SlideShare une entreprise Scribd logo

Talking TUF: Securing Software Distribution

Docker, Inc.
Docker, Inc.

The Update Framework (TUF) secures new or existing software update systems by providing a specification and library that can be flexibly and universally integrated or natively implemented. The update procedure is notoriously susceptible to malicious attacks and TUF is designed to prevent these and other updater weaknesses. Docker's Notary project integrates the Go implementation of TUF with Docker Content Trust to verify the publisher of Docker images. https://github.com/theupdateframework/tuf

Technologie
1  sur  59
Télécharger pour lire hors ligne
Talking TUF: Securing Software Distribution Justin Cappos, Trishank Kuppusamy, Vladimir Diaz, Santiago Torres, Sebastien Awwad, Lukas Puehringer New York University
What do these companies have in common?
What do these companies have in common? They all had a publicly disclosed software update hack!
Repository compromise impact ● SourceForge mirror distributed malware. ● Attackers impersonate Microsoft Windows Update to spread Flame malware. ● RubyGems compromised with RCE. ● Opera users automatically installed malware signed by compromised key. ● Node Packaged Modules compromised. ● Attacks on software updaters have massive impact ○ E.g. South Korea faced 765 million dollars in damages.
Commonly used (bad) techniques ● Why not sign all the software on a community repository? ● This way, we know whether or not attackers have tampered with software after a repository compromise. ● Couldn’t we already use previous systems --- GPG or TLS --- to do this?
The Problem with TLS ● Good ○ easy to set up ○ has nice lock icon users are trained to trust ● Bad ○ Lots of design / impl issues ○ Compromise repository -> game over
The Problem with GPG ● Good ○ Provides signature of software packages with offline keys (private keys kept off repository) so that attackers cannot tamper with packages after a repository compromise. ● Bad ○ have to manually verify public keys ○ trust for anything usually implies trust for everything ○ Furthermore, only 4% of software projects provide GPG signatures on PyPI, and 0.07% of users downloaded GPG signatures between March and April 2014.
● TUF is a secure software update framework. ● Built on ideas discussed with some folks from Tor. ● Plug-and-play (like TLS), but compromise resilient. ● Goal: support a wide array of different configurations ○ Support, don’t judge! “Survivable Key Compromise in Software Update Systems” (CCS 2010). 2010-Present: The Update Framework (TUF)
Design Principles 9 Responsibility Separation Multi-signature Trust Explicit and Implicit Revocation Minimize Individual Key and Role Risk
Design Principles 10 Responsibility Separation Delegate roles to divide responsibilities
Responsibility Separation 11 Content Timeliness
Design Principles 12 Minimize Individual Key and Role Risk Compromise Risk = Probability x Impact
Minimize Role & Key Risk 13 Root High-impact role? => Highly-secure keys Timeliness Online keys? => Low-impact role
Design Principles 14 Multi-signature Trust (t, n) signature threshold required for trust
Multi-signature Trust 15 A B A No risk to clients. Signature threshold: Two signatures
Design Principles 16 Explicit and Implicit Revocation
Explicit and Implicit Revocation 17 A C B Signature threshold: Two signatures A B B A
18 Design
19 Root Targets (projects) TimestampSnapshot
Malware attack django-1.7.1.tar.gz bcrypt-1.1.1.tar.gz flask-0.10.tar.gz django bcrypt flask django-1.8.tar.gz repository (compromised) user malware!
Versions of metadata django-1.7.1.tar.gzdjango metadata version developers packages ● packages ○ django-1.7.1.tar.gz ■ hash: X ● version: 1 Just as there as different versions of packages...
Versions of metadata django-1.7.1.tar.gz django django-1.8.tar.gz metadata version developers packages ● packages ○ django-1.8.tar.gz ■ hash: Y ○ django-1.7.1.tar.gz ■ hash: X ● version: 2 ...there are different versions of metadata corresponding to different versions of packages. The version number of a metadata file (e.g. 2) does not correspond with the version number of packages (e.g. 1.7.1).
Replay attack version package django bcrypt flask 4 5 2 version package django bcrypt flask 3 2 1 replay! old & vulnerable!
TUF: eager verification django-1.7.1.tar.gz bcrypt-1.1.1.tar.gz flask-0.10.tar.gz django bcrypt flask django-1.8.tar.gz repository user developer metadata snapshot administrator metadata hash hash hash version version version 1 2 3 5 4 User downloads all package metadata to verify snapshot metadata. Why? To prevent replay attacks, and not blindly trust administrators.
TUF: snapshot ● Adds a “snapshot” of all metadata/packages. version package django bcrypt flask 4 5 2 packages not installed, but metadata downloaded version package django bcrypt flask 4 2 1 packages installed, but with obsolete metadata replay!
Secure lazy verification django-1.7.1.tar.gz bcrypt-1.1.1.tar.gz flask-0.10.tar.gz django bcrypt flask django-1.8.tar.gz repository user developer metadata snapshot administrator metadata version version version version version version 1 2 3 User downloads only snapshot + desired package metadata! Trust administrators to specify accurate snapshot metadata.
Version checking ● Compact “snapshot” of all metadata/packages. version package django bcrypt flask 4 5 2 packages not installed, but version downloaded version package django bcrypt flask 4 2 1 packages installed, but with obsolete metadata replay!
Is this as secure as hash checking? ● So what security attacks have we given up? ○ Not malware attacks, because package metadata still signed with offline developer keys. ○ Not replay attacks, because snapshot metadata cannot specify older version numbers.
Fast-forward attack version package django bcrypt flask 4 5000 2000 packages not installed, but version downloaded version package django bcrypt flask 4 5 2 packages not installed, due to version mismatch denied! Only a mild, denial-of-service attack.
Okay, but is it as secure as hash checking? Yes! ● FF DoS (~= dropping requests) ○ Address by resetting version numbers after key revocation.
