BUILDING AND USING ATTESTATION MODEL IN CONFIDENTIAL COMPUTING

Organization Name

INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor(s)

Timo Kussmaul of Boeblingen (DE)

Peng Hui Jiang of Beijing (CN)

Stefan Schmitt of Holzgerlingen (DE)

Xiang Dong Hu of Beijing (CN)

BUILDING AND USING ATTESTATION MODEL IN CONFIDENTIAL COMPUTING - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240236050 titled 'BUILDING AND USING ATTESTATION MODEL IN CONFIDENTIAL COMPUTING

The abstract describes a computer-implemented method for building and using a multi-party attestation model for controlling the operation of a multi-tenant cloud infrastructure. This method involves providing a trusted execution environment (TEE) within the cloud infrastructure, receiving requirements from multiple tenants, building an attestation model based on these requirements, and deploying the model within the TEE. If a change does not satisfy the attestation model for all tenants, shared components are separated based on whether the change satisfies the model or not, and the change is deployed only for the tenants for which it satisfies the model.

• Trusted Execution Environment (TEE) provided within a multi-tenant cloud infrastructure
• Building an attestation model based on requirements from multiple tenants
• Deployment of the attestation model within the TEE
• Separation of shared components based on satisfaction of the attestation model by a change
• Deployment of changes only for tenants for which the change satisfies the attestation model

Potential Applications: - Cloud computing security - Multi-tenant infrastructure management - Compliance and regulatory requirements in cloud environments

Problems Solved: - Ensuring security and compliance in multi-tenant cloud environments - Efficient management of shared components among multiple tenants - Providing a trusted execution environment for sensitive operations

Benefits: - Enhanced security and compliance measures - Improved management of shared resources - Customized deployment of changes based on tenant requirements

Commercial Applications: Title: "Secure Multi-Tenant Cloud Infrastructure Management" This technology can be utilized by cloud service providers to offer enhanced security and compliance features to their customers. It can also be used by organizations with multi-tenant cloud environments to efficiently manage and deploy changes based on individual tenant requirements, ensuring a secure and compliant infrastructure.

Questions about Multi-Party Attestation Model: 1. How does the trusted execution environment (TEE) contribute to the security of the multi-tenant cloud infrastructure? 2. What are the key considerations when building an attestation model for multiple tenants in a cloud environment?

Frequently Updated Research: Stay updated on the latest advancements in multi-party attestation models for cloud security and compliance to ensure the highest level of protection for sensitive data and operations.

Original Abstract Submitted

a computer-implemented method for building and using a multi-party attestation model for controlling operation of a multi-tenant cloud infrastructure which includes providing a trusted execution environment (tee) within the multi-tenant cloud infrastructure, receiving a set of requirements from each of a plurality of tenants of the multi-tenant cloud infrastructure, building an attestation model according to the sets of requirements, and deploying the attestation model within the tee. in response to a determination that a change does not satisfy the attestation model for each of the plurality of tenants, a function is performed to separate components shared between tenants for which the change satisfies the attestation model from components shared between tenants for which the change does not satisfy the attestation model, and the change is deployed on the multi-tenant cloud infrastructure for the tenants for which the change satisfies the attestation model.