改竄して学ぶコンテナサプライチェーンセキュリティ ~コンテナイメージの完全性を目指して~/tampering-container-supplychain-security

5SBDL% !NPDIJ[VLJ վ᜵ֶͯ͠ͿίϯςφαϓϥΠνΣʔϯηΩϡϦςΟ dίϯςφΠϝʔδͷ׬શੑΛ໨ࢦͯ͠d

XIPBNJ !NPDIJ[VLJ 🌕,FJUB.PDIJ[VLJ ❤,VCFSOFUFT 🚨"GPY OPUBSBDDPPOEPH

13 "NB[PO ✅୅දతͳϦεΫΛ࣮ײ͠ରࡦͷߟ͑ํʢجૅʣΛཧղͰ͖Δ ɹɹ✔ϦεΫΛϕʔεͱͨ͠ষߏ੒ʢશέʔεʴЋʣ ɹɹ✔ϦεΫΛ౿·͑ͯରࡦͷجຊݪଇ΍۩ମతख๏ରࡦΛཧղͰ͖Δ ✅ϋϯζΦϯΛ௨ͯ͡۩ମతʹཧղͰ͖Δ ɹɹ✔खΛಈ͔͠ͳ͕Βֶ΂ΔʢϋϯζΦϯ཰͘Β͍ʣ ɹɹ✔,VCFSOFUFT޷͖Ͱ͋Ε͹ͦ͜·ͰηΩϡϦςΟʹڵຯ͕ͳ͍ਓͰ΋ָ͠ΊΔ ϦεΫ͔ΒֶͿ,VCFSOFUFTίϯςφηΩϡϦςΟ ίϯςφ։ൃऀ͕͓͓͑ͯ͘͞΂͖جૅ஌ࣝ
ίϯςφηΩϡϦςΟΛֶͿೖΓޱ 絶賛発売中!!

͸͡Ίʹ 🏁ΰʔϧ ɹɹ✅ίϯςφαϓϥΠνΣʔϯʹ͓͚ΔҰൠతͳରࡦͱҐஔ෇͚Λཧղ͢Δ ɹɹ✅ίϯςφαϓϥΠνΣʔϯͷϏϧυϓϩηεʹ͓͚ΔڴҖΛ࣮ײ͢Δ ɹɹ✅ιϑτ΢ΣΞαϓϥΠνΣʔϯηΩϡϦςΟʹ͓͚Δ୅දతͳϑϨʔϜϫʔΫΛཧղ͢Δ ⚠࿩͞ͳ͍͜ͱ ɹɹ❌ιϑτ΢ΣΞαϓϥΠνΣʔϯʹ͓͚ΔϏϧυҎ֎ʹؔ͢ΔڴҖ΍ରࡦ ɹɹ❌ϑϨʔϜϫʔΫ΍࢓༷౳ͷৄࡉɾ໢ཏతͳղઆ

஫ҙࣄ߲ ຊൃද͸αΠόʔ߈ܸΛߠఆ͢Δ΋ͷͰ͸͋Γ·ͤΜɻ ܝࡌ಺༰͸ݸਓͷݟղͰ͋Γɺॴଐ͢Δاۀ΍૊৫ͷཱ৔ɺઓུɺҙݟΛ୅ද͢Δ΋ͷͰ͸͋Γ·ͤΜɻ هࡌ͞Ε͍ͯΔձ໊ࣾɺ঎඼໊ɺ·ͨ͸αʔϏε໊͸ɺ֤ࣾͷ঎ඪొ࿥·ͨ͸঎ඪͰ͢ɻ ຊࢿྉͷ࡞੒ʹ͋ͨͬͯ͸ՄೳͳݶΓਖ਼֬ͳ৘ใΛܝࡌ͢ΔΑ͏౒Ί͍ͯ·͕͢ɺ ඞͣ͠΋ͦͷ಺༰ͷਖ਼֬ੑ͓Αͼ׬શੑΛอূ͢Δ΋ͷͰ͸͋Γ·ͤΜɻ

"HFOEB ಋೖ ɹ4PGUXBSF4VQQMZ$IBJO ɹ$POUBJOFS4VQQMZ$IBJO ɹ$POUBJOFS4VQQMZ$IBJOʹ͓͚Δ୅දతͳηΩϡϦςΟରࡦ ɹɹ4#0. 4PGUXBSF#JMMPG.BUFSJBMT ɹɹॺ໊ʹΑΔίϯςφΠϝʔδͷ৴པੑ֬อ ίϯςφαϓϥΠνΣʔϯ߈ܸσϞ
ɹঢ়گઃఆ ɹ߈ܸσϞ ɹ߈ܸ಺༰ Ϗϧυͷ׬શੑʹ޲͚ͨରࡦ ɹJOUPUP ɹɹJOUPUPͷ֓ཁ ɹɹJOUPUP"UUFTUBUJPO'SBNFXPSL ɹɹJOUPUPͷ·ͱΊ ɹ4-4" 4VQQMZDIBJO-FWFMTGPS4PGUXBSF"SUJGBDUT ɹɹ4-4"ͷ֓ཁ ɹɹ#VJME5SBDL ɹɹ4-4"ͷ·ͱΊ ɹɹ4-4"ʹج࣮ͮ͘૷ྫ ·ͱΊ

4PGUXBSF4VQQMZ$IBJO ιϑτ΢ΣΞͷ։ൃ͕։࢝͞Ε͔ͯΒ഑෍͞ΕΔ·ͰͷϥΠϑαΠΫϧશମΛࢦ͢ݴ༿ɻ ιϑτ΢ΣΞαϓϥΠνΣʔϯ͸ɺ૊৫ͷ಺֎Ͱιϑτ΢ΣΞͷ։ൃͱఏڙʹߩݙ͢Δ ͢΂ͯͷίʔυɺਓɺγεςϜɺϓϩηεͰߏ੒͞Ε·͢ɻ IUUQTDMPVEHPPHMFDPNTPGUXBSFTVQQMZDIBJOTFDVSJUZEPDTPWFSWJFX IMKB Build Run Producer Source
Code Dependencies Distribute Consumer Artifact

4PGUXBSF4VQQMZ$IBJO Build Run Producer Source Code Dependencies Distribute Consumer αϓϥΠνΣʔϯʹ͓͚ΔηΩϡϦςΟରࡦʹ͓͍ͯ͸ɺ
αϓϥΠνΣʔϯΛߏ੒͢Δશͯͷཁૉʹ͓͍ͯڴҖ͕ൃੜ͢ΔϦεΫ Λߟྀ͢Δඞཁ͕͋Γ·͢ɻ Artifact IUUQTDMPVEHPPHMFDPNTPGUXBSFTVQQMZDIBJOTFDVSJUZEPDTPWFSWJFX IMKB

$POUBJOFS4VQQMZ$IBJO ʮΞϓϦέʔγϣϯΛίϯςφͱͯ͠,VCFSOFUFTʹσϓϩΠ͢Δʯͱ͍͏έʔε͸ɺ ҎԼͷΑ͏ͳαϓϥΠνΣʔϯͱଊ͑Δ͜ͱ͕Ͱ͖·͢ɻ ˞࣮ࡍʹ͸.BOJGFTU΍)FMN$IBSUͳͲ΋ߟྀ͢Δඞཁ͕͋Γ·͕͢ɺ͜͜Ͱ͸είʔϓ֎ͱ͠·͢ɻ Container Image Build Producer Source Code
Dockerfile Dependencies Container Registry Base Image Container Image Run on Kubernetes

$POUBJOFS4VQQMZ$IBJOʹ͓͚Δ୅දతͳηΩϡϦςΟରࡦ ✅৴པͰ͖ΔϕʔεΠϝʔδͷར༻ ɹɹ✔ެࣜʹ؅ཧ͞ΕΔΠϝʔδ͸ҰൠతʹϦεΫҼࢠؚ͕·ΕΔՄೳੑ͕௿͍ ҆શͱ͍͏༁Ͱ͸ͳ͍ ɹɹɹɹ🛠%PDLFS0 ff i DJBM*NBHF (PMEFO*NBHF
✅ίϯςφΠϝʔδͷ࠷খԽ ɹɹ✔ΠϝʔδαΠζΛখ͘͢͞Δ͜ͱͰϦεΫҼࢠؚ͕·ΕΔՄೳੑΛԼ͛Δ ɹɹɹɹ🛠%JTUSPMFTT 4DSBUDI .VMUJTUBHFCVJMET ✅ίϯςφΠϝʔδͷεΩϟϯ ɹɹ✔ίϯςφΠϝʔδΛεΩϟϯ͢Δ͜ͱͰΠϝʔδʹؚ·ΕΔ੬ऑੑ΍ઃఆ্ͷෆඋΛݕ஌ ɹɹɹɹ🛠5SJWZ $MBJS %PDLMF IBEPMJOU ✅4#0.ͷ׆༻˞࣍εϥΠυҎ߱Ͱղઆ ɹɹ✔ιϑτ΢ΣΞߏ੒ίϯϙʔωϯτҰཡΛ੬ऑੑݕ஌΍ϥΠηϯε؅ཧʹ׆༻ 4#0.ͦͷ΋ͷ͕ηΩϡϦςΟରࡦʹ͋ͨΔΘ͚Ͱ͸ͳ͍ ɹɹɹɹ🛠TZGU 5SJWZ HSZQF ✅ίϯςφΠϝʔδ΁ͷॺ໊˞࣍εϥΠυҎ߱Ͱղઆ ɹɹ✔ίϯςφΠϝʔδΛΞοϓϩʔυ͢Δࡍʹॺ໊Λߦ͏͜ͱͰ৴པੑΛ֬อ ɹɹɹɹ🛠$PTJHO /PUBUJPO