Example setup for TUF 1. Responsibility separation (roles) 2. Multitrust signatures (a.k.a. two-man rule). a. some roles like root may need multiple signatures from keys 3. Explicit and implicit revocation of keys. a. individual roles / keys timeout 4. Minimizing risk (with offline keys). 5. Further selective delegation from targets role. a. Gives trust without sharing keys, etc. ε timestamp metadata packages online keys offline keys signs metadata for target package signs root keys for delegates packages to root snapshot targets A1 BC A.pkg C.gz signs for packages A.*B.*,C.* *.pkg A2 B.tar
Multi-trust signatures ● Can require multiple signatures for a role ○ Some keys can be lost / compromised and things work >>> repository = create_new_repository("repository/") >>> public_root_key = import_rsa_publickey_from_file("keystore/root_key.pub") >>> repository.root.add_verification_key(public_root_key) >>> public_root_key2 = import_rsa_publickey_from_file("keystore/root_key2.pub") >>> repository.root.add_verification_key(public_root_key2) # Threshold of each role defaults to 1. >>> repository.root.threshold 1 # Set threshold then need to write / sign the new root file. >>> repository.root.threshold = 2 >>> repository.root.load_signing_key(private_root_key) >>> repository.root.load_signing_key(private_root_key2) >>> repository.writeall()
Target (Project) Delegation in PyPI (PEP 480)
● Lots of good suggestions for changes to TUF ● Formal TUF Augmentation Proposal (TAP) process ○ Discuss ideas, when ‘close’ send TAP ○ We review closely ○ Test implementation ○ Approve ○ (Read TAPs 1 and 2 for details) https://github.com/theupdateframework/taps/blob/master/tap1.md Standardization process (TAPs)
● TAP 3 -- multi-role signatures (Evan / Jake) ○ Alice AND Bob must both sign package A ○ Lets one have ‘unequal’ quorums ● TAP 4 -- pinning repository keys (Evan / Jake) ○ The user can control the root of trust for parts of the namespace ■ Root role compromise !-> game over! ● TAP 5 -- specify URLs in root files ○ Makes it easy to change the repo location ● TAP 6 -- version numbers in root metadata (David) ● TAP ? -- hash chaining of timestamp metadata (???) ○ Coming soon? https://github.com/theupdateframework/taps/blob/master/tap1.md Standardization process (TAPs cont...)
Integrations of TUF (some on-going)
Related effort: Uptane (securing automotive software updates)
Uptane: Securely updating automobiles Work closely with vendors, OEMs, etc. ● Security reps from 79% of US cars ● Many top suppliers / vendors Account for deployment concerns ● Solutions are only useful if deployed ● Accommodate existing infrastructure, business relationships, etc. Standardize and harden ● Working toward SAE certification ● Professional security audit ● Free / open source, detailed tests /
Uptane: Securely updating automobiles Current design Latest downloaded metadata Latest downloaded encrypted image Boot- loader Previous metadata ECU keys
Uptane Timeline 40 ● Current tasks: ○ High level spec (complete!) ○ Multi-group security analysis (complete!) ○ Detailed impl specification (RFC-style) (?complete??) ○ Reference implementation (in progress) ○ Compliance test cases (in progress) ○ Deployment recommendations document (in progress) ● Upcoming: ○ Technology demonstration (Oct 18) ○ Public security review ○ SAE Standardization
Future work: healthcare, infrastructure too Healthcare systems: ● Often antiquated OSes / systems ● Only certified in a specific configurations ● Increasingly targeted Infrastructure: ● Often antiquated OSes / systems ● Reliability is the focus, not security ○ Remote access needed Security issues can have catastrophic impact!
Related effort: Toto (securing the software supply chain)
43
Toto
Toto: Overview Project owner Functionaries End User What needs to be done Perform steps, provide evidence Verify Layout Link Link Link Link Link Final Product
Toto: Overview Project owner Defines the steps that are required in this project’s software supply chain Layout ● Only Alice and Bob can commit to this VCS ● The build will be made using the company’s Gradle buildserver ● The project will be added to a docker recipe by Carl ● ...
Toto: OverviewFunctionaries Perform steps and provide evidence as link metadata Link Link Link ● Alice: I committed to the VCS ● Gradle buildserver: I compiled alice’s commit ● Carl: I pulled and made a docker image of all of this
Toto: Overview End user Verifies the metadata Link Link Link Link Link Final Product Layout
Timeline 49 ● Currently: ○ High level spec (release coming ~1 week) ○ Reference implementation (“complete” ~1-2 weeks) ● Upcoming: ○ Internal use (~2-3 weeks) ○ Compliance test cases (~3 weeks) ○ External beta testing (~1-2 mo) ○ Broad public release (???)
Wrapping up
Conclusion 51 ● Securing software distribution, etc. is hard ● Notary provides strong guarantees for Docker containers ● Use TAPs to get changes into TUF (let’s discuss first) ● Let’s work together! ○ https://github.com/theupdateframework/ ○ https://github.com/uptane ○ https://github.com/toto-framework
Thanks! Questions? https://theupdateframework.com https://isis.poly.edu/~jcappos/ jcappos@nyu.edu
My background... (2003-2008) ● Built the first package manager designed specifically for OSVMs (Stork) ○ Deployed on the research infrastructure “PlanetLab” ■ Practical experience: thousands of VM instances over 8 years of use ○ Packages are cached in a special VM and shared ■ Disk, memory, and bandwidth savings ■ Additional security risks [USENIX ATC 2005], [LISA 2007]
2008: Attacks on Linux package managers ● By changing unsigned metadata, we can compromise users. ● No protection against: ○ Arbitrary package attacks ○ Extraneous dependencies ○ Replay attacks ○ Mix-and-match attacks “A Look in the Mirror: Attacks on Package Managers” (CCS 2008).
Fixing Linux package managers ● Disclosed these security attacks via CERT (VU#230187). ● Major vendors have adopted our security architecture.
2009: Mission accomplished! ...or is it???
2009: Tor ● Tor: “We heard about your work. Can you help us fix our software updater?” ● Security is simple, right? ● How hard can this be anyway?
Thandy (Tor) ● The Thandy software updater for Tor ○ A quorum of keys for root of trust. ○ Signing by different compartmentalized key types. ○ Use online keys only to prevent freeze attacks and bound trust window.
Thandy (Tor) ● The Thandy software updater for Tor ○ A quorum of keys for root of trust. ○ Signing by different compartmentalized key types. ○ Use online keys only to prevent freeze attacks and bound trust window. ○ ...still not enough. ● Still found 8 security problems. ● Building your own secure software updater is not trivial.

