IBM® Assured Execution Environment is a "first of a kind" technology that provides full control over what runs on today's PC environments, from device drivers to applications. This technology is designed to preserve the integrity of PC computing platforms by ensuring that only binaries approved by the systems administrator are allowed to be executed. After a PC is installed and configured, IBM Assured Execution Environment prevents any external programs from executing, installing, or modifying the machine's configuration.

This technology

• reduces system degradation
• reduces the need for constant vigilance in order to protect systems
• preserves system integrity.

IBM Assured Execution Environment is designed for the following small-to-medium business (SMB) environments:

Semi-managed PCs

This category of PCs is governed by policies and tools set up by their IT organizations. Although centralized IT infrastructure has been provided to protect these PCs, users tend to delay fixes, patches, and updates. Today's level of security is determined mainly by the speed of updating and patching the PC. Security risks are exacerbated by mobile use, including transient connections to connectivity "hot-spots." IBM Assured Execution Environment protects these systems and businesses by blocking any new "unapproved programs," including Active-X controls, from running, executing, or performing damage.

Stand-alone PCs

PCs in small offices, homes, and schools receive few fixes, patches, and updates, the lack of which makes them vulnerable to malware or mal-configuration. These PCs also typically get slower over time as programs are added and deleted. IBM Assured Execution Environment prevents new programs, Active-X controls, or any executable malware from being installed and reduces system degradation.

How does it work?

Over 95% of all "malware" attacks originate from executable programs. IBM Assured Execution Environment is specifically designed to stop the execution or update of any programs that are not explicitly provisioned for the machine. This technology is composed of a client run-time protection system as well as deployment tools. The client run-time environment consists of a kernel module (built using supported APIs) that monitors and regulates the execution of all deployed binaries; it also prevents any binaries from running that were not approved by the systems administrator. The run-time environment also prevents changes to certain portions of the registry and the file system: These include system configuration, state, and approved binaries. This mechanism is also used to protect the client run-time environment itself from attack. The architecture controls the execution of scripts in a manner similar to the way it controls the execution of binaries; however, in this alphaWorks release, scripts are prevented from running by blocking the binaries that comprise the various scripts' run-time environments.

IBM Assured Execution Environment was developed by researchers from the IBM Almaden Research Center in San Jose, CA.