4#0. 4PGUXBSF#JMMPG.BUFSJBMT ۙ೥ιϑτ΢ΣΞαϓϥΠνΣʔϯηΩϡϦςΟͷจ຺Ͱɺ4#0. 4PGUXBSF#JMMPG.BUFSJBMT ͱ͍͏ݴ༿͕Α͘ొ৔͠·͢ɻ 4#0.͸ιϑτ΢ΣΞΛߏ੒͢Δίϯϙʔωϯτ FHґଘؔ܎ɺϑΝΠϧ ΛϦετԽͨ͠΋ͷͰɺ ͦΕࣗମ͕ԿΒ͔ͷηΩϡϦςΟରࡦʹͳΔͱ͍͏༁Ͱ͸͋Γ·ͤΜɻ
Ұൠతʹ͸੬ऑੑݕࠪ΍ϥΠηϯεͷௐࠪͳͲʹར༻͞Ε·͢ɻ

4#0. 4PGUXBSF#JMMPG.BUFSJBMT \ TQEY7FSTJPO41%9 EBUB-JDFOTF$$ 41%9*%41%93FG%0$6.&/5 OBNFHIDSJPNPDIJ[VLJDOEXEFNPBQQ
QBDLBHFT< \ OBNFTUEMJC 41%9*%41%93FG1BDLBHFHPNPEVMFTUEMJCDBFDCECGBB WFSTJPO*OGPHP TVQQMJFS/0"44&35*0/ EPXOMPBE-PDBUJPO/0"44&35*0/ fi MFT"OBMZ[FEGBMTF TPVSDF*OGPBDRVJSFEQBDLBHFJOGPGSPNHPNPEVMFJOGPSNBUJPOBQQ MJDFOTF$PODMVEFE/0"44&35*0/ MJDFOTF%FDMBSFE#4%$MBVTF DPQZSJHIU5FYU/0"44&35*0/ FYUFSOBM3FGT< > fi MFT< \ fi MF/BNFBQQ 41%9*%41%93FG'JMFBQQBDBDFC fi MF5ZQFT< "11-*$"5*0/ #*/"3: > DIFDLTVNT< ^ > ^ TZGUͰੜ੒ͨ͠ίϯςφΠϝʔδͷ4#0. 41%9 ίϯςφΠϝʔδͷ৔߹͸TZGU΍5SJWZͳͲΛ༻͍Δ͜ͱͰ4#0.Λੜ੒͢Δ͜ͱ͕Ͱ͖·͢ɻ IUUQTHJUIVCDPNBODIPSFTZGU IUUQTUSJWZEFWWEPDTTVQQMZDIBJOTCPN

ॺ໊ʹΑΔίϯςφΠϝʔδͷ৴པੑ֬อ ίϯςφΠϝʔδΛΞοϓϩʔυ͢Δࡍʹൿີ伴Ͱॺ໊Λߦ͍ɺ࢖༻࣌ʹެ։伴ͰݕূΛߦ͏͜ͱͰɺ ֘౰Πϝʔδ͕ൿີ伴ͷॴ༗ऀ FH։ൃऀ ʹΑͬͯΞοϓϩʔυ͞Εͨ΋ͷͰ͋Δ͜ͱ Λ֬ೝͰ͖·͢ ˞ ɻ ͜ͷΑ͏ͳରࡦ͸ɺϨδετϦ্ͰͷίϯςφΠϝʔδͷվ᜵΍5ZQP4RVBUUJOHͳͲͷڴҖʹ༗ޮͰ͢ɻ ˞ͨͩ͠Ϗϧυ͞ΕͨίϯςφΠϝʔδͷ׬શੑ͕อূ͞Ε͍ͯΔલఏ
Signed Image Container Registry Exploited Image Developer Private Key Public Key Consumer Attacker Sign Verify

ॺ໊ʹΑΔίϯςφΠϝʔδͷ৴པੑ֬อ ίϯςφαϓϥΠνΣʔϯʹ౰ͯ͸ΊΔͱɺͦΕͧΕҎԼͷՕॴͰॺ໊ٴͼݕূΛߦ͏͜ͱʹͳΓ·͢ɻ Container Image Build Producer Source Code Dockerfile Dependencies
Container Registry Base Image Container Image Run on Kubernetes Sign Verify Admission Webhook(※) ˞,ZWFSOP 4JHTUPSF1PMJDZ$POUSPMMFS CI/CD

4JHTUPSF$PTJHO ίϯςφΠϝʔδͷॺ໊ɾݕূΛߦ͏୅දతͳπʔϧͱͯ͠$PTJHO͕͋Γ·͢ɻ ✅0QFO4PVSDF4FDVSJUZ'PVOEBUJPO 0QFO44' ʹؚ·ΕΔ4JHTUPSF1SPKFDU͕ఏڙ ✅ίϯςφΠϝʔδΛ͸͡Ί༷ʑͳ"SUJGBDUͷॺ໊ɾݕূʹར༻Մೳ ✅,VCFSOFUFTΛ͸͡Ίͱ༷ͨ͠ʑͳ044ͷॺ໊ʹར༻ ɹɹIUUQTLVCFSOFUFTJPEPDTUBTLTBENJOJTUFSDMVTUFSWFSJGZTJHOFEBSUJGBDUT ✅,FZMFTT4JHOJOH 0*%$JEFOUJUZUPLFOΛ࢖༻ͯ͠ॺ໊
IUUQTEPDTTJHTUPSFEFWDPTJHOTJHOJOHPWFSWJFX

ࢀߟ 4JHTUPSF$PTJHO $PTJHOʹΑΔॺ໊ɾݕূͷྫ DPTJHOTJHOLFZDPTJHOLFZ3&(*453:TBNQMFJNBHF!%*(&45 DPTJHOWFSJGZLFZDPTJHOQVC3&(*453:TBNQMFJNBHFNBJO 7FSJ fi DBUJPOGPSHIDSJPTBNQMFJNBHFNBJO 5IFGPMMPXJOHDIFDLTXFSFQFSGPSNFEPOFBDIPGUIFTFTJHOBUVSFT
5IFDPTJHODMBJNTXFSFWBMJEBUFE &YJTUFODFPGUIFDMBJNTJOUIFUSBOTQBSFODZMPHXBTWFSJ fi FEP ff l JOF 5IFTJHOBUVSFTXFSFWFSJ fi FEBHBJOTUUIFTQFDJ fi FEQVCMJDLFZ DSBOFMT3&(*453:TBNQMFJNBHF NBJO %*(&45TJH ॺ໊ IUUQTEPDTTJHTUPSFEFWDPTJHOTJHOJOHTJHOJOH@XJUI@DPOUBJOFSTTJHOXJUIBMPDBMLFZQBJS ݕূ IUUQTEPDTTJHTUPSFEFWDPTJHOWFSJGZJOHWFSJGZ 秘密鍵で署名署名情報がレジストリに登録される公開鍵で検証

ࢀߟ 4JHTUPSF$PTJHO $PTJHOʹΑΔॺ໊ɾݕূͷྫ ,FZMFTT4JHOJOH ൿີ伴ɾެ։伴Λ௚઀࢖༻ͤͣɺ0*%$ೝূʹΑΓੜ੒ͨ͠&QIFNFSBM,FZͰॺ໊ɾݕূΛߦ͏࢓૊Έɻ DPTJHOTJHO3&(*453:TBNQMFJNBHF!%*(&45 DPTJHOWFSJGZ3&(*453:TBNQMFJNBHF!%*(&45a DFSUJ
fi DBUFJEFOUJUZ0*%$*%&/5*5:a DFSUJ fi DBUFPJEDJTTVFS0*%$*446&3 ॺ໊ IUUQTEPDTTJHTUPSFEFWDPTJHOTJHOJOHPWFSWJFX ݕূ IUUQTEPDTTJHTUPSFEFWDPTJHOWFSJGZJOHWFSJGZLFZMFTTWFSJ fi DBUJPOVTJOHPQFOJEDPOOFDU 署名を行う際にOIDC認証を実施 📝$PTJHOʹΑΔॺ໊ݕূͱ4JHTUPSFͷશମ૾ IUUQTTSFBLFDPNCMPHTJHOBUVSFWFSJ fi DBUJPOCZDPTJHOBOETJHTUPSF