Recommandé

Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsAhmed Adel
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Amazon Web Services
 
Platform engineering
Platform engineeringPlatform engineering
Platform engineeringPrasanna Venkatesan
 
intro to DevOps
intro to DevOpsintro to DevOps
intro to DevOpsMujahed Al-Tahle
 
Introduction to CI/CD
Introduction to CI/CDIntroduction to CI/CD
Introduction to CI/CDHoang Le
 
CICD Pipeline - AWS Azure
CICD Pipeline - AWS AzureCICD Pipeline - AWS Azure
CICD Pipeline - AWS AzureRatan Das
 
CI CD Basics
CI CD BasicsCI CD Basics
CI CD BasicsPrabhu Ramkumar
 
DevOps.pptx
DevOps.pptxDevOps.pptx
DevOps.pptxEswarVineet
 

Recommandé

Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsAhmed Adel
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Amazon Web Services
 
Platform engineering
Platform engineeringPlatform engineering
Platform engineeringPrasanna Venkatesan
 
intro to DevOps
intro to DevOpsintro to DevOps
intro to DevOpsMujahed Al-Tahle
 
Introduction to CI/CD
Introduction to CI/CDIntroduction to CI/CD
Introduction to CI/CDHoang Le
 
CICD Pipeline - AWS Azure
CICD Pipeline - AWS AzureCICD Pipeline - AWS Azure
CICD Pipeline - AWS AzureRatan Das
 
CI CD Basics
CI CD BasicsCI CD Basics
CI CD BasicsPrabhu Ramkumar
 
DevOps.pptx
DevOps.pptxDevOps.pptx
DevOps.pptxEswarVineet
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesAn Nguyen
 
Coffee Break NeuVector
Coffee Break NeuVectorCoffee Break NeuVector
Coffee Break NeuVectorSUSE
 
Cloud-Native CI/CD on Kubernetes with Tekton Pipelines
Cloud-Native CI/CD on Kubernetes with Tekton PipelinesCloud-Native CI/CD on Kubernetes with Tekton Pipelines
Cloud-Native CI/CD on Kubernetes with Tekton PipelinesNikhil Thomas
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
A Hands-On Introduction To Docker Containers.pdf
A Hands-On Introduction To Docker Containers.pdfA Hands-On Introduction To Docker Containers.pdf
A Hands-On Introduction To Docker Containers.pdfEdith Puclla
 
