Skip to content

Zero-Trust App Security Model

Trust Lockdown enforces a Zero-Trust Model for the following:

  • App Security
  • Admin Access
  • Folder Protection

Zero-Trust App Security

Every time that software tries to load, whether an executable (EXE), dynamically linked library (a DLL or SO file) or a script, Trust Lockdown intercepts the loading of that file in the operation system kernel and verifies that the software is authorized to run on that specific computer. If the software is unauthorized or unknown it is blocked.

Approval Lookup Process

  • The end user or a process initiates the loading of software
  • The Trust Lockdown Kernel Security Module intercepts the loading of the code
  • A policy is applied if it exists in the kernel memory policy cache
  • Else the Local Service applies a policy from the Trust Lockdown Policy Lookup Service
  • If the Trust Lockdown Service is unavailable, it applies a policy from its Persistent Cache

Approval Flow Diagram

graph LR
execve(End User or Process\ntries to\nLoad Software) --> whack(Kernel\nSecurity Module\nApplies App Policies) 
whack --> kmcache((Policy\nCache))
kmcache --> whack
whack -- req --> whacker(Local Service)
whacker -.-> wcs
wcs[Trust Lockdown\nPolicy Lookup\nSerivce] -.-> whacker
whacker --> diskcache((Local\nPersistent\nDisk Cache))
diskcache --> whacker
whacker -- ack --> whack
whack --> execve
See More Details

Zero-Trust Admin Access

Every time that any Admin operation is attempted, (a create, read, update or delete operation), Trust Lockdown's Zero-Trust Admin Access model verifies that the Admin has access to view or modify that specific settings or control for that Security Group or Org. If an Admin's access is reduced or removed, even while logged in, that admin will be properly restricted instantly on the very next admin operation.

Zero-Trust Folder Protection

Software (such as RMM tools) that dynamically generate scripts can't run with traditional application control because the script's hash is different on each invocation. To allow these kinds of dynamically generated script to run, traditional application control requires a allow policy that whitelists the folder the scripts run from. This kind of default-allow policy allows any software or malware to be run from that folder.

Trust Lockdown only allows scripts run by the parent process that launches the dynamically generated script. This prevents the misuse of whitelisted folders to run unauthorized and malicious software.