PRIMA: Policy-Reduced Integrity Measurement Architecture

Abstract

We propose an integrity measurement approach based on information flow integrity, which we call the Policy-Reduced Integrity Measurement Architecture (PRIMA). The recent availability of secure hardware has made it practical for a system to measure its own integrity, such that it can generate an integrity proof for remote parties. Various approaches have been proposed, but most simply measure the loaded code and static data to approximate runtime system integrity. We find that these approaches suffer from two problems: (1) the load-time measurements of code alone do not accurately reflect runtime behaviors, such as the use of untrusted network data, and (2) they are inefficient, requiring all measured entities to be known and fully trusted even if they have no impact on the target application. Classical integrity models are based on information flow, so we design the PRIMA approach to enable measurement of information flow integrity and prove that it achieves these goals. We prove how a remote party can verify useful information flow integrity properties using PRIMA. A PRIMA prototype has been built based on the open-source Linux Integrity Measurement Architecture (IMA) using SELinux policies to provide the information flow. Copyright 2006 ACM.