PRIMA: Policy-Reduced Integrity Measurement Architecture

Trent Jaeger, Reiner Sailer, Umesh Shankar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

310 Scopus citations

Abstract

We propose an integrity measurement approach based on information flow integrity, which we call the Policy-Reduced Integrity Measurement Architecture (PRIMA). The recent availability of secure hardware has made it practical for a system to measure its own integrity, such that it can generate an integrity proof for remote parties. Various approaches have been proposed, but most simply measure the loaded code and static data to approximate runtime system integrity. We find that these approaches suffer from two problems: (1) the load-time measurements of code alone do not accurately reflect runtime behaviors, such as the use of untrusted network data, and (2) they are inefficient, requiring all measured entities to be known and fully trusted even if they have no impact on the target application. Classical integrity models are based on information flow, so we design the PRIMA approach to enable measurement of information flow integrity and prove that it achieves these goals. We prove how a remote party can verify useful information flow integrity properties using PRIMA. A PRIMA prototype has been built based on the open-source Linux Integrity Measurement Architecture (IMA) using SELinux policies to provide the information flow.

Original languageEnglish (US)
Title of host publicationSACMAT 2006
Subtitle of host publicationProceedings of the Eleventh ACM Symposium on Access Control Models and Technologies
Pages19-28
Number of pages10
StatePublished - 2006
Event11th ACM Symposium on Access Control Models and Technologies, SACMAT 2006 - Lake Tahoe, CA, United States
Duration: Jun 7 2006Jun 9 2006

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
Volume2006

Other

Other11th ACM Symposium on Access Control Models and Technologies, SACMAT 2006
Country/TerritoryUnited States
CityLake Tahoe, CA
Period6/7/066/9/06

All Science Journal Classification (ASJC) codes

  • General Computer Science

Fingerprint

Dive into the research topics of 'PRIMA: Policy-Reduced Integrity Measurement Architecture'. Together they form a unique fingerprint.

Cite this