US 12,381,856 B2
Building and using attestation model in confidential computing
Timo Kussmaul, Boeblingen (DE); Peng Hui Jiang, Beijing (CN); Stefan Schmitt, Holzgerlingen (DE); and Xiang Dong Hu, Beijing (CN)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Jan. 5, 2023, as Appl. No. 18/093,757.
Prior Publication US 2024/0236050 A1, Jul. 11, 2024
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/0428 (2013.01) 20 Claims
OG exemplary drawing
 
1. A computer-implemented method for building and using a multi-party Attestation Model for controlling operation of a multi-tenant cloud infrastructure, the method comprising:
providing a trusted execution environment (TEE) within the multi-tenant cloud infrastructure;
receiving a set of requirements from each of a plurality of tenants of the multi-tenant cloud infrastructure;
building an Attestation Model according to the set of requirements;
deploying the Attestation Model within the TEE;
in response to detecting at least one change within the multi-tenant cloud infrastructure, simulating an effect of the at least one change within the Attestation Model;
in response to a determination that the at least one change does not satisfy the Attestation Model for each of the plurality of tenants, performing a function to separate components shared between tenants for which the at least one change satisfies the Attestation Model from components shared between tenants for which the at least one change does not satisfy the Attestation Model; and
deploying the at least one change on the multi-tenant cloud infrastructure for the tenants for which the at least one change satisfies the Attestation Model.