I’ve heard the term used more specifically in the context of ‘trusted computing’ for methods of identifying systems that are supposed to be ‘trusted’, in the sense that their behavior obeys restrictions specified by the design of the trusted system; but which have been compromised(eg. a blu-ray player whose AACS device key has been obtained, and which is supposed to be blacklisted from all future releases); but not in the more general sense of detecting leaks that are not desired; but are not architecturally prohibited(as, say, copying an mp3, which may be watermarked but has no DRM mechanism attached).
