The Update Framework (TUF)

The Update Framework (TUF) is a software framework designed to protect mechanisms that automatically identify and download updates to software.[1] It consists of a set of software libraries, file formats, and utilities that can authenticate files and images before they are downloaded. In this way, it protects software repositories, which are an increasingly desirable target for hackers.[2][3][4]

A software update, sometimes referred to as a patch, can add functionalities and address flaws in existing code.[5] Unfortunately, in delivering updates to neutralize flaws, these systems can unintentionally introduce vulnerabilities that, in turn, can be exploited by attackers.[6]

The key concept behind TUF is “compromise-resilience,” or the ability to limit the impact of attacks and provide a mechanism for recovery even if the software repository, or the server on which files are stored, should be compromised. TUF’s security strategy improves on existing methods based on keysigning [7][8] by incorporating strategies, such as separation of signing duties. By dividing the responsibility for authenticating a file or image, even if one party—or the repository itself—is compromised, the number of projects affected will be limited.[9]

The technology that evolved into TUF was first developed at the University of Washington in 2009 by Justin Samuel and Justin Cappos, and its principles were first discussed in a paper Samuel and Cappos coauthored with Nick Mathewson and Roger Dingledine, researchers from The Tor Project, Inc..[10] Since 2011, TUF has been based at New York University Tandon School of Engineering, where Cappos, working with a team of graduate students and developers, continues to supervise its development and integration initiatives.

TUF is open-source software, which means all relevant source code can be accessed free of charge at the project’s repository on GitHub. It is also designed to be integrated into existing update systems and using existing system languages. To date, it has been standardized in Python,[11][12] and independently implemented in the Go language by Flynn, an open-source platform as a service (PaaS) for running applications in production.[13][14][15] Implementations of TUF have also been written in Haskell, Ruby,[16] and Rust.

One of the more significant earlier adoptions of TUF in the open-source community was by Docker Content Trust,[17][18] an implementation of the Notary project from Docker that deploys Linux containers.[19] Notary, which is built on TUF, can both certify the validity of the sources of Docker images, and encrypt the contents of those images.[20] In October 2017, Notary and TUF were both adopted as hosted projects by the Linux Foundation as part of its Cloud Native Computing Foundation.[21][22]

As of early 2018, the list of tech companies and organizations using TUF in production included DigitalOcean,[23] LEAP,[24] Kolide,[25] Cloudflare,[26] and VMware.[27] A full list of current and in-process integrations can be found on the TUF website.

In 2017, an adaptation of this technology called Uptane, designed to protect computing units on automobiles, was named one of the top security inventions for 2017 by Popular Science.[28]

References

  1. Diaz, Vladimir; et al. "The Update Framework Specification". V.1.0. SSL NYU Tandon. Retrieved 14 February 2018.
  2. "The Cracking of Kernel.org". The Linux Foundation. 31 August 2011. Retrieved 1 February 2018.
  3. "Debian Investigation Report after Server Compromise". Debian.org. 2 December 2003. Retrieved 1 February 2018.
  4. "Infrastructure report,2008-08-22 UTC 1200". Redhat.com. 22 August 2008. Retrieved 1 February 2018.
  5. Software Update as a Mechanism for Resilience and Security: Proceedings of a WorkshopThe NIST Perspective on Software Updates. National Academies Press. February 2017. pp. 53–58. Retrieved 12 February 2018.
  6. Redmiles, Elissa (16 May 2017). "Installing Software Updates Makes us WannaCry". Scientific American. Retrieved 13 November 2017.
  7. Spring, Tom (7 November 2017). "Assessing Weaknesses in Public Key Infrastructure". Threatpost.com. Retrieved 13 February 2018.
  8. Chandra, Sourabh; Paira, Smita; Alam, Sk Safikul; Sanyal, Goutam (November 2014). A Comparative Survey of Symmetric and Asymmetric Key Cryptography. ICECCE. pp. 83–93.
  9. Kuppusamy, Trishank Karthik; Torres-Arias, Santiago; Diaz, Vladimir; Cappos, Justin (March 2016). Diplomat: Using Delegations to Protect Community Repositories. Usenix. pp. 567–581.
  10. Samuel, Justin; Mathewson, Nick; Cappos, Justin; Dingledine, Roger. Survivable Key Compromise in Software Update Systems (PDF). ACM. pp. 61–72 via CCS 2010.
  11. Kuppusamy, Trishank Karthik; Diaz, Vladimir; Stufft, Donald; Cappos, Justin (27 September 2013). "PEP 458—Surviving a Compromise of PyPI". Retrieved 2 April 2018.
  12. Kuppusamy, Trishank Karthik; Diaz, Vladimir; Stufft, Donald; Cappos, Justin (8 October 2014). "PEP 480—Surviving a Compromise of PyPI: The Maximum Security Model". Retrieved 2 April 2018.
  13. Yegulalp, Serdar. "Open source Flynn takes the headaches out of app deployment". www.Infoworld.com. IDG. Retrieved 3 October 2016.
  14. "Security – Flynn". flynn.io. Retrieved 3 October 2016.
  15. "flynn/go-tuf". www.github.com. GitHub, Inc. Retrieved 3 October 2016.
  16. Shay, Xavier (6 December 2013). "Securing RubyGems with TUF, Part 1". Medium.com. Retrieved 6 April 2018.
  17. Monica, Diogo (12 August 2015). "Introducing Docker Content Trust – Docker Blog". Blog.Docker.com. Docker. Retrieved 2 October 2016.
  18. "Docker Content Trust Protects Integrity of Dockerized Content". www.CIOReview.com. CIO Review. Retrieved 2 October 2016.
  19. Fulton III, Scott M. (12 August 2015). "Docker: With Content Trust, You Can Run Containers on Untrusted Networks – The New Stack". TheNewStack.io. The New Stack. Retrieved 3 October 2016.
  20. Vaughan-Nichols, Steven J. "Docker 1.8 adds serious container security ZDNet". ZDNet. CBS Interactive. Retrieved 3 October 2016.
  21. Jackson, Joab (24 October 2017). "CNCF Brings Security to the Cloud Native Stack with Notary, TUF Adoption". The New Stack.
  22. Ferguson, Scott (24 October 2017). "Cloud Native Computing Foundation Adopts 2 Security Projects". Enterprise Cloud News.
  23. "digitalcoean.com". Retrieved 16 March 2018.
  24. "New releases for a new year". Leap Encryption Access Project. 23 December 2014. Retrieved 19 October 2017.
  25. "Kolide Updater". Retrieved 16 March 2018.
  26. Sullivan, Nick (3 July 2017). "A container identity bootstrapping tool". Cloudflare blog. Retrieved 16 March 2018.
  27. "VMware websitel". Retrieved 16 March 2018.
  28. Atherton, Kelsey D.; Feltman, Rachel (17 October 2017). "The Year's Most Important Innovations in Security". Popular Science.

Selected publications


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.