$POUBJOFS4VQQMZ$IBJOʹ͓͚Δ୅දతͳηΩϡϦςΟରࡦ ͜͜·ͰͷରࡦͰΧόʔͰ͖͍ͯΔൣғ͸ҎԼͷ௨ΓͰ͢ɻ Container Image Build Producer Source Code Dockerfile Dependencies
Container Registry Base Image Container Image Run on Kubernetes 最小化・スキャンにより脆弱性の混入を防止安全なイメージを使用することで脆弱性の混入を防止署名・検証により不正なイメージの使用を防止 Dockerfileのスキャンにより設定不備を防止

$POUBJOFS4VQQMZ$IBJOʹ͓͚Δ୅දతͳηΩϡϦςΟରࡦ Ұํ͜͜·ͰͷରࡦͰ͸ɺίϯςφΠϝʔδͷϏϧυ͕ਖ਼࣮͘͠ߦ͞Ε͔ͨʹ͍ͭͯ͸ ΧόʔͰ͖͍ͯ·ͤΜɻ ຊηογϣϯͰ͸͜ͷ෦෼ʹ஫໨͠·͢ɻ Container Image Build Producer Source Code
Dockerfile Dependencies Container Registry Base Image Container Image Run on Kubernetes ビルドが正しく実行されたか

ঢ়گઃఆ 8FCΞϓϦέʔγϣϯͷίϯςφΠϝʔδΛϏϧυ͠ɺ,VCFSOFUFTʹ1PEͱͯ͠σϓϩΠ͢Δ αϓϥΠνΣʔϯʹ͓͍ͯɺίϯςφΠϝʔδ͕վ᜵͞ΕΔσϞΛߦ͍·͢ɻ ओͳεςοϓ͸ҎԼͷ௨ΓͰ͢ɻ ɹɹᶃίϯςφΠϝʔδΛϏϧυ͠ίϯςφϨδετϦʹΞοϓϩʔυ ɹɹᶄίϯςφΠϝʔδ΁ͷॺ໊Λ࣮ࢪ ɹɹᶅॺ໊ͷݕূΛ࣮ࢪ ɹɹᶆ,VCFSOFUFTʹ1PEͱͯ͠σϓϩΠ ˞ࠓճ੬ऑੑεΩϟϯ͸লུ͍ͯ͠·͕͢ɺϏϧυͨ͠ίϯςφΠϝʔδͷ੬ऑੑεΩϟϯͷ݁Ռ͔Β͸ಛʹҟৗ͸ݕग़͞Εͳ͍΋ͷͱ͠·͢ɻ Container
Image Build Producer Source Code Dockerfile Container Registry Container Image Run on Kubernetes Sign Verify

߈ܸσϞ ࠓճͷσϞͰ͸(PݴޠͰ࣮૷ͨ͠γϯϓϧͳ8FCΞϓϦέʔγϣϯΛར༻͠·͢ɻ ϓϩδΣΫτϑΥϧμʹ͸ιʔείʔυʹՃ͑ɺίϯςφΠϝʔδΛϏϧυ͢ΔͨΊͷ%PDLFS fi MFͱ ,VCFSOFUFTʹ1PEΛσϓϩΠ͢ΔͨΊͷNBOJGFTUZBNMؚ͕·Ε͍ͯ·͢ɻ Container Image Build Producer
Source Code Dockerfile Container Registry Container Image Run on Kubernetes Sign Verify USFFDOEXEFNPBQQ DOEXEFNPBQQ ᵓᴷᴷ%PDLFS fi MF ᵓᴷᴷHPNPE ᵓᴷᴷNBJOHP ᵓᴷᴷNBOJGFTUZBNM ᵋᴷᴷ3&"%.&NE

߈ܸσϞ NBJOHP ׌֑֊֛֪ս◷∁ՂՊմ׃֥֝ך֚ս懴▔ USFFDOEXEFNPBQQ DOEXEFNPBQQ ᵓᴷᴷ%PDLFS fi MF ᵓᴷᴷHPNPE ᵓᴷᴷNBJOHP
ᵓᴷᴷNBOJGFTUZBNM ᵋᴷᴷ3&"%.&NE Container Image Build Producer Source Code Dockerfile Container Registry Container Image Run on Kubernetes Sign Verify QBDLBHFNBJO JNQPSU GNU JP MPH OFUIUUQ GVODNBJO \ IBOEMFS'VODGVOD XIUUQ3FTQPOTF8SJUFS S IUUQ3FRVFTU \ JP8SJUF4USJOH X ❄8FMDPNFUP$MPVE/BUJWF%BZT8JOUFS❄aO ^ IUUQ)BOEMF'VOD IBOEMFS'VOD GNU1SJOUMO 4UBSU-JTUFOJOH MPH'BUBM IUUQ-JTUFO"OE4FSWF OJM ^ HTTPリクエストを受信したら特定のメッセージを返す

߈ܸσϞ '30.HPMBOH"4CVJME 803,%*3HPTSDBQQ $01: 36/HPNPEEPXOMPBE 36/$(0@&/"#-&%HPCVJMEPHPCJOBQQ '30.HDSJPEJTUSPMFTTTUBUJDEFCJBO $01:GSPNCVJMEHPCJOBQQ &9104& $.%<BQQ>
%PDLFS fi MF Container Image Build Producer Source Code Dockerfile Container Registry Container Image Run on Kubernetes Sign Verify USFFDOEXEFNPBQQ DOEXEFNPBQQ ᵓᴷᴷ%PDLFS fi MF ᵓᴷᴷHPNPE ᵓᴷᴷNBJOHP ᵓᴷᴷNBOJGFTUZBNM ᵋᴷᴷ3&"%.&NE

߈ܸσϞ NBOJGFTUZBNM Container Image Build Producer Source Code Dockerfile Container
Registry Container Image Run on Kubernetes Sign Verify USFFDOEXEFNPBQQ DOEXEFNPBQQ ᵓᴷᴷ%PDLFS fi MF ᵓᴷᴷHPNPE ᵓᴷᴷNBJOHP ᵓᴷᴷNBOJGFTUZBNM ᵋᴷᴷ3&"%.&NE BQJ7FSTJPOW LJOE1PE NFUBEBUB OBNFDOEXEFNPBQQ MBCFMT BQQDOEXEFNPBQQ TQFD DPOUBJOFST OBNFBQQ JNBHF3&(*453:DOEXEFNPBQQW JNBHF1VMM1PMJDZ"MXBZT BQJ7FSTJPOW LJOE4FSWJDF NFUBEBUB OBNFDOEXEFNPBQQ MBCFMT BQQDOEXEFNPBQQ TQFD TFMFDUPS BQQDOEXEFNPBQQ UZQF-PBE#BMBODFS QPSUT QSPUPDPM5$1 QPSU UBSHFU1PSU Podをデプロイ外部公開

߈ܸσϞ ίϯςφΠϝʔδΛϏϧυ͠ɺϨδετϦʹΞοϓϩʔυ͠·͢ɻ Container Image Build Producer Source Code Dockerfile Container
Registry Container Image Run on Kubernetes Sign Verify EPDLFSCVJMEOPDBDIFU3&(*453:DOEXEFNPBQQW EPDLFSQVTI3&(*453:DOEXEFNPBQQW

߈ܸσϞ $PTJHOΛར༻ͯ͠ίϯςφΠϝʔδʹॺ໊Λߦ͍·͢ɻ ͜͜Ͱ͸ࣄલʹ༻ҙͨ͠ൿີ伴Λ࢖༻͍ͯ͠·͢ɻ Container Image Build Producer Source Code Dockerfile
Container Registry Container Image Run on Kubernetes Sign Verify *."(&@%*(&45 DSBOFEJHFTU3&(*453:DOEXEFNPBQQW DPTJHOTJHOZLFZDPTJHOLFZ3&(*453:DOEXEFNPBQQ!*."(&@%*(&45

