The Update Framework

Last updated

The Update Framework (TUF) is a software framework designed to protect mechanisms that automatically identify and download updates to software. [1] TUF uses a series of roles and keys to provide a means to retain security, even when some keys or servers are compromised. It does this with a stated goal of requiring minimal changes and effort from repository administrators, software developers, and end users. [2] In this way, it protects software repositories, which are an increasingly desirable target for hackers. [3] [4] [5] [6] [7]

Contents

A software update, sometimes referred to as a patch, can add functionalities and address flaws in existing code. [8] Unfortunately, in delivering updates to neutralize flaws, these systems can unintentionally introduce vulnerabilities that, in turn, can be exploited by attackers. [9] [10] [11]

The design of TUF acknowledges that all software repositories will likely be compromised at some point, so any security strategy must be prepared for that scenario. TUF-enabled systems focus on limiting the impact of attacks and providing a mechanism for recovery. This strategy of “compromise-resilience” improves on existing methods based on keysigning [12] [13] by incorporating techniques, such as separation of signing duties and setting a threshold number of required signatures. Dividing the responsibility for authenticating a file or image ensures no single hacker can compromise the system. It also helps to ensure that keys used to perform a sensitive action can be stored in a secure, offline manner. Even if one party—or the repository itself—is compromised, the number of projects affected will be limited. [14]

To date, the list of tech companies and organizations using TUF include Foundries.io, [15] IBM, [16] VMware, [17] Digital Ocean, [18] Microsoft, [19] Google, [20] Amazon, [21] Leap, [22] Kolide, [23] Docker, [24] and Cloudflare. [25]

The technology that evolved into TUF was first developed at the University of Washington in 2009 by Justin Samuel and Justin Cappos, and its principles were first discussed in a paper Samuel and Cappos coauthored with Nick Mathewson and Roger Dingledine, researchers from The Tor Project, Inc. [26] Since 2011, TUF has been based at New York University Tandon School of Engineering, where Cappos continues to work with a team of graduate students and programmers in the Secure Systems Lab to supervise its maturation, development and integration into production use across different communities.

One of the more significant earlier adoptions of TUF in the open-source community was by Docker Content Trust, [27] an implementation of the Notary project from Docker that deploys Linux containers. [28] Notary, which is built on TUF, can both certify the validity of the sources of Docker images, and encrypt the contents of those images. [29] [30] Through Notary Content Trust, TUF also secures operations for Microsoft Azure. [19]

Since 2017, both Notary and TUF have been hosted by the Linux Foundation under the Cloud Native Computing Foundation. [31] [32] Cappos remains with the project as consensus builder. In December 2019, TUF was awarded “graduate” status within the organization, signifying that it has completed a series of steps needed to move the project to the highest level of maturity in the CNCF. [33] These steps included completing an independent third party security audit, adopting the CNCF Code of Conduct, and explicitly defining a project governance and committer process. TUF became both the first security project and the first project led by an academic researcher to graduate within CNCF. [34]

Because it was designed for easy adaptation, versions of TUF have been created in a number of programming languages. It has been independently implemented in the Go language by Flynn, an open-source platform as a service (PaaS) for running applications in production. [35] [36] [37] Implementations of TUF have also been written in Haskell, [38] Ruby [39] and Rust. [40] A Rust version called Tough [41] was created by Amazon Web Services Labs for use with on-demand cloud computing platforms and APIs . Google has also implemented a version of TUF to secure its open source operating system, Fuchsia. [20]

In 2017, an adaptation of this technology called Uptane, designed to protect computing units on automobiles, was named one of the top security inventions for 2017 by Popular Science. [42]

Related Research Articles

The following is about Virtualization development. In computing, virtualization is the use of a computer to simulate another computer. Through virtualization, a host simulates a guest by exposing virtual hardware devices, which may be done through software or by allowing access to a physical device connected to the machine.

