International Association
for Cryptologic Research

Integrity verification and attestation are critical in containerized environments, where traditional Linux Integrity Measurement Architecture (IMA) falls short due to its lack of container-specific contextualization. These gaps undermine container autonomy, escalate privacy risks, and impede granular integrity checks. Addressing these challenges, this paper introduces the Virtual IMA (VIMA), a novel framework that refines Linux IMA’s principles to support containerized settings. Using nested Merkle trees, VIMA’s Two-Tree Architecture (2TA) enables detailed integrity assessments across system-wide monolithic trees and individual container trees. Integrating Merkle and zero-knowledge (ZK) proofs establishes VIMA as a secure, privacy-preserving verification and attestation solution. Our comparative analysis and initial prototype testing reveal that VIMA significantly improves upon traditional IMA with minimal performance overhead, offering substantial scope for optimization.