Achieving minimum trustworthiness in distributed workloads
Uloženo v:
| Název: | Achieving minimum trustworthiness in distributed workloads |
|---|---|
| Patent Number: | 11960,607 |
| Datum vydání: | April 16, 2024 |
| Appl. No: | 17/547084 |
| Application Filed: | December 09, 2021 |
| Abstrakt: | This disclosure describes techniques for selectively placing and maintaining sensitive workloads in subsystems that achieve a minimum level of trustworthiness. An example method includes identifying at least one trustworthiness requirement associated with an application and transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of the first subsystem and at least one second subsystem connected to the first subsystem. A response indicating the at least one trustworthiness characteristic is received from the first subsystem. The example method further includes determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and causing the application to operate on a mesh comprising the first subsystem and the at least one second subsystem. |
| Inventors: | Cisco Technology, Inc. (San Jose, CA, US) |
| Assignees: | Cisco Technology, Inc. (San Jose, CA, US) |
| Claim: | 1. A method, comprising: identifying at least one trustworthiness requirement for a compute infrastructure upon which an application is executed; transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of the first subsystem and at least one second subsystem connected to the first subsystem, the first subsystem comprising a first microservice operating in a trusted execution environment (TEE) of a first device, the at least one second subsystem comprising at least one second microservice operating in at least one TEE of at least one second device, the at least one trustworthiness characteristic comprising: at least one of an executable of the first microservice, a configuration of the first microservice, a type of hardware of the first device, or a type of firmware of the first device; and at least one of an executable of the at least one second microservice, a configuration of the at least one second microservice, a file type stored or executed by the at least one second device, a type of hardware of the at least one second device, or a type of firmware of the at least one second device; receiving, from the first subsystem, a response indicating that the first subsystem and the at least one second subsystem provide the at least one trustworthiness characteristic; determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and based on determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement, causing the application to operate on a mesh comprising the first subsystem and the at least one second subsystem. |
| Claim: | 2. The method of claim 1 , wherein identifying the at least one trustworthiness requirement associated with the application comprises receiving a message from a user device indicating that the compute infrastructure is to support the at least one trustworthiness requirement. |
| Claim: | 3. The method of claim 1 , wherein the at least one trustworthiness requirement specifies at least one of a compute infrastructure trustworthiness characteristic of a set of evaluated runtime executables, a verified absence of a security misconfiguration, or a hardware type or a firmware type upon which the application is executed. |
| Claim: | 4. The method of claim 1 , wherein the first subsystem and the at least one second subsystem comprise multiple subsystems connected in series within a distributed network. |
| Claim: | 5. The method of claim 1 , the request being a first request transmitted at a first time, the response being a first response, the at least one trustworthiness characteristic being at least one first trustworthiness characteristic, the method further comprising: transmitting, to the first subsystem at a second time, a second request for at least one second trustworthiness characteristic of the first subsystem and the at least one second subsystem; receiving, from the first subsystem, a second response indicating the at least one second trustworthiness characteristic; determining that the at least one second trustworthiness characteristic fails to satisfy the at least one trustworthiness requirement; and based on determining that the at least one second trustworthiness characteristic fails to satisfy the at least one trustworthiness requirement, pruning the first subsystem and the at least one second subsystem from the mesh. |
| Claim: | 6. The method of claim 1 , the request being a first request, the response being a first response, the at least one trustworthiness characteristic being at least one first trustworthiness characteristic, the method further comprising: transmitting, to a third subsystem, a second request for at least one second trustworthiness characteristic of the third subsystem and at least one fourth subsystem connected to the third subsystem; receiving, from the third subsystem, a second response indicating the at least one second trustworthiness characteristic; determining that the at least one second trustworthiness characteristic satisfies the at least one trustworthiness requirement; determining that the at least one first trustworthiness characteristic is superior to the at least one second trustworthiness characteristic; and transmitting, to a user device, a report indicating the at least one first trustworthiness characteristic, wherein causing the application to operate on the mesh is further based on determining that the at least one first trustworthiness characteristic is superior to the at least one second trustworthiness characteristic. |