߈ܸσϞ ίϯςφϨδετϦΛ֬ೝ͠·͢ɻ ίϯςφΠϝʔδʹՃ͑ͯॺ໊৘ใ %*(&45TJH ͕อଘ͞Ε͍ͯΔ͜ͱ͕֬ೝͰ͖·͢ɻ Container Image Build Producer Source
Code Dockerfile Container Registry Container Image Run on Kubernetes Sign Verify DSBOFMT3&(*453:DOEXEFNPBQQ W TIBFETJH

߈ܸσϞ ,VCFSOFUFTʹ1PEΛσϓϩΠ͢Δͷʹઌཱͪɺ࢖༻͢ΔίϯςφΠϝʔδͷॺ໊Λݕূ͠·͢ɻ ͜͜Ͱ͸ॺ໊ʹ༻͍ͨൿີ伴ʹରԠ͢Δެ։伴Λ࢖༻͍ͯ͠·͢ɻ ॺ໊ݕূʹ੒ޭͨ͜͠ͱΛ౿·͑ɺ͜ͷΠϝʔδ͸ਖ਼౰ͳΠϝʔδͰ͋Δͱ൑அͰ͖·͢ɻ ˞ॺ໊ݕূʹ,VCFSOFUFTͷ"ENJTTJPO8FCIPPLΛ༻͍Δ͜ͱ΋Ͱ͖·͢ɻ Container Image Build Producer Source
Code Dockerfile Container Registry Container Image Run on Kubernetes Sign Verify DPTJHOWFSJGZLFZDPTJHOQVC3&(*453:DOEXEFNPBQQW 7FSJ fi DBUJPOGPS3&(*453:DOEXEFNPBQQW 5IFGPMMPXJOHDIFDLTXFSFQFSGPSNFEPOFBDIPGUIFTFTJHOBUVSFT 5IFDPTJHODMBJNTXFSFWBMJEBUFE &YJTUFODFPGUIFDMBJNTJOUIFUSBOTQBSFODZMPHXBTWFSJ fi FEP ff l JOF 5IFTJHOBUVSFTXFSFWFSJ fi FEBHBJOTUUIFTQFDJ fi FEQVCMJDLFZ

߈ܸσϞ LVCFDUMBQQMZGNBOJGFTUZBNM QPEDOEXEFNPBQQDSFBUFE TFSWJDFDOEXEFNPBQQDSFBUFE LVCFDUMHFUBMMMBQQDOEXEFNPBQQ /".&3&"%:45"5643&45"354"(& QPEDOEXEFNPBQQ3VOOJOHN /".&5:1&$-645&3*1&95&3/"-*11035 4 "(&
TFSWJDFDOEXEFNPBQQ-PBE#BMBODFS&95&3/"-@*15$1N ,VCFSOFUFTʹ1PEΛσϓϩΠ͠֎෦ʹެ։͠·͢ɻ Container Image Build Producer Source Code Dockerfile Container Registry Container Image Run on Kubernetes Sign Verify

߈ܸσϞ IUUQDOEXEFNPBQQFYBNQMFDPN σϓϩΠͨ͠1PEʹ8FCϒϥ΢βͰΞΫηε͢Δͱɺظ଴௨Γιʔείʔυʹ࣮૷ͨ͠ϝοηʔδ͕ දࣔ͞Ε·͢ɻ

߈ܸσϞ IUUQDOEXEFNPBQQFYBNQMFDPNFYQMPJU ͔͠͠FYQMPJUͱ͍͏ύεʹΞΫηεͯ͠ΈΔͱɺ ҎԼͷΑ͏ʹ࣮૷֮ͨ͑͠ͷͳ͍ϝοηʔδ͕දࣔ͞ΕΔ͜ͱ͕֬ೝͰ͖·͢ɻ ࠓճ͸ϝοηʔδ͕දࣔ͞ΕΔ͚ͩͰ͕͢ɺόοΫυΞͳͲߋͳΔ߈ܸʹܨ͛ΔͨΊͷॲཧ͕ ࠞೖ͞ΕΔՄೳੑ΋͋Γ·͢ɻ

߈ܸ಺༰ Container Image Build Producer Source Code Dockerfile Container Registry
Container Image Run on Kubernetes Sign Verify 攻撃者はビルド環境にマルウェアを仕込んだ改竄されたコンテナイメージがBuild&Push&Signされた Tampering ビルドプロセスを検知してソースコードを改竄 ࠓճͷσϞͰ͸ɺίϯςφΠϝʔδͷϏϧυ؀ڥʹϚϧ΢ΣΞ͕࢓ֻ͚ΒΕ͍ͯ·ͨ͠ɻ ͜ͷϚϧ΢ΣΞ͸ίϯςφΠϝʔδͷϏϧυϓϩηεΛվ᜵ͯ͠ѱҙͷ͋ΔιʔείʔυΛࠞೖ ͢Δ΋ͷͰɺࠓճ࣮ࢪͨ͠ରࡦͰ͸ରԠ͖͠Ε·ͤΜͰͨ͠ɻ

ࠓճͷσϞͰ͸ɺίϯςφΠϝʔδͷϏϧυ؀ڥʹϚϧ΢ΣΞ͕࢓ֻ͚ΒΕ͍ͯ·ͨ͠ɻ ͜ͷϚϧ΢ΣΞ͸ίϯςφΠϝʔδͷϏϧυϓϩηεΛվ᜵ͯ͠ѱҙͷ͋ΔιʔείʔυΛࠞೖ ͢Δ΋ͷͰɺࠓճ࣮ࢪͨ͠ରࡦͰ͸ରԠ͖͠Ε·ͤΜͰͨ͠ɻ ߈ܸ಺༰ Container Image Build Producer Source Code
Dockerfile Container Registry Container Image Run on Kubernetes Sign Verify 攻撃者はビルド環境にマルウェアを仕込んだ Tampering ビルドプロセスを検知してソースコードを改竄 TVEPCVJMEFYQMPJUMPHMFWFMEFNPDPOUBJOFS 👀ϏϧυϓϩηεΛ؂ࢹ ‼HPCVJMEϓϩηεΛݕग़ 1*% 📁NBJOHPΛൃݟύεQSPDSPPUHPTSDBQQNBJOHP 😎৐ͬऔ͍͎ͬͯ͘ʂʂ 🐛NBMJDJPVTDPEFΛNBJOHPʹ஫ೖ͠·ͨ͠ 👿΍ͬͨͥʂʂ ⌛Ϗϧυϓϩηε׬ྃΛ଴ػத 1*% ✅Ϗϧυϓϩηε׬ྃ 1*% コンテナのビルドプロセスを検知したら Malicious Codeを挿入改竄されたコンテナイメージがBuild&Push&Signされた

ࢀߟ 4PMBS8JOETࣄ݅ IUUQTQJZPMPHIBUFOBEJBSZKQFOUSZ ೥ʹ4PMBS8JOETࣾͷϏϧυϓϥοτϑΥʔϜʹϚϧ΢ΣΞ͕ࠞೖ͞Εͨɻ Ϗϧυϓϩηεʹ͓͍ͯιʔείʔυͷվ᜵͕ߦΘΕɺਖ਼نͷϑΝΠϧ ॺ໊෇ ͱͯ͠Ϣʔβʔʹ ഑෍͞Εͨɻ ถࠃ੓෎ػؔΛؚΊଟ͘ͷϢʔβʔ͕ඃ֐Λड͚ͨͱݴΘΕ͍ͯΔɻ
˞૝૾ਤ Artifact (with SUNBURST) Build Sign Artifact SUNPOT Tampering Artifact Source Code Build Platform Repository User Environment Orin Platform SUNBURST (Back Door)

ࢀߟ 4PMBS8JOETࣄ݅ ͜ͷࣄྫΛड͚ͯɺ4PMBS8JOETࣾͰ͸େ͖ͭ͘ͷରࡦΛ࣮ࢪͨ͠ͱ͍͏৘ใ͕ެ։͞Ε͍ͯ·͢ɻ ✅#BTFUIFTZTUFNPOFQIFNFSBMPQFSBUJPOT⭐ ✅1SPEVDFEFUFSNJOJTUJDBSUJGBDUT ✅#VJMEJOQBSBMMFM ✅7FSJGZFWFSZCVJMETUFQ⭐ ⭐ຊηογϣϯʹؔ࿈ 📝4PMBS8JOET"JNTUP4FU/FX4UBOEBSEJO4PGUXBSF%FWFMPQNFOU8JUI/FYU(FOFSBUJPO#VJME4ZTUFN
ɹɹIUUQTXXXTPMBSXJOETDPNCMPHTFUUJOHUIFOFXTUBOEBSEJOTFDVSFTPGUXBSFEFWFMPQNFOU 📝4FUUJOHUIF/FX4UBOEBSEJO4FDVSF4PGUXBSF%FWFMPQNFOU5IF4PMBS8JOET/FYU(FOFSBUJPO#VJME4ZTUFN ɹɹIUUQTBSDIJWFPQFOHPWBTJBDPNXQDPOUFOUVQMPBET4FUUJOHUIF/FX4UBOEBSEJO4FDVSF4PGUXBSF%FWFMPQNFOU5IF4PMBS8JOET/FYU(FOFSBUJPO#VJME4ZTUFNQEG 📝)PX4PMBS8JOETJT6TJOH0QFO4PVSDFUP4FDVSF5IFJS4VQQMZ$IBJOJOUIF8BLFPGUIF4VOCVSTU)BDL ɹɹIUUQTTVQQMZDIBJOTFDVSJUZDPOOBTDIFEDPNFWFOUO4