Docker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDocker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDr Ganesh Iyer
 
InnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyInnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyEric Caron
 
Introduction to Version Control
Introduction to Version ControlIntroduction to Version Control
Introduction to Version ControlJeremy Coates
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerFrederik Mogensen
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT CampusAjeet Singh Raina
 
Gitlab CI : Integration et Déploiement Continue
Gitlab CI : Integration et Déploiement ContinueGitlab CI : Integration et Déploiement Continue
Gitlab CI : Integration et Déploiement ContinueVincent Composieux
 
Docker
DockerDocker
DockerA.K.M. Ahsrafuzzaman
 
Git basic
Git basicGit basic
Git basicAkbar Uddin
 
Version control system and Git
Version control system and GitVersion control system and Git
Version control system and Gitramubonkuri
 
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...Edureka!
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
 
Continuous Delivery and Feature Flagging
Continuous Delivery and Feature FlaggingContinuous Delivery and Feature Flagging
Continuous Delivery and Feature FlaggingLaunchDarkly
 
Running Spring Boot Applications as GraalVM Native Images
Running Spring Boot Applications as GraalVM Native ImagesRunning Spring Boot Applications as GraalVM Native Images
Running Spring Boot Applications as GraalVM Native ImagesVMware Tanzu
 
Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQubeDmytro Patserkovskyi
 
Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep DiveWill Kinard
 
Docker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker, Inc.
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker, Inc.
 

Contenu connexe

Tendances

Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesAn Nguyen
 
Coffee Break NeuVector
Coffee Break NeuVectorCoffee Break NeuVector
Coffee Break NeuVectorSUSE
 
Cloud-Native CI/CD on Kubernetes with Tekton Pipelines
Cloud-Native CI/CD on Kubernetes with Tekton PipelinesCloud-Native CI/CD on Kubernetes with Tekton Pipelines
Cloud-Native CI/CD on Kubernetes with Tekton PipelinesNikhil Thomas
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
A Hands-On Introduction To Docker Containers.pdf
A Hands-On Introduction To Docker Containers.pdfA Hands-On Introduction To Docker Containers.pdf
A Hands-On Introduction To Docker Containers.pdfEdith Puclla
 
Docker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDocker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDr Ganesh Iyer
 
InnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyInnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyEric Caron
 
Introduction to Version Control
Introduction to Version ControlIntroduction to Version Control
Introduction to Version ControlJeremy Coates
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT CampusAjeet Singh Raina
 
Gitlab CI : Integration et Déploiement Continue
Gitlab CI : Integration et Déploiement ContinueGitlab CI : Integration et Déploiement Continue
Gitlab CI : Integration et Déploiement ContinueVincent Composieux
 
Version control system and Git
Version control system and GitVersion control system and Git
Version control system and Gitramubonkuri
 
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...Edureka!
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
 
Continuous Delivery and Feature Flagging
Continuous Delivery and Feature FlaggingContinuous Delivery and Feature Flagging
Continuous Delivery and Feature FlaggingLaunchDarkly
 
Running Spring Boot Applications as GraalVM Native Images
Running Spring Boot Applications as GraalVM Native ImagesRunning Spring Boot Applications as GraalVM Native Images
Running Spring Boot Applications as GraalVM Native ImagesVMware Tanzu
 
Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep DiveWill Kinard
 

Tendances (20)

Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on Kubernetes
 
Coffee Break NeuVector
Coffee Break NeuVectorCoffee Break NeuVector
Coffee Break NeuVector
 
Cloud-Native CI/CD on Kubernetes with Tekton Pipelines
Cloud-Native CI/CD on Kubernetes with Tekton PipelinesCloud-Native CI/CD on Kubernetes with Tekton Pipelines
Cloud-Native CI/CD on Kubernetes with Tekton Pipelines
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
 
A Hands-On Introduction To Docker Containers.pdf
A Hands-On Introduction To Docker Containers.pdfA Hands-On Introduction To Docker Containers.pdf
A Hands-On Introduction To Docker Containers.pdf
 
Docker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDocker 101 - High level introduction to docker
Docker 101 - High level introduction to docker
 
InnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyInnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your company
 
Introduction to Version Control
Introduction to Version ControlIntroduction to Version Control
Introduction to Version Control
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT Campus
 
Gitlab CI : Integration et Déploiement Continue
Gitlab CI : Integration et Déploiement ContinueGitlab CI : Integration et Déploiement Continue
Gitlab CI : Integration et Déploiement Continue
 
Docker
DockerDocker
Docker
 
Git basic
Git basicGit basic
Git basic
 
Version control system and Git
Version control system and GitVersion control system and Git
Version control system and Git
 
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
 
Continuous Delivery and Feature Flagging
Continuous Delivery and Feature FlaggingContinuous Delivery and Feature Flagging
Continuous Delivery and Feature Flagging
 
Running Spring Boot Applications as GraalVM Native Images
Running Spring Boot Applications as GraalVM Native ImagesRunning Spring Boot Applications as GraalVM Native Images
Running Spring Boot Applications as GraalVM Native Images
 
Track code quality with SonarQube
Track code quality with SonarQubeTrack code quality with SonarQube
Track code quality with SonarQube
 
Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep Dive
 

En vedette

Docker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker, Inc.
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker, Inc.
 
containerd and CRI
containerd and CRIcontainerd and CRI
containerd and CRIDocker, Inc.
 