| Claim: | 7. A system, comprising: at least one processor; and one or more non-transitory media storing instructions that, when executed by the system, cause the system to perform operations comprising: identifying at least one trustworthiness requirement for a compute infrastructure upon which an application is executed; transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of a chain of subsystems comprising the first subsystem and at least one second subsystem, the first subsystem comprising a first microservice operating in a trusted execution environment (TEE) of a first device, the at least one second subsystem comprising at least one second microservice operating in at least one TEE of at least one second device, the at least one trustworthiness characteristic comprising: at least one of an executable of the first microservice, a configuration of the first microservice, a type of hardware of the first device, or a type of firmware of the first device; and at least one of an executable of the at least one second microservice, a configuration of the at least one second microservice, a file type stored or executed by the at least one second device, a type of hardware of the at least one second device, or a type of firmware of the at least one second device; receiving, from the first subsystem, a response indicating that the first subsystem and the at least one second subsystem provide the at least one trustworthiness characteristic; determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and based on determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement, causing the application to operate on a mesh comprising the chain of subsystems. |
| Claim: | 8. The system of claim 7 , wherein identifying the at least one trustworthiness requirement associated with the application comprises receiving a message from a user device indicating that the compute infrastructure is to support the at least one trustworthiness requirement. |
| Claim: | 9. The system of claim 7 , wherein the at least one trustworthiness requirement specifies at least one of a compute infrastructure trustworthiness characteristic of a set of evaluated runtime executables, a verified absence of a security misconfiguration, or a hardware type or a firmware type upon which the application is executed. |
| Claim: | 10. The system of claim 7 , wherein the chain of subsystems comprise multiple subsystems connected in series within a distributed network, and wherein the at least one second subsystem is nonadjacent to the system. |
| Claim: | 11. The system of claim 7 , the request being a first request transmitted at a first time, the response being a first response, the at least one trustworthiness characteristic being at least one first trustworthiness characteristic, the operations further comprising: transmitting, to the first subsystem at a second time, a second request for at least one second trustworthiness characteristic of the first subsystem and the at least one second subsystem; receiving, from the first subsystem, a second response indicating the at least one second trustworthiness characteristic; determining that the at least one second trustworthiness characteristic fails to satisfy the at least one trustworthiness requirement; and based on determining that the at least one second trustworthiness characteristic fails to satisfy the at least one trustworthiness requirement, pruning, from the mesh, any connected subsystems that are reachable via an interface between the first subsystem and the at least one second subsystem. |
| Claim: | 12. The system of claim 7 , the request being a first request, the response being a first response, the at least one trustworthiness characteristic being at least one first trustworthiness characteristic, the chain of subsystems being a first chain of subsystems, the operations further comprising: transmitting, to a third subsystem, a second request for at least one second trustworthiness characteristic of a second chain of subsystems comprising the third subsystem and at least one fourth subsystem connected to the third subsystem; receiving, from the third subsystem, a second response indicating the at least one second trustworthiness characteristic; determining that the at least one second trustworthiness characteristic satisfies the at least one trustworthiness requirement; determining that the at least one first trustworthiness characteristic is superior to the at least one second trustworthiness characteristic; and transmitting, to a user device, a report indicating the at least one first trustworthiness characteristic, wherein causing the application to operate on a mesh comprising the first chain of subsystems is further based on determining that the at least one first trustworthiness characteristic is superior to the at least one second trustworthiness characteristic. |
