So I am slowly catching up with the TC debate (more to come soon). Last May, Vivek Haldar gave a very interesting presentation at the 3rd USENIX Virtual Machine Research & Technology Symposium. In the related paper, he and his co-authors propose an approach which they call "semantic remote attestation". The high-level idea is to have a remote attestation mechanism that is not based on the identity of a particular software program, but on its behavior.
The Center for Internet and Society at Stanford Law School is a leader in the study of the law and policy around the Internet and other emerging technologies.