<span class="mw-page-title-main">Oracle Linux</span> Linux distribution by Oracle

Oracle Linux is a Linux distribution packaged and freely distributed by Oracle, available partially under the GNU General Public License since late 2006. It is compiled from Red Hat Enterprise Linux (RHEL) source code, replacing Red Hat branding with Oracle's. It is also used by Oracle Cloud and Oracle Engineered Systems such as Oracle Exadata and others.

<span class="mw-page-title-main">WaveMaker</span> Low-code programming platform

WaveMaker is a Java-based low-code development platform designed for building software applications and platforms. The company, WaveMaker Inc., is based in Mountain View, California. The platform is intended to assist enterprises in speeding up their application development and IT modernization initiatives through low-code capabilities. Additionally, for independent software vendors (ISVs), WaveMaker serves as a customizable low-code component that integrates into their products.

<span class="mw-page-title-main">TurnKey Linux Virtual Appliance Library</span> Open-Source virtual appliance library

The TurnKey Linux Virtual Appliance Library is a free open-source software project which develops a range of Debian-based pre-packaged server software appliances. Turnkey appliances can be deployed as a virtual machine, in cloud computing services such as Amazon Web Services or installed in physical computers.

<span class="mw-page-title-main">Cloud Foundry</span> Open source, multi-cloud application platform as a service

Cloud Foundry is an open source, multi-cloud application platform as a service (PaaS) governed by the Cloud Foundry Foundation, a 501(c)(6) organization.

Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers. The service has both free and premium tiers. The software that hosts the containers is called Docker Engine. It was first released in 2013 and is developed by Docker, Inc.

Jason Nieh is a professor of Computer Science and co-director of the Software Systems Laboratory at Columbia University. He was the technical advisor to nine States regarding the Microsoft antitrust settlement and has been an expert witness before the United States International Trade Commission. He was Chief Scientist of Desktone, which was purchased by VMware, and currently holds the same position at CertiK.

<span class="mw-page-title-main">The Tor Project</span> Free and open-source software project for enabling anonymous communication

The Tor Project, Inc. is a 501(c)(3) research-education nonprofit organization based in Winchester, Massachusetts. It is founded by computer scientists Roger Dingledine, Nick Mathewson, and five others. The Tor Project is primarily responsible for maintaining software for the Tor anonymity network.

Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by a worldwide community of contributors, and the trademark is held by the Cloud Native Computing Foundation.

<span class="mw-page-title-main">Mirantis</span> Cloud computing software and services company

Mirantis Inc. is a Campbell, California, based B2B open source cloud computing software and services company. Its primary container and cloud management products, part of the Mirantis Cloud Native Platform suite of products, are Mirantis Container Cloud and Mirantis Kubernetes Engine. The company focuses on the development and support of container and cloud infrastructure management platforms based on Kubernetes and OpenStack. The company was founded in 1999 by Alex Freedland and Boris Renski. It was one of the founding members of the OpenStack Foundation, a non-profit corporate entity established in September, 2012 to promote OpenStack software and its community. Mirantis has been an active member of the Cloud Native Computing Foundation since 2016.

<span class="mw-page-title-main">Apache Mesos</span> Software to manage computer clusters

Apache Mesos is an open-source project to manage computer clusters. It was developed at the University of California, Berkeley.

<span class="mw-page-title-main">BOSH (software)</span>

BOSH is an open-source software project that offers a toolchain for release engineering, software deployment and application lifecycle management of large-scale distributed services. The toolchain is made up of a server and a command line tool. BOSH is typically used to package, deploy and manage cloud software. While BOSH was initially developed by VMware in 2010 to deploy Cloud Foundry PaaS, it can be used to deploy other software. BOSH is designed to manage the whole lifecycle of large distributed systems.

Justin Cappos is a computer scientist and cybersecurity expert whose data-security software has been adopted by a number of widely used open-source projects. His research centers on software update systems, security, and virtualization, with a focus on real-world security problems.

<span class="mw-page-title-main">Apcera</span> American cloud infrastructure company

Apcera is an American cloud infrastructure company that provides a container management platform to deploy, orchestrate and govern containers and applications across on-premises and cloud-based infrastructure.

