As the field of determined and increasingly sophisticated adversaries multiplies, the confidence in the integrity of deployed computing devices magnifies. Given the ubiquitous connectivity, substantial storage, and accessibility, the increased reliance on computer platforms make them a substantial target for attackers. Over the past decade, malware transitioned from attacking a single program to subverting the OS kernel by means of what is known as a rootkit. While computer systems require patches to fix newly discovered vulnerabilities, undiscovered vulnerabilities potentially remain. Signature-based schemes seek to detect malware with a known signature or digital fingerprint. Signature-less schemes seek to detect anomalies within the computer system by understanding normal behavior. Both architectures are typically built on top of existing solutions or paradigms. Furthermore, these solutions tend to utilize mechanisms that operate within the OS. If the OS becomes compromised, these mechanisms may be vulnerable to deactivation. We propose an approach to designing computer systems that inherently decouples the function of the computer system from its security specification. Instead of preventing and detecting malware attacks by patching code or using signatures (though we can use them as well), our proposed approach focuses on the policy specification of the system and possible graceful degradation of functionality according to the policy as anomalies of security concern are detected. We believe this innovative paradigm uses existing technologies in a novel manner to determine the integrity level of the system. Based on the integrity level, the system may behave differently and/or limit access to data available at a given integrity level.