The purpose of integrity measurement is three-fold: 1) to locate the program in host physical memory, 2) to verify that the program has been loaded into the memory without any tampering, and 3) to ensure that the program executes correctly. In this architecture, we propose a standard structure to enable runtime in-memory verification of the software agent in the IM.

The IM data structure contains cryptographically verifiable information about each code and/or static data section of the binary program file that would be loaded to the memory. This includes cryptographic hashes [4] of the various sections that are to be verified. However, when the agents get loaded into memory, the OS performs relocation operations on these sections, in turn modifying the contents of these sections. Thus, to be able to verify the integrity of these sections at runtime, the IM includes information about locating and verifying these modifications were executed correctly. Specifically, the IM contains the following:

1. A cryptographic hash of the contents of each of the sections.
2. External symbols (functions or global data) that are referred to by the sections of interest.
3. Relocation entries that will be used by the OS to relocate the sections of interest (this enables the IMM to revert the relocation changes made by the OS, before the IMM computes the cryptographic hash for verification).
4. A list of allowed entry-points into the code (offset in a section). For example, each entry-point in a protected program may represent a function exported by the program.

The IM has been proposed as a standard in the Trusted Computing Group for evaluating program integrity at runtime. Other auxiliary industry standards activities such as the TCG Trusted Network Connect (TNC) [5] and the IETF Network Endpoint Assessment group [6] can benefit from such a standard to attest platform integrity to the network.

The combination of these standards with built-in platform integrity services allows for fully autonomic monitoring and verification of programs and their behavior at runtime. No user intervention is required to establish and maintain the proper execution of programs once protections have been enabled. Furthermore, the platform can automatically attest to the presence and status of the software executing on it to network access control mechanisms, report errors, or warn of possible attacks to trusted peers in the network, as we discuss next.