Abstract
In client-server environments, clients need a mechanism to determine that a server can be trusted to provide services to the client. Transport layer security (TLS) provides a mechanism to trust the server’s identity by relying on certificates signed by trusted authorities. The client must implicitly trust that the server’s administrators maintain the server with trusted software, by installing security patches for example. Increasingly, clients will require more explicit assurances that a server can be trusted. It is possible to obtain such assurances in the form of an attestation by a Trusted Platform Module (TPM) on the server. The goal of this project is to develop a system that allows clients to determine that a server is running trusted software by leveraging the TLS protocol to enforce that a previously accepted attestation is still valid each time the client connects to the server.