As connected devices, software supply chains, and safety-critical systems become increasingly interdependent, it is no longer enough to trust that a device was configured correctly at deployment; we also need ways to verify that it is still running the software it claims to run and has not been silently compromised. Attestation is a key trusted computing mechanism for this purpose, enabling a device to produce verifiable evidence about its firmware or software state. This talk introduces attestation in practical terms and then focuses on two challenging frontiers. The first is swarm attestation, where integrity must be established not for a single device but for large, resource-constrained networks operating under scale, heterogeneity, and unreliable communication.

The second is runtime attestation, a fundamental open problem: while existing methods can verify software state at boot or load time, they offer limited assurance about what a system does during execution. This gap is critical in adversarial and safety-critical environments, where transient faults, control-flow attacks, and in-execution compromises may evade conventional checks.

The talk will examine why this problem remains unresolved, what guarantees current approaches still fail to provide, and which research directions are most promising for stronger runtime verification in large-scale distributed systems.