Prometheus design and philosophy
Prometheus design and philosophy Prometheus design and philosophy
Prometheus design and philosophy Docker, Inc.
 
Orchestrating Least Privilege by Diogo Monica
Orchestrating Least Privilege by Diogo Monica Orchestrating Least Privilege by Diogo Monica
Orchestrating Least Privilege by Diogo Monica Docker, Inc.
 
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...Docker, Inc.
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016Docker, Inc.
 
Online Meetup: What's new in docker 1.13.0
Online Meetup: What's new in docker 1.13.0 Online Meetup: What's new in docker 1.13.0
Online Meetup: What's new in docker 1.13.0 Docker, Inc.
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker, Inc.
 
Docker Networking: Control plane and Data plane
Docker Networking: Control plane and Data planeDocker Networking: Control plane and Data plane
Docker Networking: Control plane and Data planeDocker, Inc.
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPCDocker, Inc.
 
'The History of Metrics According to me' by Stephen Day
'The History of Metrics According to me' by Stephen Day'The History of Metrics According to me' by Stephen Day
'The History of Metrics According to me' by Stephen DayDocker, Inc.
 
Infinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container EnvironmentsInfinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container EnvironmentsDocker, Inc.
 
Containerd - core container runtime component
Containerd - core container runtime component Containerd - core container runtime component
Containerd - core container runtime component Docker, Inc.
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker, Inc.
 
Persistent storage tailored for containers
Persistent storage tailored for containersPersistent storage tailored for containers
Persistent storage tailored for containersDocker, Inc.
 
containerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerdcontainerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerdDocker, Inc.
 
Unikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOSUnikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOSDocker, Inc.
 
Heart of the SwarmKit: Store, Topology & Object Model
Heart of the SwarmKit: Store, Topology & Object ModelHeart of the SwarmKit: Store, Topology & Object Model
Heart of the SwarmKit: Store, Topology & Object ModelDocker, Inc.
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersDocker, Inc.
 

En vedette (20)

Docker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&A
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
 
containerd and CRI
containerd and CRIcontainerd and CRI
containerd and CRI
 
Prometheus design and philosophy
Prometheus design and philosophy Prometheus design and philosophy
Prometheus design and philosophy
 
Orchestrating Least Privilege by Diogo Monica
Orchestrating Least Privilege by Diogo Monica Orchestrating Least Privilege by Diogo Monica
Orchestrating Least Privilege by Diogo Monica
 
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016
 
Online Meetup: What's new in docker 1.13.0
Online Meetup: What's new in docker 1.13.0 Online Meetup: What's new in docker 1.13.0
Online Meetup: What's new in docker 1.13.0
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016
 
Docker Networking: Control plane and Data plane
Docker Networking: Control plane and Data planeDocker Networking: Control plane and Data plane
Docker Networking: Control plane and Data plane
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPC
 
'The History of Metrics According to me' by Stephen Day
'The History of Metrics According to me' by Stephen Day'The History of Metrics According to me' by Stephen Day
'The History of Metrics According to me' by Stephen Day
 
Infinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container EnvironmentsInfinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container Environments
 
Containerd - core container runtime component
Containerd - core container runtime component Containerd - core container runtime component
Containerd - core container runtime component
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EE
 
Persistent storage tailored for containers
Persistent storage tailored for containersPersistent storage tailored for containers
Persistent storage tailored for containers
 
containerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerdcontainerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerd
 
Unikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOSUnikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOS
 
Heart of the SwarmKit: Store, Topology & Object Model
Heart of the SwarmKit: Store, Topology & Object ModelHeart of the SwarmKit: Store, Topology & Object Model
Heart of the SwarmKit: Store, Topology & Object Model
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
 

Similaire à Talking TUF: Securing Software Distribution

Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Sa...
Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Sa...Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Sa...
Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Sa...Docker, Inc.
 