Ϗϧυͷ׬શੑʹ޲͚ͨରࡦ Ϗϧυεςοϓʹର͢Δ߈ܸ͸ɺେ͖͘෼͚ͯҎԼͭͷύλʔϯʹ෼͚ΒΕ·͢ɻ ઌ΄Ͳͷ߈ܸσϞ͸ύλʔϯᶄͷέʔε ɹᶃϏϧυͷೖྗͱͯ͠ظ଴ͱ͸ҟͳΔೖྗ͕࢖༻͞ΕΔύλʔϯ FH5IF(SFBU4VTQFOEFS ɹᶄϏϧυ࣮ߦ࣌ʹίϚϯυ΍ιʔείʔυ౳ͷվ᜵͕ߦΘΕΔύλʔϯ FH4PMBS8JOET
ɹᶅϏϧυͷग़ྗͰ͋Δ੒Ռ෺Λվ᜵͞ΕΔύλʔϯ FH$PEF$PW ① ③ IUUQTTMTBEFWTQFDWUISFBUTPWFSWJFXSFBMXPSMEFYBNQMFT Build Platform Build Artifact Input Build Environment ② Ҏ߱Ͱ͸ɺ͜ͷΑ͏ͳϏϧυεςοϓͷվ᜵΁ͷରࡦͱͯ͠ɺ ιϑτ΢ΣΞαϓϥΠνΣʔϯηΩϡϦςΟͰ୅දతͳͭͷϑϨʔϜϫʔΫΛղઆ͠·͢ɻ

JOUPUP ✅ιϑτ΢ΣΞαϓϥΠνΣʔϯͷ׬શੑΛอূ͢ΔͨΊͷϑϨʔϜϫʔΫ ✅αϓϥΠνΣʔϯͷ֤εςοϓͷ࣮ߦূ੻Λه࿥ͯ͠ݕূ ✅$/$'(SBEVBUFE IUUQTJOUPUPJP

JOUPUPͷ֓ཁ JOUPUPͰ͸ɺαϓϥΠνΣʔϯͷ֤εςοϓ͕ظ଴௨Γ࣮ߦ͞Ε͔ͨʹ஫໨͠·͢ɻ 樦䞊戺յ⶿婬ՀշՊԶ犖㤿ㆥՄն#EVQTՖճյ⶿婬ՀշՊԶ犖㤿ㆥՄն֕׀ו֫Է⶿婬ՀշՊԶ犖 ⎅Ⓕי␚ⒻԷ㶃ՂԯԶ犖 Step1 Step2 Step3 Artifact

JOUPUPͷ֓ཁ JOUPUPͰ͸छྨͷϑΝΠϧΛ༻͍ͯαϓϥΠνΣʔϯͷ֤εςοϓʹ͍ͭͯه࿥ɾݕূΛߦ͏͜ͱͰ ׬શੑΛอূ͠·͢ɻ ͜ΕΒͷϑΝΠϧ͸JOUPUPͷ࢓༷ʹج͖ͮɺJOUPUP͕ఏڙ͢Δ$-*·ͨ͸"1*Λ༻͍ͯੜ੒͞Ε·͢ɻ 📄-JOLϑΝΠϧεςοϓͷ࣮ߦূ੻Λه࿥ 📄-BZPVUϑΝΠϧ-JOLϑΝΠϧʹجͮ͘αϓϥΠνΣʔϯͷݕূϧʔϧΛఆٛ Step1 Step2 Step3 Artifact
step1.link step2.link step3.link ssc.layout IUUQTHJUIVCDPNJOUPUPTQFDJ fi DBUJPOCMPCWJOUPUPTQFDNE

JOUPUPͷ֓ཁ 📄-JOLϑΝΠϧεςοϓͷ࣮ߦূ੻Λه࿥ 📄-BZPVUϑΝΠϧ-JOLϑΝΠϧʹجͮ͘αϓϥΠνΣʔϯͷݕূϧʔϧΛఆٛ -JOL ステップを実行したActor(Functionary)の署名 Step 入力 (materials) 出力 (products)
コマンドと実行結果(command/byproducts) 実行環境(environment) JOUPUPͰ͸छྨͷϑΝΠϧΛ༻͍ͯαϓϥΠνΣʔϯͷ֤εςοϓʹ͍ͭͯه࿥ɾݕূΛߦ͏͜ͱͰ ׬શੑΛอূ͠·͢ɻ ͜ΕΒͷϑΝΠϧ͸JOUPUPͷ࢓༷ʹج͖ͮɺJOUPUP͕ఏڙ͢Δ$-*·ͨ͸"1*Λ༻͍ͯੜ੒͞Ε·͢ɻ

JOUPUPͷ֓ཁ 📄-JOLϑΝΠϧεςοϓͷ࣮ߦূ੻Λه࿥ 📄-BZPVUϑΝΠϧ-JOLϑΝΠϧʹجͮ͘αϓϥΠνΣʔϯͷݕূϧʔϧΛఆٛ -BZPVU Layoutを作成したActor(Owner)の署名 ֤εςοϓ΍੒Ռ෺ͷݕূϧʔϧ FH ✔ೖྗ FYQFDUFE@NBUFSJBMT
✔࣮ߦίϚϯυ FYQFDUFE@DPNNBOE ✔ग़ྗ FYQFDUFE@QSPEVDUT ✔"DUPSͷެ։伴 -JOLϑΝΠϧͷॺ໊ݕূ༻ JOUPUPͰ͸छྨͷϑΝΠϧΛ༻͍ͯαϓϥΠνΣʔϯͷ֤εςοϓʹ͍ͭͯه࿥ɾݕূΛߦ͏͜ͱͰ ׬શੑΛอূ͠·͢ɻ ͜ΕΒͷϑΝΠϧ͸JOUPUPͷ࢓༷ʹج͖ͮɺJOUPUP͕ఏڙ͢Δ$-*·ͨ͸"1*Λ༻͍ͯੜ੒͞Ε·͢ɻ

JOUPUPͷ֓ཁ -BZPVUϑΝΠϧΛ༻͍ͯ-JOLϑΝΠϧΛݕূͨ͠ࡍɺظ଴௨ΓαϓϥΠνΣʔϯ͕࣮ߦ͞Ε͍ͯΕ͹ ݕূʹ੒ޭ͠·͢ɻ ҰํαϓϥΠνΣʔϯͷҰ෦͕ظ଴௨Γ࣮ߦ͞Εͳ͔ͬͨ৔߹͸ݕূʹࣦഊ͠վ᜵Λ ݕ஌͢Δ͜ͱ͕Ͱ͖·͢ɻ Step1 Step2 Step3 Artifact step1.link
step2.link step3.link ssc.layout 尸敒㬼屜

JOUPUPͷ֓ཁ 😈4UFQͷதͰظ଴ͱ͸ҟͳΔίϚϯυ͕࣮ߦ͞Εͨ৔߹ ɹɹ-JOLϑΝΠϧʹه࿥͞Εͨ಺༰ͱ-BZPVUϑΝΠϧͰఆٛͨ͠಺༰͕ෆҰக 😈4UFQͷؒͰϑΝΠϧͷվ᜵͕ߦΘΕͨ৔߹ ɹɹ-JOLϑΝΠϧʹه࿥͞Εͨલ4UFQͷग़ྗͱ࣍εςοϓͷೖྗͷϋογϡ͕ෆҰக Step1 Step2 Step3 Step1 Step2
Step3 Tampering step1.link step2.link step2.link Artifact Artifact Step1の出力(products) file sha256: xxxxx Step2の入力(materials) file sha256: yyyyy ファイルが編集されたことでハッシュ値が変化 Step2の実行コマンド command: yyyyy scc.layout Step1の出力がStep2の入力として使用されることを期待 ྫ͑͹JOUPUPΛ࢖༻͢Δ͜ͱͰ࣍ͷΑ͏ͳέʔεΛݕ஌͢Δ͜ͱ͕Ͱ͖·͢ɻ 㱠㱠 scc.layout Step2でxxxxxというコマンドが実行されることを期待

