Trusted Computing Technologies for Embedded Systems and Sensor Networks Embedded systems are becoming increasingly plentiful and complex. For example, modern cars feature dozens of relatively high-end processing units that execute increasingly sophisticated software. With this increasing complexity, software errors are becoming increasingly common, which requires the ability to upgrade buggy code. Code upgrade capability paired with network access is of course a recipe for disaster, as malware can infect an embedded system. We thus need to design mechanisms that enable us to verify the correctness of software executing on embedded systems. Given the extreme price-sensitive nature of embedded systems, adding a TPM chip (or other specialized hardware) to each execution unit is economically unattractive -- thus, software-only techniques are preferable. Unfortunately, currently deployed software integrity checking mechanisms cannot protect against malicious code that attempts to fake correct execution. A research challenge is to design software-based code integrity checking functions that industry can use to verify embedded systems. Injection of malicious code is also an important challenge in sensor networks. An important research problem is to derive a protocol for detecting and recovering compromised sensor nodes. This problem is difficult, since the code verification needs to occur over the wireless network and malicious nodes may collude to fake correct replies. (Embedded systems that are connected via wired networks allow for simpler verification.) Given the low-cost nature of sensor nodes, hardware-based security approaches such as TCG are usually not an option. With this background, three important research challenges in embedded systems and sensor networks are: (1) detecting the presence of malicious code, (2) verifiably correct code execution (untampered by malicious code), (3) verifiable recovery through secure code update. A promising primitive to address these challenges is software-based code attestation and externally verifiable untampered code execution. However, much additional research is needed to make these approaches practical for current embedded systems and sensor networks.