Policy-Driven Runtime Integrity (PDRIMA)

Updated 13 December 2025

PDRIMA is a security framework that continuously monitors system integrity using rule-based measurements and cryptographic attestation to enforce policy compliance.
It integrates modular subsystems—measurement, appraisal, policy management, and tamper-evident logging—leveraging trusted hardware like TEEs and TPMs for robust security.
Practical prototypes in TEEs, VMs, and container runtimes demonstrate effective defense against runtime attacks with manageable performance overheads.

Policy-Driven Runtime Integrity Measurement and Attestation (PDRIMA) encompasses a class of security architectures and protocols designed to ensure the runtime integrity of computing systems under explicit, flexible policy control. Unlike purely boot-time attestation or static measurement schemes, PDRIMA frameworks support continuous, rule-based runtime measurement, enforcement, and remote attestation. The core concept is to bind system integrity to a cryptographically-verifiable policy, thereby providing strong assurances that system components and their interactions comply with security invariants, even in the presence of adversarial control over conventional privileged code or management interfaces. Notable PDRIMA frameworks have been developed and evaluated across Trusted Execution Environments (TEEs) such as ARM TrustZone (Mao et al., 6 Dec 2025), virtual machine monitors (Ozga et al., 2021), and confidential container runtimes (Johnson et al., 2023).

1. Conceptual Foundations and System Models

PDRIMA approaches extend beyond traditional attestation paradigms by integrating a policy engine that governs what is measured, how measurements are interpreted, and which actions occur in response. A policy—often compiled at system build time—serves as the authoritative specification against which measured system events are compared. Policies frequently express allowed cryptographic digests, semantic invariants, or behavioral constraints, with runtime measurement engines collecting evidence and enforcing these policies continuously or at defined event boundaries (Mao et al., 6 Dec 2025, Ozga et al., 2021, Johnson et al., 2023).

The provenance of policy and measurements is secured: evidence is aggregated, appraised, and logged inside isolated environments (e.g., TrustZone Secure World, SEV-SNP UVM, TEE-backed TPM). Robust logging mechanisms (e.g., tamper-evident chains, virtual PCRs) provide replay/rollback protection, ensuring that verifiable audit trails reflect genuine system execution histories.

2. Architectural Patterns

A canonical PDRIMA architecture consists of:

Measurement Engine: Performs hashing or more elaborate measurements (e.g., content, configuration, process state) based on triggered policies. Measurement is event-driven, supporting static (e.g., binary load), dynamic (e.g., syscall), and periodic (timer-based) triggers.
Appraisal Engine: Compares runtime measurements to a Reference Measurement List (RML) or evaluates more semantic conditions. Any deviation from policy constitutes an integrity violation.
Policy Manager / Enforcement Point: Maintains the policy rule base, manages reference values, and controls logic for event processing.
Attestation Subsystem: Aggregates measurement and log evidence for export via a cryptographically-secured, nonce-driven remote attestation protocol.
Tamper-Evident Logging: Implements logs as chained digests or virtual PCRs, guaranteeing append-only, non-repudiable measurement history (Mao et al., 6 Dec 2025, Johnson et al., 2023, Pendergrass et al., 2017).

The following table summarises key subsystem roles across leading PDRIMA frameworks:

Framework	Measurement & Appraisal Location	Policy Integration	Attestation Mechanism
PDRIMA/TrustZone	In-TEE (SMA/AE)	Compiled into TEE	Secure monitor agent, signed evidence, vPCRs
Parma/SEV-SNP	VM guest agent	Launch-measured policy	HW-attested VM reports (PSP, VCEK-signed)
Maat	OS/Hypervisor (modular)	Rule-based negotiation	Merkle tree or HMAC-bundled TPM quotes
WELES	TEE + emulated TPM	Policy-loaded at runtime	SSH binding, monotonic counter, IMA enforcement

3. Policy Specification and Measurement Semantics

Policy languages vary from compiled rule sets (e.g., triples dictating action, event, and predicates in PDRIMA (Mao et al., 6 Dec 2025)) to launch-measured execution policies (Parma (Johnson et al., 2023)) and YAML-based declarative lists (WELES (Ozga et al., 2021)). Policy actions generally fall into “measure” or “appraise” categories, tied to event types (e.g., TA loading, syscall execution). Specific conditions such as component size, syscall ID, or command-line arguments can refine applicability.

The measurement function formalism is typically:

$M(p, C) = H(H(\cdots H(0 \| S_1) \| S_2) \cdots \| S_n)$

where $C$ is a component split into sub-objects and $p$ is the policy rule. Time-based periodic re-measurement reinforces coverage of long-lived components or state (Mao et al., 6 Dec 2025).

