“The Update Framework (TUF)”的意思、由来-开放百科全书

A software update, sometimes referred to as a patch, can add functionalities and address flaws in existing code.^[5] Unfortunately, in delivering updates to neutralize flaws, these systems can unintentionally introduce vulnerabilities that, in turn, can be exploited by attackers.^[6]

The key concept behind TUF is “compromise-resilience,” or the ability to limit the impact of attacks and provide a mechanism for recovery even if the software repository, or the server on which files are stored, should be compromised. TUF’s security strategy improves on existing methods based on keysigning ^[7]^[8] by incorporating strategies, such as separation of signing duties. By dividing the responsibility for authenticating a file or image, even if one party—or the repository itself—is compromised, the number of projects affected will be limited.^[9]

The technology that evolved into TUF was first developed at the University of Washington in 2009 by Justin Samuel and Justin Cappos, and its principles were first discussed in a paper Samuel and Cappos coauthored with Nick Mathewson and Roger Dingledine, researchers from The Tor Project, Inc..^[10] Since 2011, TUF has been based at New York University Tandon School of Engineering, where Cappos, working with a team of graduate students and developers, continues to supervise its development and integration initiatives.

TUF is open-source software, which means all relevant source code can be accessed free of charge at the project’s repository on [https://github.com/theupdateframework/tuf GitHub]. It is also designed to be integrated into existing update systems and using existing system languages. To date, it has been standardized in Python,^[11]^[12] and independently implemented in the Go language by Flynn, an open-source platform as a service (PaaS) for running applications in production.^[13]^[14]^[15] Implementations of TUF have also been written in [https://www.well-typed.com/blog/2015/07/hackage-security-alpha/ Haskell], Ruby,^[16] and [https://github.com/heartsucker/rust-tuf Rust].

One of the more significant earlier adoptions of TUF in the open-source community was by Docker Content Trust,^[17]^[18] an implementation of the Notary project from Docker that deploys Linux containers.^[19] Notary, which is built on TUF, can both certify the validity of the sources of Docker images, and encrypt the contents of those images.^[20] In October 2017, Notary and TUF were both adopted as hosted projects by the Linux Foundation as part of its Cloud Native Computing Foundation.^[21]^[22]

As of early 2018, the list of tech companies and organizations using TUF in production included DigitalOcean,^[23]

Cloudflare,^[26] and VMware.^[27] A full list of current and in-process integrations can be found on the [https://theupdateframework.github.io/ TUF website].

In 2017, an adaptation of this technology called Uptane, designed to protect computing units on automobiles, was named one of the top security inventions for 2017 by Popular Science.^[28]

