logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

Securing Content Repositories with the Update Framework (TUF)

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: Marina Moore, Joshua Lock
2021-10-14

tldr - powered by Generative AI

The Update Framework (TUF) is a framework for secure software updates that protects the integrity, consistency, and freshness of packages while reducing the impact of a compromise and allowing for recovery. It uses cryptographic signatures to protect content and separates responsibilities to reduce the impact of key loss. TUF also allows users to recover when a compromise happens through hierarchical trust delegations.
  • TUF protects content using cryptographic signatures over the content, repository, and metadata to ensure integrity, consistency, and freshness.
  • TUF reduces the impact of key loss by separating responsibilities and requiring a threshold of keys to sign content.
  • TUF allows users to recover from a compromise through hierarchical trust delegations.
  • TUF uses a root role that delegates to other roles in the system, including a timestamp role, snapshot role, and targets roles.
  • TUF balances trust and responsibility by ensuring that more vulnerable roles have less of an impact when compromised.
Tags:
content delivery
software updates
Security
TUF
TAP