KubeCon + CloudNativeCon Europe 2020

One of the most pressing security problems in cloud native is the secure delivery of container images. Common solutions addressing this problem live under the assumption that a signing key, used to protect an artifact or its distribution, is kept safe. But time has shown again and again that this assumption is faulty, and that a single key loss or compromise can cause enormous damage. That is why The Update Framework (TUF) was designed not only to prevent and detect attacks, but also with risk mitigation (reducing the damage from a successful attack) as a core principle. Being the first security-focused project to graduate in the CNCF, TUF is widely used both in and outside of the cloud ecosystem. In this talk we will describe the basic architecture of TUF including how TUF protects against a variety of real-world attacks on any software distribution infrastructure. We will show how even if an organization makes a security error (a server is hacked, a private key is checked into github, etc.), TUF can bring a repository back into a secure state.