What if I told you it's possible to ask a drunk person if he's drunk - and get an accurate answer, by measuring the reaction time? What if I told you it's possible to design security software under the assumption that the attacker has the same privileges as the defender, and the attacker can scribble over and modify the defender's code as much as he wants, but he'll still get caught? This is what timing-based attestation is all about. Come hear about how this technique has been used in everything from PCs to PDAs and Smart Phones to wireless sensor embedded systems to the firmware for NICs and Apple USB keyboards. Then hear about how we've been stealing this fire from the ivory tower, and building it into Windows kernel drivers and Dell BIOSes, and how you can to!