ࢀߟ JOUPUPͰ͸߈ܸσϞͷࣄྫ͸ݕ஌Ͱ͖ͳ͍ -JOLϑΝΠϧ͸4UFQͷೖྗɺίϚϯυɺग़ྗΛه࿥͢Δ͚ͩͳͷͰɺ ઌ΄Ͳͷ߈ܸσϞͷΑ͏ʹʮ4UFQࣗମ͸ظ଴௨Γ࣮ߦ͞Ε͕ͨ಺෦తʹվ᜵͕ߦΘΕͨʯέʔε͸ ݕ஌Ͱ͖ͳ͍఺ʹ஫ҙ͕ඞཁͰ͢ɻ Container Image Build Source
Code Dockerfile Container Image $ docker build scc.layout Step自体は期待通り実行されているコマンド実行後にソースコードを改竄期待通りの入力期待通りのコマンドを実行期待通りの出力(コンテナイメージ) (実際の中身は期待通りでない)

ࢀߟ JOUPUPEFNP ࠓճ͸JOUPUPͷ֓೦·Ͱͷઆ໌ʹཹΊ·͕ͨ͠ɺJOUPUPެࣜͰ͸ ࣮ࡍʹJOUPUPΛ࢖༻ͯ͠αϓϥΠνΣʔϯΛ࣮ߦ͢ΔσϞ͕ఏڙ͞Ε͍ͯ·͢ɻ ✅JOUPUPEFNP ɹɹIUUQTHJUIVCDPNJOUPUPEFNPCMPCNBJO3&"%.&NE

JOUPUP"UUFTUBUJPO'SBNFXPSL JOUPUP-JOLͷϑΥʔϚοτ͸ ೖྗ NBUFSJBMT ͕ॴఆͷίϚϯυ DPNNBOE ʹΑΓग़ྗ QSPEVDUT ʹม׵͞ΕΔ ͱ͍͏Ϟσϧ͕લఏʹͳ͍ͬͯΔɻ
Ϟσϧʹ߹Θͳ͍ ಛఆͷίϚϯυ΍ग़ྗ͕໌֬ԽͰ͖ͳ͍ έʔε͸දݱ͠ਏ͍ FH$*$%XPSL fl PXͷ࣮ߦূ੻ ίʔυϨϏϡʔ݁Ռ ςετ݁Ռ 4#0. \@UZQFMJOL OBNF/".& DPNNBOE$0.."/% NBUFSJBMT\ "35*'"$5@/".&)"4) ^ QSPEVDUT\ "35*'"$5@/".&)"4) ^ CZQSPEVDUT\ TUEFSS TUEPVU SFUVSOWBMVFOVMM ^ FOWJSPONFOU\ WBSJBCMFT&/7 fi MFTZTUFN'4 XPSLEJS$8% ^ ^ Step 入力 (materials) 出力 (products) コマンドと実行結果(command/byproducts) 実行環境(environment) IUUQTHJUIVCDPNJOUPUPTQFDJ fi DBUJPOCMPCWJOUPUPTQFDNE fi MFGPSNBUTOBNFLFZJEQSF fi YMJOL

JOUPUP"UUFTUBUJPO'SBNFXPSL Artifact Artifact Artifact Artifact Artifact Test Result SBOM Vulnerabilities
in-toto Link Provenance(SLSA) Signature Subject Predicate IUUQTHJUIVCDPNJOUPUP*5&CMPCNBTUFS*5&3&"%.&BEPD IUUQTHJUIVCDPNJOUPUPBUUFTUBUJPOUSFFNBJO αϓϥΠνΣʔϯʹ͓͚Δ೚ҙͷূ੻Λ"SUJGBDUͱඥ෇͚ͯදݱ͢ΔͨΊͷ ൚༻తͰ֦ுՄೳͳϑΥʔϚοτ͕*5& JOUPUP&OIBODFNFOU ͰఏҊ͞Εͨɻ

JOUPUP"UUFTUBUJPO'SBNFXPSL IUUQTHJUIVCDPNJOUPUPBUUFTUBUJPOUSFFNBJOTQFD Envelope(DSSE) payloadType QBZMPBE5ZQFBQQMJDBUJPOWOEJOUPUP KTPO payload #BTF&ODPEFE+40/ signatures Statement
_type @UZQFIUUQTJOUPUPJP4UBUFNFOUW subject QSFEJDBUF͕ඥ෇͘"SUJGBDU predicateType predicate "SUJGBDUʹؔ͢Δূ੻Λ ೚ҙͷϑΥʔϚοτͰදݱ FH4#0.JOUPUP-JOL 4-4"1SPWFOBODF JOUPUP"UUFTUBUJPOͷৄࡉ͸ҎԼͷ௨ΓͰ͢ɻ

ࢀߟ $PTJHOʹΑΔίϯςφΠϝʔδͷ"UUFTUBUJPOੜ੒ $PTJHOΛ࢖༻͢Δ͜ͱͰίϯςφΠϝʔδΛ4VCKFDUͱͯ͠೚ҙͷূ੻σʔλ͔Β"UUFTUBUJPOΛੜ੒͠ɺ ίϯςφϨδετϦʹΞοϓϩʔυͰ͖·͢ɻ IUUQTEPDTTJHTUPSFEFWDPTJHOWFSJGZJOHBUUFTUBUJPO \ CVJMEFS\ OBNFIUUQTCVJMEFSXPSL fl
PXW ^ CVJME%F fi OJUJPO\ XPSL fl PXXPSL fl PX ^ ^ QSFEJDBUFKTPO DPTJHOBUUFTUZFTLFZDPTJHOLFZQSFEJDBUFQSFEJDBUFKTPOUZQFIUUQTGPPWa 3&(*453:DPTJHOBUUFTUEFNPNBJO "UUFTUBUJPOͷੜ੒͓ΑͼίϯςφϨδετ΁ͷΞοϓϩʔυ DPTJHOEPXOMPBEBUUFTUBUJPOͰࢀরՄೳ DSBOFMT3&(*453:DPTJHOBUUFTUEFNP NBJO %*(&45BUU コンテナイメージのin-toto Attestation 任意の証跡データ(e.g. SBOM, Link, Provenance...)

✅JOUPUP ɹɹ✔ιϑτ΢ΣΞαϓϥΠνΣʔϯͷ࣮ߦূ੻Λه࿥ɾݕূ͢ΔϑϨʔϜϫʔΫ ɹɹ✔-JOLɺ-BZPVUͱ͍͏ݻ༗ͷϑΥʔϚοτΛ࢖༻ ✅JOUPUP"UUFTUBUJPO'SBNFXPSL ɹɹ✔ιϑτ΢ΣΞαϓϥΠνΣʔϯʹ͓͚Δ೚ҙͷূ੻Λ"SUJGBDUͱඥ෇͚ͯදݱ͢ΔϑΥʔϚοτ JOUPUPͷ·ͱΊ IUUQTJOUPUPJPEPDTTQFDT

4-4" 4VQQMZDIBJO-FWFMTGPS4PGUXBSF"SUJGBDUT ✅ιϑτ΢ΣΞαϓϥΠνΣʔϯηΩϡϦςΟͷϑϨʔϜϫʔΫ ✅(PPHMFͷ#JOBSZ"VUIPSJ[BUJPOGPS#PSH͕ݩʹͳ͍ͬͯΔ ✅0QFO44'*ODVCBUJOH IUUQTTMTBEFW IUUQTDMPVEHPPHMFDPNEPDTTFDVSJUZCJOBSZBVUIPSJ[BUJPOGPSCPSH IMKB

4-4"ͷ֓ཁ 4-4"Ͱ͸αϓϥΠνΣʔϯͷ͋ΒΏΔՕॴΛର৅ͱ͠ɺڴҖͱ؇࿨ࡦ ֓ཁ Λఏڙɻ ˞ͨͩ͠4-4"W࣌఺ͰશͯͷڴҖʹରԠ͍ͯ͠ΔΘ͚Ͱ͸ͳ͍ IUUQTTMTBEFWTQFDWUISFBUTPWFSWJFX

4-4"ͷ֓ཁ ͞ΒʹྖҬຖͷηΩϡϦςΟϨϕϧͱຬͨ͢΂͖ཁ݅Λ໌֬Խ͢ΔͨΊɺ 5SBDLͱ-FWFMͱ͍͏֓೦͕औΓೖΕΒΕ͍ͯΔɻ #VJME -FWFM -FWFM -FWFM -FWFM 1MBUGPSN 0QFSBUJPOT
-FWFM -FWFM -FWFM -FWFM 4PVSDF -FWFM -FWFM -FWFM -FWFM αϓϥΠνΣʔϯΛऔΓר͘ ؀ڥͷ)BSEOJOH ϦϙδτϦϦϏδϣϯͷ ৴པੑͱ׬શੑ IUUQTTMTBEFWTQFDWBCPVUIPXTMTBXPSLT IUUQTTMTBEFWTQFDWGVUVSFEJSFDUJPOT 5SBDL -FWFM Ϗϧυͷ ৴པੑͱ׬શੑ