Attested execution policies may be modeled as safety invariants sustained across all state transitions, proven inductively as in Parma: if the launch state $s_0$ satisfies the invariant $I$ and every state transition is policy-guarded, then $I(s_i)$ holds for all $i$ (Johnson et al., 2023).

4. Attestation Protocols and Cryptographic Evidence

Remote attestation protocols in PDRIMA systems are constructed on hardware-backed keys or platform-specific secrets:

Challenge–Response: A verifier supplies a fresh nonce; the system forms an attestation report including nonce, measurement log, and log digests, and signs it with an attestation key. The verifier checks signature validity, nonce freshness, and measurement alignment with policy (Mao et al., 6 Dec 2025, Johnson et al., 2023).
HW-anchored Reports: SEV-SNP and similar technologies embed policy and system measurements into chipset-signed reports (VCEK), which can be chained to vendor root CAs (Johnson et al., 2023).
Binding to Channels: Some frameworks, such as WELES, cryptographically bind the result of the integrity evaluation to secure channel establishment (e.g., SSH host key operations gated upon policy compliance) (Ozga et al., 2021).
Tamper-Evident Logs: Each measurement event appends an entry to a chained log, with each entry digest incorporating the previous digest and measurement result. This produces a verifiable, forward-secure chain that prevents undetected deletion or modification (Mao et al., 6 Dec 2025).

5. Security Properties and Threat Coverage

The security model for PDRIMA frameworks presumes adversary control over the host OS, hypervisor, file system, network, and sometimes guest OS userland. The trusted computing base is minimized to enclave or TEE-protected components and, where applicable, discrete hardware (e.g., TPM, AMD PSP). The primary attack surfaces addressed include:

Runtime Attacks: PDRIMA closes the gap between load-time measurement and live state, detecting modifications post-boot (e.g., in TEEs, VMs, or containers) (Mao et al., 6 Dec 2025, Johnson et al., 2023, Ozga et al., 2021).
Interface Exploits: Enforcement applies to boundary crossing events (e.g., REE–TEE SMCs, hypercalls, container operations).
Rollback/Replays: Monotonic counters, log chaining, and periodic re-measurement mechanisms provide resistance to evidence replay or rollback.
Policy Compliance: Unauthorized code loads, forbidden syscalls, or policy-inconsistent actions are detected and blocked or logged as soon as they occur.

Side-channels, physical attacks, and certain classes of denial of service typically remain outside the assumed threat model (Mao et al., 6 Dec 2025, Johnson et al., 2023, Ozga et al., 2021).

6. Implementation Experience and Overheads

PDRIMA-class systems have been prototyped across embedded, cloud, and virtualization settings:

TrustZone/OP-TEE: PDRIMA adds 31.9% initialization overhead and 22–40% per-event overhead for measurement/appraisal on ARM platforms but retains practical performance for IoT and embedded targets. All critical measurement and appraisal occurs in-TEE (Mao et al., 6 Dec 2025).
SEV-SNP Confidential Containers: Parma demonstrates $\leq$ 1% additional overhead attributable to policy enforcement, with the majority of TEE costs arising from VM-level protections. Real-world services (nginx, redis, inference engines) sustain 10–26% overall TEE-induced performance loss, with policy-driven measurement a negligible factor (Johnson et al., 2023).
VM Integrity Enforcement: WELES incurs sub-6% global runtime overhead for cloud VMs, with IMA measurement introducing $<$ 70ms latency for large files on first load, amortized to $<$ 40\mu s on repeated loads (Ozga et al., 2021).
General Platform Service: Maat demonstrates linear overhead in the number of measurements, efficient evidence negotiation, and policy-driven selection, supporting diverse attestation protocols at the cost of one extra negotiation round per attestation (Pendergrass et al., 2017).

7. Limitations, Extensibility, and Research Directions

Current limitations of PDRIMA systems include static policy binding (i.e., lack of live policy update), finite log storage requiring preallocation or later rotation, fixed vPCR sets, and lack of defenses against side-channels and physical compromise (Mao et al., 6 Dec 2025). Directions for extension include:

Dynamic policy update protocols featuring in-TEE, authenticated policy delivery and sealed storage.
Log rotation, compression, and scalability techniques for unbounded operation and evidence retention.
Integration with hardware TPMs or stronger enclave models for root-of-trust and key management hardening.
Broadening measurement scope to dynamic code (e.g., JIT artifacts), control-flow integrity, or data-flow properties.
Trust-on-first-use and decentralized policy/reference distribution models for TTP-elimination.

These and related research threads seek to generalize PDRIMA primitives across hardware, OS, virtualization, and cloud boundaries to enable scalable, highly-assured, policy-driven trustworthiness for next-generation computing deployments (Mao et al., 6 Dec 2025, Johnson et al., 2023, Pendergrass et al., 2017, Ozga et al., 2021).