Malware, or malicious software (e.g. viruses, worms, trojan horses, spyware, rootkits, etc.), remains a significant problem in computing. Malware is generally executed on a computing system without informed user consent, and places the computing system in an unhealthy or unknown state when present. Once compromised by malware, the computing system cannot be trusted by itself or by other computing systems to behave as expected. Furthermore, some software executing at a computing system, while not malware, can behave in undefined or unauthorized ways (e.g. through bugs or design flaws) which can also place the computing system in an unhealthy or unknown state.
Trusted Computing technology helps address the problem of determining whether a computing system can be trusted. Trusted Computing technology provides remote attestation services that validate the health of an attestation client, which is the subject of attestation. Under this model, the attestation client keeps a log of all relevant system events in a log, such as an ordered Trusted Computing Group (TCG) log. For added security, the log can be made tamper resistant (e.g. by being ordered or sequential), and the integrity of the log can be verifiable by the attestation services.
When attestation is requested, the attestation client sends the entire log to an attestation service, which examines the log and determines the health of the attestation client. For instance, the attestation service can validate whether only authorized or trusted code was running at the attestation client when the log was sent. If the log passes validation by the attestation service, then the attestation service attests that the attestation client can be trusted to have been in a healthy state at the time that the attestation client sent the log to the attestation service. This trust information can be shared with the attestation client, shared with relying parties (such as third parties), and/or used by the attestation service itself.