4-4"ͷ֓ཁ 4-4"W࣌఺Ͱ͸#VJME5SBDLͷΈ͕ఆٛ͞Ε͍ͯΔɻ #VJME -FWFM -FWFM -FWFM -FWFM 1MBUGPSN 0QFSBUJPOT -FWFM
-FWFM -FWFM -FWFM 4PVSDF -FWFM -FWFM -FWFM -FWFM αϓϥΠνΣʔϯΛऔΓר͘ ؀ڥͷ)BSEOJOH ϦϙδτϦϦϏδϣϯͷ ৴པੑͱ׬શੑ IUUQTTMTBEFWTQFDWBCPVUIPXTMTBXPSLT IUUQTTMTBEFWTQFDWGVUVSFEJSFDUJPOT 5SBDL -FWFM Ϗϧυͷ ৴པੑͱ׬શੑ SLSA V1.1でカバーされている領域

4-4"ͷ֓ཁ ࠓޙ͸#VJME5SBDL-FWFM΍1MBUGPSN0QFSBUJPOTɺ4PVSDF5SBDLͳͲΧόʔൣғΛ ֦େ͍ͯ͘͜͠ͱ͕ࣔ͞Ε͍ͯΔɻ #VJME -FWFM -FWFM -FWFM -FWFM 1MBUGPSN 0QFSBUJPOT
-FWFM -FWFM -FWFM -FWFM 4PVSDF -FWFM -FWFM -FWFM -FWFM αϓϥΠνΣʔϯΛऔΓר͘ ؀ڥͷ)BSEOJOH ϦϙδτϦϦϏδϣϯͷ ৴པੑͱ׬શੑ IUUQTTMTBEFWTQFDWBCPVUIPXTMTBXPSLT IUUQTTMTBEFWTQFDWGVUVSFEJSFDUJPOT 5SBDL -FWFM Ϗϧυͷ ৴པੑͱ׬શੑ 領域の拡大深さの拡大

#VJME5SBDL IUUQTTMTBEFWTQFDWSFRVJSFNFOUT #VJME5SBDLͰ͸ҎԼͷΑ͏ͳϨϕϧ෼͚͕ߦΘΕ͍ͯΔɻ

#VJME5SBDL Ұ؏ੑͷ͋ΔϏϧυִ͕཭͞ΕͨϏϧυ؀ڥͰ࣮ߦ͞Εɺ "SUJGBDUͱͱ΋ʹ1SPWFOBODF ͲͷΑ͏ʹϏϧυ͕ߦΘΕ͔ͨͷདྷྺ ͕ੜ੒ɾ഑෍͞ΕΔ͜ͱɻ ˞ҎԼͷਤ͸4-4"#VJME.PEFMΛϕʔεʹ؆ུԽͯ͠هࡌ͍ͯ͠·͢ Build Platform Build Artifact
Provenance Input 隔離されたビルド環境ビルドの来歴を生成・配布 Control Plane 毎回決まった手順でビルド IUUQTTMTBEFWTQFDWUFSNJOPMPHZCVJMENPEFM -FWFMd શ-FWFMڞ௨ -FWFMd Build Environment

ิ଍ #VJME5SBDLͷείʔϓ 4-4"#VJME5SBDLͰ͸৴པͰ͖Δ#VJME1MBUGPSNΛલఏͱ͓ͯ͠Γ #VJME1MBUGPSNࣗମͷ৵֐ʹ͍ͭͯ͸είʔϓʹؚ·ͳ͍ɻ Ϗϧυ؀ڥͷִ཭΍1SPWFOBODFʹΑΓϏϧυϓϩηεͷ৵֐Λݕ஌ɾ๷ࢭ͢Δ͜ͱ͕໨తɻ ˞ԿΒ͔ͷϕετϓϥΫςΟεʹ४ڌ͢΂͖ͱ͍͏ݴٴ͸͋Δ IUUQTTMTBEFWTQFDWSFRVJSFNFOUTTFDVSJUZCFTUQSBDUJDFT ˞#VJME5SBDLͰ͸Ϗϧυ؀ڥͷִ཭΍1SPWFOBODFͷੜ੒ͳͲ#VJME1MBUGPSNʹٻΊΒΕΔཁ͕݅ఆΊΒΕ͍ͯΔ
Build Platform Build Artifact Provenance Input Control Plane IUUQTTMTBEFWTQFDWUFSNJOPMPHZCVJMENPEFM Build Environment Build Trackのスコープ信頼するBuild Platform

#VJME5SBDL#VJME*TPMBUJPO4USFOHUI ϏϧυϓϩηεΛ֎෦͔Βͷվ᜵ͳͲʹΑΔӨڹ͔Βอޢ͢ΔͨΊʹ͸Ϗϧυ؀ڥͷִ཭͕ॏཁɻ 4-4"-FWFMʹԠͯ͡ϏϧυΛ࣮ߦ͢Δ؀ڥʹٻΊΒΕΔִ཭Ϩϕϧ͕ҟͳΔɻ ˞-FWFM͸໌֬ʹఆٛ͞Ε͍ͯͳ͍ Ϗϧυຖʹִ཭͞Εͨ &QIFNFSBMͳ؀ڥ FH$*$% &QIFNFSBM7.$POUBJOFS Ϗϧυઐ༻ʹϗετ͞Εͨ؀ڥ FH$*$%
4IBSFE7. ࣮ߦ؀ڥ͸໰Θͳ͍ FHݸਓ։ൃ୺຤ IUUQTTMTBEFWTQFDWSFRVJSFNFOUTJTPMBUJPOTUSFOHUI Build Platform Build Platform ֎෦͔ΒӨڹΛड͚ਏ͘ӬଓԽ͠ͳ͍ -FWFM /POF -FWFM )PTUFE -FWFM *TPMBUFE

#VJME5SBDL4-4"1SPWFOBODF 4-4"#VJME5SBDLͰ͸Ϗϧυ࣌ʹ"SUJGBDUͷੜ੒ͱซͤͯɺ Ϗϧυདྷྺ 1SPWFOBODF Λੜ੒͠഑෍͢Δ͜ͱ͕ఆΊΒΕ͍ͯΔɻ 4-4"Ͱ͸4-4"1SPWFOBODFͱ͍͏ϑΥʔϚοτΛఏڙ͍ͯ͠Δɻ ˞ ˞1SPWFOBODFͷϑΥʔϚοτʹࢦఆ͸ͳ͍͕ɺ4-4"1SPWFOBODF૬౰ͷ৘ใؚ͕·Ε͍ͯΕ͹ྑ͍ ˞ݱ࣌఺Ͱͷ࠷৽όʔδϣϯ͸W͕ͩɺ௚ۙͰ͸ͭલͷW͕࢖༻͞ΕΔέʔε΋͋Δ
Provenance ビルドの入力が何であったか (e.g. リポジトリ,タグ) ビルドがどのように実行されたか (e.g. ビルドワークフロー) 誰がビルドを実行したか誰がProvenanceを生成したか IUUQTTMTBEFWTQFDWQSPWFOBODF

#VJME5SBDL4-4"1SPWFOBODF 4-4"1SPWFOBODFͷྫ 4-4"1SPWFOBODFW ˞ൈਮ CVJMEFS\ JEIUUQTHJUIVCDPNTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPSHJUIVCXPSL fl PXTHFOFSBUPS@DPOUBJOFS@TMTBZNM!SFGTUBHTW ^
CVJME5ZQFIUUQTHJUIVCDPNTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPSDPOUBJOFS!W JOWPDBUJPO\ DPO fi H4PVSDF\ VSJHJU IUUQT3&(*453:DOEXEFNPBQQ!SFGTIFBETNBJO EJHFTU\ TIBDCF ^ FOUSZ1PJOUHJUIVCXPSL fl PXTCVJMEZBNM ^ NBUFSJBMT< \ VSJHJU IUUQT3&(*453:DOEXEFNPBQQ!SFGTIFBETNBJO EJHFTU\ TIBDCF ^ ^ > ProvenanceのBuilder ビルドプロセスの種類実行されたWorkflow ビルドプロセスへの入力