Docker, Inc. is an American technology company that develops productivity tools built around Docker, which automates the deployment of code inside software containers. Major commercial products of the company are Docker Hub, a central repository of containers, Docker Desktop, a GUI application for Windows and Mac to manage containers. The historic offering was Docker Enterprise PaaS business, acquired by Mirantis. The company is also an active contributor to various CNCF projects, such as containerd and runC. The main open source offering of the company are Docker Engine and buildkit which are rebranded under the Moby umbrella project. The core specification, Dockerfile, still includes the company trademark, however.

Uptane is a Linux Foundation / Joint Development Foundation hosted software framework designed to ensure that valid, current software updates are installed in adversarial environments. It establishes a process of checks and balances on these electronic control units (ECUs) that can ensure the authenticity of incoming software updates. Uptane is designed for "compromise-resilience," or to limit the impact of a compromised repository, an insider attack, a leaked signing key, or similar attacks. It can be incorporated into most existing software update technologies, but offers particular support for over-the-air programming or OTA programming strategies originating from The Update Framework.

Container Linux is a discontinued open-source lightweight operating system based on the Linux kernel and designed for providing infrastructure for clustered deployments. One of its focuses was scalability. As an operating system, Container Linux provided only the minimal functionality required for deploying applications inside software containers, together with built-in mechanisms for service discovery and configuration sharing.

IBM Secure Service Container is the trusted execution environment available for IBM Z and IBM LinuxONE servers.

The Cloud Native Computing Foundation (CNCF) is a Linux Foundation project that was started in 2015 to help advance container technology and align the tech industry around its evolution.

A cloud-native network function (CNF) is a software-implementation of a function, or application, traditionally performed on a physical device, but which runs inside Linux containers. The features that differ CNFs from VNFs, one of the components of network function virtualization, is the approach in their orchestration.