References

1. ^{{cite web|title=The Update Framework Specification|url=https://github.com/theupdateframework/specification/blob/master/tuf-spec.md#1-introduction|publisher=SSL NYU Tandon|last1=Diaz |display-authors=etal |first1=Vladimir|version= V.1.0|accessdate=14 February 2018}}
2. ^{{cite web|title=The Cracking of Kernel.org|url=https://www.linuxfoundation.org/blog/the-cracking-of-kernel-org/|publisher=The Linux Foundation|date=31 August 2011|accessdate=1 February 2018}}
3. ^{{cite web|title=Debian Investigation Report after Server Compromise|url=https://www.debian.org/News/2003/20031202|publisher=Debian.org|date=2 December 2003|accessdate=1 February 2018}}
4. ^{{cite web|title=Infrastructure report,2008-08-22 UTC 1200|url=https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html|publisher=Redhat.com|date=22 August 2008|accessdate=1 February 2018}}
5. ^{{cite proceedings|title=Software Update as a Mechanism for Resilience and Security: Proceedings of a WorkshopThe NIST Perspective on Software Updates|url=https://www.nap.edu/read/24833/chapter/11|publisher=National Academies Press|via=|pages=53–58|date=February 2017|accessdate=12 February 2018}}
6. ^{{cite web|url=https://www.scientificamerican.com/article/why-installing-software-updates-makes-us-wannacry/|title=Installing Software Updates Makes us WannaCry|last1=Redmiles|first1=Elissa|publisher=Scientific American|date=16 May 2017|accessdate=13 November 2017}}
7. ^{{cite web|title=Assessing Weaknesses in Public Key Infrastructure|url=https://threatpost.com/assessing-weaknesses-in-public-key-infrastructure/128793/| publisher=Threatpost.com|last1=Spring|first1=Tom|date= 7 November 2017|accessdate=13 February 2018}}
8. ^{{cite proceedings|title=A Comparative Survey of Symmetric and Asymmetric Key Cryptography|url=http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7086640 |last1=Chandra|first1=Sourabh|last2=Paira|first2=Smita|last3=Alam|first3=Sk Safikul|last4=Sanyal|first4=Goutam|date=November 2014|publisher=ICECCE|pages=83–93}}
9. ^{{cite proceedings|title=Diplomat: Using Delegations to Protect Community Repositories|url=https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy|last1=Kuppusamy|first1=Trishank Karthik|last2=Torres-Arias|first2=Santiago|last3=Diaz|first3=Vladimir|last4=Cappos|first4=Justin|date=March 2016|publisher=Usenix|pages=567–581}}
10. ^{{cite proceedings|title=Survivable Key Compromise in Software Update Systems|url=https://justinsamuel.com/papers/survivable-key-compromise-ccs2010.pdf|last1=Samuel|first1=Justin|last2=Mathewson|first2=Nick|last3=Cappos|first3=Justin|last4=Dingledine|first4=Roger|publisher=ACM|pages=61–72|via=CCS 2010}}
11. ^{{cite web|title=PEP 458—Surviving a Compromise of PyPI|url=https://www.python.org/dev/peps/pep-0458/|last1=Kuppusamy|first1=Trishank Karthik|last2=Diaz|first2=Vladimir|last3=Stufft|first3=Donald|last4=Cappos|first4=Justin|date=27 September 2013|accessdate=2 April 2018}}
12. ^{{cite web|title=PEP 480—Surviving a Compromise of PyPI: The Maximum Security Model|url=https://www.python.org/dev/peps/pep-0480/|last1=Kuppusamy|first1=Trishank Karthik|last2=Diaz|first2=Vladimir|last3=Stufft|first3=Donald|last4=Cappos|first4=Justin|date=8 October 2014|accessdate=2 April 2018}}
13. ^{{cite web|last1=Yegulalp|first1=Serdar|title=Open source Flynn takes the headaches out of app deployment|url=http://www.infoworld.com/article/3101765/open-source-tools/open-source-flynn-takes-the-headaches-out-of-app-deployment.html|website=www.Infoworld.com|publisher=IDG|accessdate=3 October 2016}}
14. ^{{cite web|title=Security – Flynn|url=https://flynn.io/docs/security|website=flynn.io|accessdate=3 October 2016}}
15. ^{{cite web|title=flynn/go-tuf|url=https://github.com/flynn/go-tuf#install|website=www.github.com|publisher=GitHub, Inc.|accessdate=3 October 2016}}
16. ^{{cite web|title=Securing RubyGems with TUF, Part 1|url=https://medium.com/square-corner-blog/securing-rubygems-with-tuf-part-1-d374fdd05d85|last1=Shay|first1=Xavier|publisher=Medium.com|date=6 December 2013|accessdate=6 April 2018}}
17. ^{{cite web|last1=Monica|first1=Diogo|title=Introducing Docker Content Trust – Docker Blog|url=https://blog.docker.com/2015/08/content-trust-docker-1-8/|website=Blog.Docker.com|publisher=Docker|accessdate=2 October 2016|date=12 August 2015}}
18. ^{{cite web|title=Docker Content Trust Protects Integrity of Dockerized Content|url=http://www.cioreview.com/news/docker-content-trust-protects-integrity-of-dockerized-content-nid-8372-cid-92.html|website=www.CIOReview.com|publisher=CIO Review|accessdate=2 October 2016}}
19. ^{{cite web|last1=Fulton III|first1=Scott M.|title=Docker: With Content Trust, You Can Run Containers on Untrusted Networks – The New Stack|url=http://thenewstack.io/docker-content-trust-can-run-containers-untrusted-networks/|website=TheNewStack.io|publisher=The New Stack|accessdate=3 October 2016|date=12 August 2015}}
20. ^{{cite web|last1=Vaughan-Nichols|first1=Steven J.|title=Docker 1.8 adds serious container security ZDNet|url=http://www.zdnet.com/article/docker-1-8-adds-serious-container-security/|website=ZDNet|publisher=CBS Interactive|accessdate=3 October 2016}}
21. ^{{cite web|url=https://thenewstack.io/cncf-brings-security-cloud-native-stack-notary-tuf-adoption/|title=CNCF Brings Security to the Cloud Native Stack with Notary, TUF Adoption|last1=Jackson|first1=Joab|publisher=The New Stack|date=24 October 2017}}
22. ^{{cite web|url=http://www.enterprisecloudnews.com/author.asp?section_id=571&doc_id=737560|title=Cloud Native Computing Foundation Adopts 2 Security Projects |last1=Ferguson|first1=Scott|publisher=Enterprise Cloud News|date=24 October 2017}}
23. ^{{cite web|title=digitalcoean.com|url=https://www.digitalocean.com/|accessdate=16 March 2018}}
24. ^{{cite web|title=New releases for a new year| url=https://leap.se/en/2014/darkest-night/|publisher=Leap Encryption Access Project|date=23 December 2014|accessdate=19 October 2017}}
25. ^{{cite web|title=Kolide Updater|url=https://github.com/kolide/updater/blob/master/README.md|accessdate=16 March 2018}}
26. ^{{cite web|title=A container identity bootstrapping tool|url=https://blog.cloudflare.com/pal-a-container-identity-bootstrapping-tool/|last1=Sullivan|first1=Nick|publisher=Cloudflare blog|date=3 July 2017|accessdate=16 March 2018}}
27. ^{{cite web|title=VMware websitel|url=https://www.vmware.com/ |accessdate=16 March 2018}}
28. ^{{cite web|title=The Year's Most Important Innovations in Security|url=https://www.popsci.com/top-security-innovations-2017|last1=Atherton|first1=Kelsey D.|last2=Feltman|first2=Rachel|publisher=Popular Science|date=17 October 2017}}

References

External links

Selected publications