Agile Secure Development
Agile Secure DevelopmentAgile Secure Development
Agile Secure DevelopmentBosnia Agile
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityLinaro
 
Continuous Security for GitOps
Continuous Security for GitOpsContinuous Security for GitOps
Continuous Security for GitOpsWeaveworks
 
MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows Ron Munitz
 
Not my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructureNot my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructureYshay Yaacobi
 
How to Manage the Risk of your Polyglot Environments
How to Manage the Risk of your Polyglot EnvironmentsHow to Manage the Risk of your Polyglot Environments
How to Manage the Risk of your Polyglot EnvironmentsDevOps.com
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxGiuseppe Paterno'
 
Voxxed Days Villnius 2015 - Burning Marshmallows
Voxxed Days Villnius 2015 - Burning MarshmallowsVoxxed Days Villnius 2015 - Burning Marshmallows
Voxxed Days Villnius 2015 - Burning MarshmallowsRon Munitz
 
CodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallowsCodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallowsRon Munitz
 
What to Expect When You're Expecting (to Own Production)
What to Expect When You're Expecting (to Own Production)What to Expect When You're Expecting (to Own Production)
What to Expect When You're Expecting (to Own Production)Michael Diamant
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudsparkfabrik
 
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...sparkfabrik
 
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...Demi Ben-Ari
 
Secure Developer Access at Decisiv
Secure Developer Access at DecisivSecure Developer Access at Decisiv
Secure Developer Access at DecisivTeleport
 
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...sparkfabrik
 
Continuous Delivery for Python Developers – PyCon Otto
Continuous Delivery for Python Developers – PyCon OttoContinuous Delivery for Python Developers – PyCon Otto
Continuous Delivery for Python Developers – PyCon OttoPeter Bittner
 

Similaire à Talking TUF: Securing Software Distribution (20)

Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Sa...
Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Sa...Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Sa...
Securing the Software Supply Chain with TUF and Docker - Justin Cappos and Sa...
 
Security in open source projects
Security in open source projectsSecurity in open source projects
Security in open source projects
 
Agile Secure Development
Agile Secure DevelopmentAgile Secure Development
Agile Secure Development
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source security
 
Continuous Security for GitOps
Continuous Security for GitOpsContinuous Security for GitOps
Continuous Security for GitOps
 
MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows
 
Not my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructureNot my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructure
 
How to Manage the Risk of your Polyglot Environments
How to Manage the Risk of your Polyglot EnvironmentsHow to Manage the Risk of your Polyglot Environments
How to Manage the Risk of your Polyglot Environments
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise Linux
 
Voxxed Days Villnius 2015 - Burning Marshmallows
Voxxed Days Villnius 2015 - Burning MarshmallowsVoxxed Days Villnius 2015 - Burning Marshmallows
Voxxed Days Villnius 2015 - Burning Marshmallows
 
CodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallowsCodeMotion tel aviv 2015 - burning marshmallows
CodeMotion tel aviv 2015 - burning marshmallows
 
What to Expect When You're Expecting (to Own Production)
What to Expect When You're Expecting (to Own Production)What to Expect When You're Expecting (to Own Production)
What to Expect When You're Expecting (to Own Production)
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloud
 
Total E(A)gression defcon
Total E(A)gression defconTotal E(A)gression defcon
Total E(A)gression defcon
 
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
 
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-...
 
Secure Developer Access at Decisiv
Secure Developer Access at DecisivSecure Developer Access at Decisiv
Secure Developer Access at Decisiv
 
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
 
Continuous Delivery for Python Developers – PyCon Otto
Continuous Delivery for Python Developers – PyCon OttoContinuous Delivery for Python Developers – PyCon Otto
Continuous Delivery for Python Developers – PyCon Otto
 
Api gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a serviceApi gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a service
 

Plus de Docker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXDocker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeDocker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDocker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices WorldDocker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with DockerDocker, Inc.
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog ScaleDocker, Inc.
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels Docker, Inc.
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDocker, Inc.
 

Plus de Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Dernier

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Dernier (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Talking TUF: Securing Software Distribution