References

  1. Diaz, Vladimir; et al. "The Update Framework Specification". V.1.0. SSL NYU Tandon. Retrieved 14 February 2018.
  2. "The Update Framework: A framework for securing software update systems". SSL NYU Tandon. Retrieved 13 April 2020.
  3. "The Cracking of Kernel.org". The Linux Foundation. 31 August 2011. Retrieved 1 February 2018.
  4. "Debian Investigation Report after Server Compromise". Debian.org. 2 December 2003. Retrieved 1 February 2018.
  5. "Infrastructure report, 2008-08-22 UTC 1200". Redhat.com. 22 August 2008. Retrieved 1 February 2018.
  6. Bradbury, Danny (30 October 2018). "Snakes in the grass! Malicious code slithers into Python PyPI repository". Naked Security.com. Retrieved 13 April 2020.
  7. Claburn, Thomas (26 November 2018). "Check your repos...Crypto-coin-stealing code sneaks into fairly popular NPM lib". The Register. Retrieved 13 April 2020.
  8. Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop. National Academies Press. February 2017. pp. 53–58. Retrieved 12 February 2018.
  9. Redmiles, Elissa (16 May 2017). "Installing Software Updates Makes us WannaCry". Scientific American. Retrieved 13 November 2017.
  10. Zetter, Kim (25 March 2019). "Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers". Vice.com. Retrieved 13 April 2020.
  11. Cimpanu, Catalin (10 May 2019). "Software update crashes police ankle monitors in the Netherlands". ZDNet.com. Retrieved 13 April 2020.
  12. Spring, Tom (7 November 2017). "Assessing Weaknesses in Public Key Infrastructure". Threatpost.com. Retrieved 13 February 2018.
  13. Chandra, Sourabh; Paira, Smita; Alam, Sk Safikul; Sanyal, Goutam (November 2014). "A Comparative Survey of Symmetric and Asymmetric Key Cryptography". 2014 International Conference on Electronics, Communication and Computational Engineering (ICECCE). ICECCE. pp. 83–93. doi:10.1109/ICECCE.2014.7086640. ISBN   978-1-4799-5748-4.
  14. Kuppusamy, Trishank Karthik; Torres-Arias, Santiago; Diaz, Vladimir; Cappos, Justin (March 2016). Diplomat: Using Delegations to Protect Community Repositories. Usenix. pp. 567–581.
  15. "FoundriesFactory TUF Keys Rotation". foundries.io. 2020-03-05. Retrieved 2023-08-17.
  16. "Signing images for trusted content". IBM Cloud Docs. 13 February 2020. Retrieved 13 April 2020.
  17. "VMware". www.vmware.com. VMware. Archived from the original on May 12, 2023. Retrieved 13 May 2023.
  18. "DigitalOcean". www.digitalocean.com. DigitalOcean. Archived from the original on May 12, 2023. Retrieved 13 May 2023.
  19. 1 2 "Content trust in Azure Container Registry". Microsoft. 6 September 2019. Retrieved 13 April 2020.
  20. 1 2 "Fuchsia Project". Google. 2 April 2020. Retrieved 13 April 2020.
  21. "AWS Tough Repository". Amazon. 9 April 2020. Retrieved 13 April 2020.
  22. "New releases for a new year". Leap Encryption Action Project. 23 December 2014. Retrieved 13 April 2020.
  23. "Kolide Updater". Kolide. 1 November 2014. Retrieved 13 April 2020.
  24. "Docker Trusted Registry". Mirantis.com. Retrieved 13 April 2020.
  25. Sullivan, Nick (16 March 2018). "A container identity bootstrapping tool". Cloudflare Blog. Retrieved 13 April 2020.
  26. Samuel, Justin; Mathewson, Nick; Cappos, Justin; Dingledine, Roger. Survivable Key Compromise in Software Update Systems (PDF). ACM. pp. 61–72 via CCS 2010.
  27. Monica, Diogo (12 August 2015). "Introducing Docker Content Trust – Docker Blog". Blog.Docker.com. Docker. Retrieved 2 October 2016.
  28. Fulton III, Scott M. (12 August 2015). "Docker: With Content Trust, You Can Run Containers on Untrusted Networks – The New Stack". TheNewStack.io. The New Stack. Retrieved 3 October 2016.
  29. Vaughan-Nichols, Steven J. "Docker 1.8 adds serious container security ZDNet". ZDNet. CBS Interactive. Retrieved 3 October 2016.
  30. Myers, Astasia (13 February 2018). "Docker's Head of Security David Lawrence: on TUF, Notary, and the importance of software security". Medium. Retrieved 13 April 2020.
  31. Jackson, Joab (24 October 2017). "CNCF Brings Security to the Cloud Native Stack with Notary, TUF Adoption". The New Stack.
  32. Ferguson, Scott (24 October 2017). "Cloud Native Computing Foundation Adopts 2 Security Projects". Enterprise Cloud News.
  33. "Cloud Native Computing Foundation Announces TUF Graduation". CNCF. 18 December 2019. Retrieved 13 April 2020.
  34. "Cloud Native Computing Foundation Announces TUF Graduation". LWN.net. 19 December 2019. Retrieved 13 April 2020.
  35. Yegulalp, Serdar (28 July 2016). "Open source Flynn takes the headaches out of app deployment". www.Infoworld.com. IDG. Retrieved 3 October 2016.
  36. "Security – Flynn". flynn.io. Retrieved 3 October 2016.
  37. "flynn/go-tuf". www.github.com. GitHub, Inc. Retrieved 3 October 2016.
  38. "Hackable Security Alpha Release". Well-Typed.com. 8 July 2015. Retrieved 13 April 2020.
  39. Shay, Xavier (6 December 2013). "Securing RubyGems with TUF, Part 1". Medium.com. Retrieved 6 April 2018.
  40. "Rust implementation of The Update Framework (TUF)". GitHub . Retrieved 13 April 2020.
  41. "AWSlabs/Tough". GitHub . 5 November 2019. Retrieved 13 April 2020.
  42. Atherton, Kelsey D.; Feltman, Rachel (17 October 2017). "The Year's Most Important Innovations in Security". Popular Science.

Selected publications