International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

VIMA: A Privacy-Preserving Integrity Measurement Architecture for Containerized Environments

Authors:
Omar Jarkas
Ryan K L Ko
Naipeng Dong
Redowan Mahmud
Download:
DOI: 10.46586/tches.v2025.i4.1053-1076
URL: https://tches.iacr.org/index.php/TCHES/article/view/12437
Search ePrint
Search Google
Abstract: Integrity verification and attestation are critical in containerized environments, where traditional Linux Integrity Measurement Architecture (IMA) falls short due to its lack of container-specific contextualization. These gaps undermine container autonomy, escalate privacy risks, and impede granular integrity checks. Addressing these challenges, this paper introduces the Virtual IMA (VIMA), a novel framework that refines Linux IMA’s principles to support containerized settings. Using nested Merkle trees, VIMA’s Two-Tree Architecture (2TA) enables detailed integrity assessments across system-wide monolithic trees and individual container trees. Integrating Merkle and zero-knowledge (ZK) proofs establishes VIMA as a secure, privacy-preserving verification and attestation solution. Our comparative analysis and initial prototype testing reveal that VIMA significantly improves upon traditional IMA with minimal performance overhead, offering substantial scope for optimization.
BibTeX
@article{tches-2025-36001,
  title={VIMA: A Privacy-Preserving Integrity Measurement Architecture for Containerized Environments},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2025},
  pages={1053-1076},
  url={https://tches.iacr.org/index.php/TCHES/article/view/12437},
  doi={10.46586/tches.v2025.i4.1053-1076},
  author={Omar Jarkas and Ryan K L Ko and Naipeng Dong and Redowan Mahmud},
  year=2025
}