Steve Hanna’s article on NAC
Steve Hanna has written an excellent introductory article on Network Access Control (NAC) discussing the motivations for implementing NAC and how Trusted Computing can help further secure NAC. Trusted Computing works well here because while the endpoint can still lie, it gets noticed that the endpoint is lying even if the exact lie is not known. The lie is detected because the measurement log no longer matches the signed quote of the PCR values. IBM Research wrote an excellent paper in 2004 describing attestation in detail as implemented on a Linux system: The Role of TPM in Enterprise Security.