|
The design of TUF acknowledges that all software repositories will likely be compromised at some point, so any security strategy must be prepared for that scenario. TUF-enabled systems focus on limiting the impact of attacks and providing a mechanism for recovery. This strategy of “compromise-resilience” improves on existing methods based on [[keysigning]][{{cite web|title=Assessing Weaknesses in Public Key Infrastructure|url=https://threatpost.com/assessing-weaknesses-in-public-key-infrastructure/128793/| publisher=Threatpost.com|last1=Spring|first1=Tom|date= 7 November 2017|accessdate=13 February 2018}}][{{cite conference|chapter=A Comparative Survey of Symmetric and Asymmetric Key Cryptography|last1=Chandra|first1=Sourabh|last2=Paira|first2=Smita|last3=Alam|first3=Sk Safikul|last4=Sanyal|first4=Goutam|title=2014 International Conference on Electronics, Communication and Computational Engineering (ICECCE) |date=November 2014|publisher=ICECCE|pages=83–93|doi = 10.1109/ICECCE.2014.7086640|isbn=978-1-4799-5748-4 }}] by incorporating techniques, such as separation of signing duties and setting a threshold number of required signatures. Dividing the responsibility for authenticating a file or image ensures no single hacker can compromise the system. It also helps to ensure that keys used to perform a sensitive action can be stored in a secure, offline manner. Even if one party—or the repository itself—is compromised, the number of projects affected will be limited.[{{cite conference|title=Diplomat: Using Delegations to Protect Community Repositories|url=https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy|last1=Kuppusamy|first1=Trishank Karthik|last2=Torres-Arias|first2=Santiago|last3=Diaz|first3=Vladimir|last4=Cappos|first4=Justin|date=March 2016|publisher=Usenix|pages=567–581}}] |
|
The design of TUF acknowledges that all software repositories will likely be compromised at some point, so any security strategy must be prepared for that scenario. TUF-enabled systems focus on limiting the impact of attacks and providing a mechanism for recovery. This strategy of “compromise-resilience” improves on existing methods based on [[keysigning]][{{cite web|title=Assessing Weaknesses in Public Key Infrastructure|url=https://threatpost.com/assessing-weaknesses-in-public-key-infrastructure/128793/| publisher=Threatpost.com|last1=Spring|first1=Tom|date= 7 November 2017|accessdate=13 February 2018}}][{{cite conference|chapter=A Comparative Survey of Symmetric and Asymmetric Key Cryptography|last1=Chandra|first1=Sourabh|last2=Paira|first2=Smita|last3=Alam|first3=Sk Safikul|last4=Sanyal|first4=Goutam|title=2014 International Conference on Electronics, Communication and Computational Engineering (ICECCE) |date=November 2014|publisher=ICECCE|pages=83–93|doi = 10.1109/ICECCE.2014.7086640|isbn=978-1-4799-5748-4 }}] by incorporating techniques, such as separation of signing duties and setting a threshold number of required signatures. Dividing the responsibility for authenticating a file or image ensures no single hacker can compromise the system. It also helps to ensure that keys used to perform a sensitive action can be stored in a secure, offline manner. Even if one party—or the repository itself—is compromised, the number of projects affected will be limited.[{{cite conference|title=Diplomat: Using Delegations to Protect Community Repositories|url=https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy|last1=Kuppusamy|first1=Trishank Karthik|last2=Torres-Arias|first2=Santiago|last3=Diaz|first3=Vladimir|last4=Cappos|first4=Justin|date=March 2016|publisher=Usenix|pages=567–581}}] |
|
|
TUF is designed with an explicit threat model that assumes attackers may compromise software updates in specific ways.[{{cite journal |last1=Samuel |first1=Justin |last2=Mathewson |first2=Nick |last3=Cappos |first3=Justin |last4=Dingledine |first4=Roger |year=2010 |title=Survivable Key Compromise in Software Update Systems |journal=Proceedings of the 17th ACM Conference on Computer and Communications Security |publisher=ACM |doi=10.1145/1866307.1866311}}] Documented attacks on software update systems can include rollback attacks, freeze attacks, mix-and-match attacks, and arbitrary software installation, among others.[{{cite web |title=Attacks and Weaknesses |url=https://theupdateframework.io/docs/security/ |access-date=2026-04-20 |website=The Update Framework Documentation |publisher=The Update Framework Authors}}] TUF mitigates these risks through mechanisms such as versioned metadata, expiration times, and role-based signing with threshold signatures. |
|