| Claim: | 13. A system, comprising: at least one processor comprising a Trusted Execution Environment (TEE); and one or more non-transitory media storing instructions that, when executed by the system, cause the TEE to execute an Application Programming Interface (API) that performs operations comprising: receiving, from a user device, at least one trustworthiness requirement for a compute infrastructure upon which an application is executed; transmitting, to a first subsystem, a first request for at least one first trustworthiness characteristic of a first chain of subsystems comprising the first subsystem and at least one second subsystem, the at least one second subsystem being adjacent to the first subsystem and nonadjacent to the system; receiving, from the first subsystem, a first response indicating the at least one first trustworthiness characteristic of the first chain of subsystems; determining that the at least one first trustworthiness characteristic fails to satisfy the at least one trustworthiness requirement; based on determining that the at least one first trustworthiness characteristic fails to satisfy the at least one trustworthiness requirement, transmitting, to a third subsystem, a second request for at least one second trustworthiness characteristic of a second chain of subsystems comprising the third subsystem and at least one fourth subsystem, the at least one fourth subsystem being adjacent to the third subsystem and nonadjacent to the system; receiving, from the third subsystem, a second response indicating the at least one second trustworthiness characteristic of the second chain of subsystems; determining that the at least one second trustworthiness characteristic satisfies the at least one trustworthiness requirement; and based on determining that the at least one second trustworthiness characteristic satisfies the at least one trustworthiness requirement, causing the application to operate on a mesh comprising the second chain of subsystems. |
| Claim: | 14. The system of claim 13 , wherein the at least one trustworthiness requirement specifies at least one of a compute infrastructure trustworthiness characteristic of a set of evaluated runtime executables, a verified absence of a security misconfiguration, or a hardware type or a firmware type upon which the application is executed. |
| Claim: | 15. The system of claim 13 , wherein the operations further comprise: transmitting, to the user device, a report indicating the at least one second trustworthiness characteristic of the second chain of subsystems. |
| Claim: | 16. The system of claim 13 , wherein the first subsystem comprises a first microservice operating in a trusted execution environment (TEE) of a first device, and wherein the at least one second subsystem comprises at least one second microservice operating in at least one TEE of at least one second device. |
| Patent References Cited: | 11570264 January 2023 Poornachandran 20130198797 August 2013 Raghuram et al. 20150082045 March 2015 D'Souza et al. 20170170970 June 2017 Leighton et al. 20190138729 May 2019 Blundell 20190155728 May 2019 Ferguson et al. 20190220601 July 2019 Sood et al. 20190281131 September 2019 Bartholomew et al. 20200210585 July 2020 Thom et al. 20210021619 January 2021 Smith et al. 20210111892 April 2021 Anjo et al. 20210194912 June 2021 Ward et al. 20210216658 July 2021 Watson et al. 20210263757 August 2021 Tsirkin 20220345484 October 2022 Drozd 20230185760 June 2023 Balle 20230185918 June 2023 Voit 20230185939 June 2023 Cam-Winget et al. 115098866 September 2022 WO2021067510 April 2021 |
| Other References: | Davari, Maryam, et al, “Access Control Model Extensions to Support Data Privacy Protection based on GDPR” 2019 IEEE International Conference on Big Data (Big Data), IEEE, Dec. 9, 2019 (Dec. 9, 2019), pp. 4017-4024, XP033721622. cited by applicant PCT Search Report and Written Opinion dated Mar. 20, 2023 for PCT Application No. PCT/US2022/052300, 16 pages. cited by applicant Singh, Jatinder, et al., “Enclaves in the Clouds: Legal Considerations and Broader Implications”, ACM Queue: Tomorrow's Computing Today, Association for Computing Machinery, New York, NY, US, Vo1. 18, No. 6, Dec. 31, 2020 (Dec. 31, 2020), pp. 1-37, XP058487713. cited by applicant Office Action for U.S. Appl. No. 17/546,991, mailed on Sep. 6, 2023, Nancy Patricia Cam-Winget, “Enforcing Location-Based Data Privacy Rules Across Networked Workloads”, 13 pages. cited by applicant |
| Primary Examiner: | Dada, Beemnet W |
| Attorney, Agent or Firm: | Lee & Hayes, P.C. |
| Přístupové číslo: | edspgr.11960607 |
| Databáze: | USPTO Patent Grants |
| Abstrakt: | This disclosure describes techniques for selectively placing and maintaining sensitive workloads in subsystems that achieve a minimum level of trustworthiness. An example method includes identifying at least one trustworthiness requirement associated with an application and transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of the first subsystem and at least one second subsystem connected to the first subsystem. A response indicating the at least one trustworthiness characteristic is received from the first subsystem. The example method further includes determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and causing the application to operate on a mesh comprising the first subsystem and the at least one second subsystem. |
|---|