Client-Server applications have become the backbone of the Internet and are processing increasingly sensitive information. We have come to rely on the correct behavior and trustworthiness of online banking, online shopping, and other remote access services. These services are implemented as cooperating processes on different platforms. To trust distributed services, one must trust each cooperating process and their interconnection.Common practice today is to establish secure tunnels to protect the communication between local and remote processes. Typically, a user controls the local system. The user also controls the security of the tunnel through negotiation and authentication protocols. Ongoing and published work examines how to create and monitor properties of remote systems. What is missing is the link or binding between such properties and the actual remote tunnel endpoint.We examine here how to link specific properties of a remote system "gained through TPM-based attestation" to secure tunnel endpoints to counter attacks where a compromised authenticated SSL endpoint relays the TPM-based attestation to another system. We show how the proposed mechanism can be deployed in virtualized environments to create inexpensive SSL endpoint certificates and instant revocation that scales Internet-wide.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	T. Dierks, E. Rescorla: The Transport Layer Security (TLS) Protocol Version 1.1. April 2006.
	2	S. Kent , R. Atkinson, Security Architecture for the Internet Protocol, RFC Editor, 1998
	3	Peter Gutman, PKI: It's Not Dead, Just Resting, Computer, v.35 n.8, p.41-49, August 2002  [doi>10.1109/MC.2002.1023787]
	4	Trusted Computing Group. TCG TPM Specification Version 1.2. Parts I-III, 2005.
	5	Reiner Sailer, Xiaolan Zhang, Trent Jaeger, Leendert van Doorn: Design and Implementation of a TCG-based Integrity Measurement Architecture. 13th Usenix Security Symposium, San Diego, California, 2004.
	6	Trusted Computing Group. Trusted Network Connect (TNC) Architecture, Version 1.1, May 2006.
	7	Ahmad-Reza Sadeghi , Christian Stüble, Property-based attestation for computing platforms: caring about properties, not mechanisms, Proceedings of the 2004 workshop on New security paradigms, September 20-23, 2004, Nova Scotia, Canada  [doi>10.1145/1065907.1066038]
	8	Stefan Berger, Ramón Cáceres, Kenneth Goldman, Ronald Perez, Reiner Sailer and Leendert van Doorn: vTPM -- Virtualizing the Trusted Platform Module. 15th Usenix Security Symposium, Vancouver, Canada, July 2006.
	9	Jonathan M. McCune, Stefan Berger, Ramón Cáceres, Trent Jaeger, Reiner Sailer: Shamon -- A System for Distributed Mandatory Access Control. ACSAC, 2006.
	10	Reiner Sailer , Trent Jaeger , Xiaolan Zhang , Leendert van Doorn, Attestation-based policy enforcement for remote access, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030125]
	11	Tal Garfinkel, Mendel Rosenblum: A Virtual Machine Introspection Based Architecture for Intrusion Detection. Network and Distributed Systems Security Symposium, 2003.