things as: detection of the execution of unregistered scripts, mandating files to be installed in specific directories for execution, preventing the execution of a file when not consistent with its TSD stanza definition.
System Audit
The system audit function of AIX Trusted Execution verifies the correctness of all files registered in the TSD. Depending on AIX level, the number of files can range from 4,000-8,000. The system audit function is typically run at the command-line or configured in a crontab job. The system audit function detects such things as improper file permissions, ownership, or cryptographic failures that could correspond to modification of files by an attacker.
Complement to Traditional Malware Prevention
Since AIX Trusted Execution does not maintain a database of known malware, it is best complemented with the use of a traditional endpoint malware prevention and detection solution. This combination is recommended by many existing security control frameworks, such as the CIS Critical Security Controls
Common Use Cases
- An organization that would like to mitigate the risk of ransomware or other malware
- An organization that would like a guided deep introduction to AIX Trusted Execution
- An organization that would like to fulfill regulatory requirements that mandate allowlisting
- An organization that would like to add a File Integrity Monitoring solution for their AIX systems
- An AIX administrative team that would like a tool to verify AIX files have proper file permissions and ownership
- An organization that would like a malware prevention tool that can be centrally managed by the PowerSC Graphical User Interface server
- An organization that would like to adopt a malware prevention solution that can be configured in a monitoring-only mode
Engagement Process
- Consultant arranges prep call to discuss requirements, scheduling, and agenda
- Consultant works with client to configure AIX Trusted Execution in the client environment
- Consultant provides advice on best practice implementation
- The consultant works with client to verify the AIX Trusted Execution functions that are most important to the client
- Consultant provides presentations to facilitate knowledge transfer
Deliverables
- Presentation Slides – an electronic copy of presentation slides
- Configuration documents – an electronic copy of configuration documents
- Automation script – designed to assist automation of AIX Trusted Execution’s runtime-mode configuration
For questions, please contact AIX/Linux Security consultant, Stephen Dominguez, at email
[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvzhAAA","label":"Security"}],"Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
10 July 2024
UID
ibm16592549