When the Going Gets Tough, Get TUF Going! [I] - David Lawrence & Ashwini Oruganti, Docker

less than 1 minute read

Abstract

Software distribution and packaging systems are rapidly becoming the weak link in the software lifecycle. In this talk we will look at the security landscape of existing software update systems and signing strategies. We will then introduce The Update Framework (TUF), a new signing framework that looks to address many of the challenges found in existing systems and more. TUF provides protections against data tampering, rollbacks, key compromise, and other more esoteric attacks. We will investigate how it achieves these protections and show you how to start using it today. While TUF is a general signing framework, we will also address use cases specific to the Cloud Native Ecosystem. These include how to use TUF signing to de-privilege cluster managers and attach metadata to images and containers in a decentralized manner which can be leveraged for policy management.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

When the Going Gets Tough, Get TUF Going! [I] - David Lawrence & Ashwini Oruganti, Docker

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google