1 Introduction

Determining whether a system can be trusted or not is a critical problem in systems and network management. Particularly for security reasons, a local or remote system administrator typically needs to verify if a system meets information security objectives, such as integrity, confidentiality, and availability requirements. For example, in order to deploy applications in distributed and collaborative computing environments, one machine may need to check if another machine currently runs a known good version of an application software on a well-configured, trusted operating system. Otherwise, a remote machine may run buggy or malicious application codes, or may be improperly configured such that the trusted application can be corrupted by untrustful programs or users. Supporting such an important assurance feature with comprehensive security analysis is necessary to trust a target system based on its current security configurations and policies.