| CPC H04L 63/1425 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1466 (2013.01)] | 19 Claims |
|
1. A workspace orchestration server, comprising:
a processor; and
a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the server to:
maintain a first workspace orchestration log of a first workspace of a plurality of workspaces, wherein the plurality of workspaces are based on a same workspace definition;
receive a second workspace orchestration log of a second workspace of the plurality of workspaces, the second workspace orchestration log received from a client Information Handling System (IHS), wherein each workspace of the plurality of workspaces has an associated workspace orchestration log comprising peer-to-peer contextual measurements captured using mesh connections across the plurality of workspaces;
identify a security attack, at least in part, in response to a discrepancy in time between corresponding operations performed by the server and the client IHS as recorded by the peer-to-peer contextual measurements captured using mesh connections across the plurality of workspaces in the first and second workspace orchestration logs;
receive contextual measurements from the first workspace;
compare the contextual measurements received from the first workspace against reference contextual measurements recorded during instantiation of the second workspace based on the workspace definition; and
identify another security attack, at least in part, in response to a difference between a contextual measurement and a corresponding reference contextual measurement.
|