Abstract: In order to solve the problem of lacking protection of integrity in the attestation system,we study the integrity policies and protection mechanism,and present a DTE-based security domain model for the attestation system.The model separates the attestation system into several security domains according to the different functional features,and defines its variables and security regulations related to the attestation system.At the same time,in order to ensure secure transmission between domains,the concept of trusted pipeline is proposed in the model.Finally we give the implementation of the security domain model and the pipeline protocol,and analyze and prove the security of the pipeline protocol.