To date, the list of tech companies and organizations using TUF include [https://foundries.io Foundries.io],[{{Cite web |date=2020-03-05 |title=FoundriesFactory TUF Keys Rotation |url=https://foundries.io/insights/blog/20200305-key-rotation/ |access-date=2023-08-17 |website=foundries.io |language=en}}] [[IBM]],[{{cite web|title=Signing images for trusted content|url=https://cloud.ibm.com/docs/services/Registry?topic=registry-registry_trustedcontent#registry_trustedcontent|publisher=IBM Cloud Docs|date=13 February 2020|accessdate=13 April 2020}}] VMware,[{{cite web |title=VMware |url=https://www.vmware.com/ |website=www.vmware.com |publisher=[[VMware]] |access-date=13 May 2023 |archive-url=https://web.archive.org/web/20230512130132/https://www.vmware.com/ |archive-date=May 12, 2023 |url-status=live}}] Digital Ocean,[{{cite web |title=DigitalOcean |url=https://www.digitalocean.com/ |website=www.digitalocean.com |publisher=[[DigitalOcean]] |access-date=13 May 2023 |archive-url=https://web.archive.org/web/20230512142257/https://www.digitalocean.com/ |archive-date=May 12, 2023 |language=en |url-status=live}}] Microsoft,[{{cite web|title=Content trust in Azure Container Registry|url=https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust|publisher=Microsoft|date=6 September 2019|accessdate=13 April 2020}}] Google,[{{cite web|title=Fuchsia Project|url=https://fuchsia.dev/|publisher=Google|date=2 April 2020|accessdate=13 April 2020}}] Amazon,[{{cite web|title=AWS Tough Repository|url=https://github.com/awslabs/tough|publisher=Amazon|date=9 April 2020|accessdate=13 April 2020}}] Leap,[{{cite web|title=New releases for a new year|url=https://leap.se/en/2014/darkest-night|publisher=Leap Encryption Action Project|date=23 December 2014|accessdate=13 April 2020}}] Kolide,[{{cite web|title=Kolide Updater|url=https://github.com/kolide/updater/blob/master/README.md|publisher=Kolide|date=1 November 2014|accessdate=13 April 2020}}] Docker,[{{cite web|title=Docker Trusted Registry|url=https://www.mirantis.com/software/docker/image-registry/|publisher=Mirantis.com|accessdate=13 April 2020}}] and Cloudflare.[{{cite web|title=A container identity bootstrapping tool|url=https://blog.cloudflare.com/pal-a-container-identity-bootstrapping-tool/|publisher=Cloudflare Blog|last1=Sullivan|first1=Nick|date=16 March 2018|accessdate=13 April 2020}}] |
|
To date, the list of tech companies and organizations using TUF include [https://foundries.io Foundries.io],[{{Cite web |date=2020-03-05 |title=FoundriesFactory TUF Keys Rotation |url=https://foundries.io/insights/blog/20200305-key-rotation/ |access-date=2023-08-17 |website=foundries.io |language=en}}] [[IBM]],[{{cite web|title=Signing images for trusted content|url=https://cloud.ibm.com/docs/services/Registry?topic=registry-registry_trustedcontent#registry_trustedcontent|publisher=IBM Cloud Docs|date=13 February 2020|accessdate=13 April 2020}}] VMware,[{{cite web |title=VMware |url=https://www.vmware.com/ |website=www.vmware.com |publisher=[[VMware]] |access-date=13 May 2023 |archive-url=https://web.archive.org/web/20230512130132/https://www.vmware.com/ |archive-date=May 12, 2023 |url-status=live}}] Digital Ocean,[{{cite web |title=DigitalOcean |url=https://www.digitalocean.com/ |website=www.digitalocean.com |publisher=[[DigitalOcean]] |access-date=13 May 2023 |archive-url=https://web.archive.org/web/20230512142257/https://www.digitalocean.com/ |archive-date=May 12, 2023 |language=en |url-status=live}}] Microsoft,[{{cite web|title=Content trust in Azure Container Registry|url=https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust|publisher=Microsoft|date=6 September 2019|accessdate=13 April 2020}}] Google,[{{cite web|title=Fuchsia Project|url=https://fuchsia.dev/|publisher=Google|date=2 April 2020|accessdate=13 April 2020}}] Amazon,[{{cite web|title=AWS Tough Repository|url=https://github.com/awslabs/tough|publisher=Amazon|date=9 April 2020|accessdate=13 April 2020}}] Leap,[{{cite web|title=New releases for a new year|url=https://leap.se/en/2014/darkest-night|publisher=Leap Encryption Action Project|date=23 December 2014|accessdate=13 April 2020}}] Kolide,[{{cite web|title=Kolide Updater|url=https://github.com/kolide/updater/blob/master/README.md|publisher=Kolide|date=1 November 2014|accessdate=13 April 2020}}] Docker,[{{cite web|title=Docker Trusted Registry|url=https://www.mirantis.com/software/docker/image-registry/|publisher=Mirantis.com|accessdate=13 April 2020}}] and Cloudflare.[{{cite web|title=A container identity bootstrapping tool|url=https://blog.cloudflare.com/pal-a-container-identity-bootstrapping-tool/|publisher=Cloudflare Blog|last1=Sullivan|first1=Nick|date=16 March 2018|accessdate=13 April 2020}}] |
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