  • 1. Talking TUF: Securing Software Distribution Justin Cappos, Trishank Kuppusamy, Vladimir Diaz, Santiago Torres, Sebastien Awwad, Lukas Puehringer New York University
  • 2. What do these companies have in common?
  • 3. What do these companies have in common? They all had a publicly disclosed software update hack!
  • 4. Repository compromise impact ● SourceForge mirror distributed malware. ● Attackers impersonate Microsoft Windows Update to spread Flame malware. ● RubyGems compromised with RCE. ● Opera users automatically installed malware signed by compromised key. ● Node Packaged Modules compromised. ● Attacks on software updaters have massive impact ○ E.g. South Korea faced 765 million dollars in damages.
  • 5. Commonly used (bad) techniques ● Why not sign all the software on a community repository? ● This way, we know whether or not attackers have tampered with software after a repository compromise. ● Couldn’t we already use previous systems --- GPG or TLS --- to do this?
  • 6. The Problem with TLS ● Good ○ easy to set up ○ has nice lock icon users are trained to trust ● Bad ○ Lots of design / impl issues ○ Compromise repository -> game over
  • 7. The Problem with GPG ● Good ○ Provides signature of software packages with offline keys (private keys kept off repository) so that attackers cannot tamper with packages after a repository compromise. ● Bad ○ have to manually verify public keys ○ trust for anything usually implies trust for everything ○ Furthermore, only 4% of software projects provide GPG signatures on PyPI, and 0.07% of users downloaded GPG signatures between March and April 2014.
  • 8. ● TUF is a secure software update framework. ● Built on ideas discussed with some folks from Tor. ● Plug-and-play (like TLS), but compromise resilient. ● Goal: support a wide array of different configurations ○ Support, don’t judge! “Survivable Key Compromise in Software Update Systems” (CCS 2010). 2010-Present: The Update Framework (TUF)
  • 12. Design Principles 12 Minimize Individual Key and Role Risk Compromise Risk = Probability x Impact
  • 13. Minimize Role & Key Risk 13 Root High-impact role? => Highly-secure keys Timeliness Online keys? => Low-impact role
  • 15. Multi-signature Trust 15 A B A No risk to clients. Signature threshold: Two signatures
  • 17. Explicit and Implicit Revocation 17 A C B Signature threshold: Two signatures A B B A
  • 21. Versions of metadata django-1.7.1.tar.gzdjango metadata version developers packages ● packages ○ django-1.7.1.tar.gz ■ hash: X ● version: 1 Just as there as different versions of packages...
  • 22. Versions of metadata django-1.7.1.tar.gz django django-1.8.tar.gz metadata version developers packages ● packages ○ django-1.8.tar.gz ■ hash: Y ○ django-1.7.1.tar.gz ■ hash: X ● version: 2 ...there are different versions of metadata corresponding to different versions of packages. The version number of a metadata file (e.g. 2) does not correspond with the version number of packages (e.g. 1.7.1).
  • 23. Replay attack version package django bcrypt flask 4 5 2 version package django bcrypt flask 3 2 1 replay! old & vulnerable!
  • 25. TUF: snapshot ● Adds a “snapshot” of all metadata/packages. version package django bcrypt flask 4 5 2 packages not installed, but metadata downloaded version package django bcrypt flask 4 2 1 packages installed, but with obsolete metadata replay!
  • 27. Version checking ● Compact “snapshot” of all metadata/packages. version package django bcrypt flask 4 5 2 packages not installed, but version downloaded version package django bcrypt flask 4 2 1 packages installed, but with obsolete metadata replay!
  • 28. Is this as secure as hash checking? ● So what security attacks have we given up? ○ Not malware attacks, because package metadata still signed with offline developer keys. ○ Not replay attacks, because snapshot metadata cannot specify older version numbers.
  • 29. Fast-forward attack version package django bcrypt flask 4 5000 2000 packages not installed, but version downloaded version package django bcrypt flask 4 5 2 packages not installed, due to version mismatch denied! Only a mild, denial-of-service attack.
  • 30. Okay, but is it as secure as hash checking? Yes! ● FF DoS (~= dropping requests) ○ Address by resetting version numbers after key revocation.
  • 31. Example setup for TUF 1. Responsibility separation (roles) 2. Multitrust signatures (a.k.a. two-man rule). a. some roles like root may need multiple signatures from keys 3. Explicit and implicit revocation of keys. a. individual roles / keys timeout 4. Minimizing risk (with offline keys). 5. Further selective delegation from targets role. a. Gives trust without sharing keys, etc. ε timestamp metadata packages online keys offline keys signs metadata for target package signs root keys for delegates packages to root snapshot targets A1 BC A.pkg C.gz signs for packages A.*B.*,C.* *.pkg A2 B.tar
  • 32. Multi-trust signatures ● Can require multiple signatures for a role ○ Some keys can be lost / compromised and things work >>> repository = create_new_repository("repository/") >>> public_root_key = import_rsa_publickey_from_file("keystore/root_key.pub") >>> repository.root.add_verification_key(public_root_key) >>> public_root_key2 = import_rsa_publickey_from_file("keystore/root_key2.pub") >>> repository.root.add_verification_key(public_root_key2) # Threshold of each role defaults to 1. >>> repository.root.threshold 1 # Set threshold then need to write / sign the new root file. >>> repository.root.threshold = 2 >>> repository.root.load_signing_key(private_root_key) >>> repository.root.load_signing_key(private_root_key2) >>> repository.writeall()
  • 33. Target (Project) Delegation in PyPI (PEP 480)
  • 34. ● Lots of good suggestions for changes to TUF ● Formal TUF Augmentation Proposal (TAP) process ○ Discuss ideas, when ‘close’ send TAP ○ We review closely ○ Test implementation ○ Approve ○ (Read TAPs 1 and 2 for details) https://github.com/theupdateframework/taps/blob/master/tap1.md Standardization process (TAPs)
  • 35. ● TAP 3 -- multi-role signatures (Evan / Jake) ○ Alice AND Bob must both sign package A ○ Lets one have ‘unequal’ quorums ● TAP 4 -- pinning repository keys (Evan / Jake) ○ The user can control the root of trust for parts of the namespace ■ Root role compromise !-> game over! ● TAP 5 -- specify URLs in root files ○ Makes it easy to change the repo location ● TAP 6 -- version numbers in root metadata (David) ● TAP ? -- hash chaining of timestamp metadata (???) ○ Coming soon? https://github.com/theupdateframework/taps/blob/master/tap1.md Standardization process (TAPs cont...)
  • 36. Integrations of TUF (some on-going)
  • 37. Related effort: Uptane (securing automotive software updates)
  • 38. Uptane: Securely updating automobiles Work closely with vendors, OEMs, etc. ● Security reps from 79% of US cars ● Many top suppliers / vendors Account for deployment concerns ● Solutions are only useful if deployed ● Accommodate existing infrastructure, business relationships, etc. Standardize and harden ● Working toward SAE certification ● Professional security audit ● Free / open source, detailed tests /
  • 39. Uptane: Securely updating automobiles Current design Latest downloaded metadata Latest downloaded encrypted image Boot- loader Previous metadata ECU keys
  • 40. Uptane Timeline 40 ● Current tasks: ○ High level spec (complete!) ○ Multi-group security analysis (complete!) ○ Detailed impl specification (RFC-style) (?complete??) ○ Reference implementation (in progress) ○ Compliance test cases (in progress) ○ Deployment recommendations document (in progress) ● Upcoming: ○ Technology demonstration (Oct 18) ○ Public security review ○ SAE Standardization
  • 41. Future work: healthcare, infrastructure too Healthcare systems: ● Often antiquated OSes / systems ● Only certified in a specific configurations ● Increasingly targeted Infrastructure: ● Often antiquated OSes / systems ● Reliability is the focus, not security ○ Remote access needed Security issues can have catastrophic impact!
  • 42. Related effort: Toto (securing the software supply chain)
  • 43. 43
  • 44. Toto
  • 45. Toto: Overview Project owner Functionaries End User What needs to be done Perform steps, provide evidence Verify Layout Link Link Link Link Link Final Product
  • 46. Toto: Overview Project owner Defines the steps that are required in this project’s software supply chain Layout ● Only Alice and Bob can commit to this VCS ● The build will be made using the company’s Gradle buildserver ● The project will be added to a docker recipe by Carl ● ...
  • 47. Toto: OverviewFunctionaries Perform steps and provide evidence as link metadata Link Link Link ● Alice: I committed to the VCS ● Gradle buildserver: I compiled alice’s commit ● Carl: I pulled and made a docker image of all of this
  • 48. Toto: Overview End user Verifies the metadata Link Link Link Link Link Final Product Layout
  • 49. Timeline 49 ● Currently: ○ High level spec (release coming ~1 week) ○ Reference implementation (“complete” ~1-2 weeks) ● Upcoming: ○ Internal use (~2-3 weeks) ○ Compliance test cases (~3 weeks) ○ External beta testing (~1-2 mo) ○ Broad public release (???)
  • 51. Conclusion 51 ● Securing software distribution, etc. is hard ● Notary provides strong guarantees for Docker containers ● Use TAPs to get changes into TUF (let’s discuss first) ● Let’s work together! ○ https://github.com/theupdateframework/ ○ https://github.com/uptane ○ https://github.com/toto-framework
  • 53. My background... (2003-2008) ● Built the first package manager designed specifically for OSVMs (Stork) ○ Deployed on the research infrastructure “PlanetLab” ■ Practical experience: thousands of VM instances over 8 years of use ○ Packages are cached in a special VM and shared ■ Disk, memory, and bandwidth savings ■ Additional security risks [USENIX ATC 2005], [LISA 2007]
  • 54. 2008: Attacks on Linux package managers ● By changing unsigned metadata, we can compromise users. ● No protection against: ○ Arbitrary package attacks ○ Extraneous dependencies ○ Replay attacks ○ Mix-and-match attacks “A Look in the Mirror: Attacks on Package Managers” (CCS 2008).
  • 55. Fixing Linux package managers ● Disclosed these security attacks via CERT (VU#230187). ● Major vendors have adopted our security architecture.
  • 57. 2009: Tor ● Tor: “We heard about your work. Can you help us fix our software updater?” ● Security is simple, right? ● How hard can this be anyway?
  • 58. Thandy (Tor) ● The Thandy software updater for Tor ○ A quorum of keys for root of trust. ○ Signing by different compartmentalized key types. ○ Use online keys only to prevent freeze attacks and bound trust window.
  • 59. Thandy (Tor) ● The Thandy software updater for Tor ○ A quorum of keys for root of trust. ○ Signing by different compartmentalized key types. ○ Use online keys only to prevent freeze attacks and bound trust window. ○ ...still not enough. ● Still found 8 security problems. ● Building your own secure software updater is not trivial.