#VJME5SBDL4-4"1SPWFOBODF Artifact Provenance 4-4"1SPWFOBODF͸JOUPUP"UUFTUBUJPOΛ༻͍ͯදݱ͢Δ͜ͱ͕ਪ঑͞Ε͍ͯΔɻ ͜ΕʹΑΓɺ"SUJGBDUɺ1SPWFOBODFɺ4JHOBUVSFΛͭͷϑΥʔϚοτͰแׅతʹදݱͰ͖Δɻ ˞JOUPUP"UUFTUBUJPO͸4-4"ͰఏҊ͞ΕͨϞσϧʹج͖ͮJOUPUP 4-4"౳ͷνʔϜͰڞಉ։ൃ͞Εͨͱ͍͏എܠ͕͋Δ in-toto Attesttaion Subject
Predicate Signature IUUQTTMTBEFWTQFDWBUUFTUBUJPONPEFM

#VJME5SBDL4-4"1SPWFOBODF Envelope(DSSE) payloadType QBZMPBE5ZQFBQQMJDBUJPOWOEJOUPUP KTPO payload #BTF&ODPEFE+40/ signatures Statement _type
@UZQFIUUQTJOUPUPJP4UBUFNFOUW subject QSFEJDBUF͕ඥ෇͘"SUJGBDU predicateType predicate 4-4"1SPWFOBODF QSFEJDBUF5ZQFIUUQTTMTBEFWQSPWFOBODFW

#VJME5SBDL4-4"1SPWFOBODF 4-4"1SPWFOBODFΛఏڙ͍ͯ͠ΔϓϩδΣΫτͷྫɻ ҎԼͷϓϩδΣΫτͰ͸ιϑτ΢ΣΞ όΠφϦ΍ίϯςφΠϝʔδ ͱซͤͯ1SPWFOBODFΛఏڙ ͢Δ͜ͱͰϏϧυϓϩηεΛಁ໌Խ͠ɺظ଴௨ΓϏϧυ͞Εͨ͜ͱΛݕূՄೳʹ͍ͯ͠Δɻ ✅"SHP$% IUUQTBSHPDESFBEUIFEPDTJPFOTUBCMFPQFSBUPSNBOVBMTJHOFESFMFBTFBTTFUTWFSJ fi DBUJPOPGDPOUBJOFSJNBHFXJUITMTBBUUFTUBUJPOT
✅,ZWFSOP IUUQTLZWFSOPJPEPDTTFDVSJUZWFSJGZJOHQSPWFOBODF ✅LP IUUQTLPCVJMEJOTUBMM ✅#JUOBNJ4FDVSF*NBHFT IUUQTUFDIEPDTCSPBEDPNDPNVTFOWNXBSFUBO[VCJUOBNJTFDVSFJNBHFTCJUOBNJTFDVSFJNBHFTTFSWJDFTCTJEPDTFDVSJUZGSBNFXPSLT4-4"MFWFMDPNQMJBODFIUNM ✅$IBJOHVBSE$POUBJOFST IUUQTFEVDIBJOHVBSEEFWDIBJOHVBSEDIBJOHVBSEJNBHFTIPXUPVTFWFSJGZJOHDIBJOHVBSEJNBHFTBOENFUBEBUBTJHOBUVSFTXJUIDPTJHOEPXOMPBEJOHDPOUBJOFSBUUFTUBUJPOT

-FWFM &YJTU #VJME5SBDL1SPWFOBODF(FOFSBUJPO ϏϧυདྷྺΛࣔ͢1SPWFOBODF͸׬શੑ͕ॏཁ վ᜵͞Ε͍ͯͯ͸ূ੻ͱͯ͠ҙຯΛ੒͞ͳ͍ ɻ 4-4"-FWFMʹԠͯ͡1SPWFOBODFͷݎ࿚ੑ͕ҟͳΔɻ Provenance 1SPWFOBODF͕ଘࡏ͢Δ͜ͱ 1SPWFOBODFʹॺ໊͕ߦΘΕ͍ͯΔ͜ͱ
FHॺ໊༻ൿີ伴΍1SPWFOBODF΁ͷ ΞΫηεΛ੍ݶ 1SPWFOBODFͷվ᜵͕ෆՄͰ͋Δ͜ͱ FHॺ໊༻ൿີ伴΍1SPWFOBODF΁ͷ ΞΫηεܦ࿏Λःஅ Artifact Provenance Artifact Provenance Artifact Unreachable Control Plane Control Plane Prevented IUUQTTMTBEFWTQFDWSFRVJSFNFOUTQSPWFOBODFHFOFSBUJPO Tenant Tenant -FWFM "VUIFOUJD -FWFM 6OGPSHFBCMF Build Artifact Build Provenance with Signature Build Artifact and Provenance Build Artifact Build Provenance with Signature

#VJME5SBDL1SPWFOBODF(FOFSBUJPO 4-4"1SPWFOBODFΛੜ੒͢Δπʔϧͷྫɻ $*$%ʹ૊ΈࠐΜͰ࢖༻͢Δέʔε͕جຊɻ 🛠"DUJPOTTMTBHJUIVCHFOFSBUPS 4-4"ެࣜ˞4-4"ެࣜ ɹɹIUUQTHJUIVCDPNTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPS 🛠"DUJPOTBUUFTUCVJMEQSPWFOBODF (JU)VC"DUJPOT
ɹɹIUUQTHJUIVCDPNBDUJPOTBUUFTUCVJMEQSPWFOBODF 🛠"SUJGBDUQSPWFOBODFNFUBEBUB (JU-BC3VOOFS ɹɹIUUQTEPDTHJUMBCDPNDJSVOOFSTDPO fi HVSF@SVOOFSTBSUJGBDUQSPWFOBODFNFUBEBUB 🛠5FLUPO$IBJOT 5FLUPO ɹɹIUUQTUFLUPOEFWEPDTDIBJOTTMTBQSPWFOBODF 🛠8JUOFTT $-*˞JOUPUPެࣜ ɹɹIUUQTHJUIVCDPNJOUPUPXJUOFTT

#VJME5SBDL4-4"1SPWFOBODF7FSJ fi DBUJPO 4-4"1SPWFOBODF͸ϏϧυདྷྺΛදݱͨ͠ϑΥʔϚοτʹա͗ͣɺ୯ମͰ͸ηΩϡϦςΟରࡦͱͯ͠ ҙຯΛҝ͠·ͤΜɻ 4#0.͕୯ମͰ͸ηΩϡϦςΟରࡦͱͯ͠ҙຯΛҝ͞ͳ͍ͷͱಉ͡ ͍ͣΕ΋ͦͷ಺༰͕ظ଴௨ΓͰ͋Δ͔ݕূ͢Δ͜ͱ͕ॏཁͰ͢ɻ Provenance SBOM
"SUJGBDUͷ#VJMEʹؔ͢Δ৘ใͷҰཡ "SUJGBDUΛߏ੒͢ΔίϯϙʔωϯτͷҰཡ 期待するコンポーネントが含まれるか検証期待通りビルドが行われたか検証 IUUQTTMTBEFWTQFDWWFSJGZJOHBSUJGBDUT

#VJME5SBDL4-4"1SPWFOBODF7FSJ fi DBUJPO ✅1SPWFOBODF͕ਖ਼౰ͳ΋ͷͰ͋Δ͜ͱ ɹɹ✔ਖ਼͍͠ॺ໊͕ߦΘΕ͍ͯΔ͔ ɹɹ✔ର৅ͷ"SUJGBDUʹඥ෇͘΋ͷͰ͋Δ͔ ɹɹ✔ظ଴͢Δ#VJMEFSʹΑͬͯੜ੒͞Εͨ΋ͷͰ͋Δ͔ ✅ظ଴͢ΔϏϧυ͕ߦΘΕͨ͜ͱ ɹɹ✔ظ଴͢Διʔε FHϦϙδτϦ
λά Λೖྗͱͯ͠Ϗϧυ͕ߦΘΕ͔ͨ ɹɹ✔ظ଴͢Δ8PSL fl PX ॴఆͷ4-4"-FWFMΛຬͨ͢Α͏ʹઃܭ ͰϏϧυ͕ߦΘΕ͔ͨ 4-4"1SPWFOBODFͷݕূͰ͸ɺྫ͑͹ҎԼͷΑ͏ͳݕূ͕ߦΘΕ·͢ɻ IUUQTTMTBEFWTQFDWWFSJGZJOHBSUJGBDUT

#VJME5SBDL4-4"1SPWFOBODF7FSJ fi DBUJPO 4-4"1SPWFOBODFͷݕূʹ࢖༻Ͱ͖Δπʔϧͷྫ ˞Ұ෦1SPWFOBODFΛੜ੒ͨ͠πʔϧͱͷґଘؔ܎͕͋ΔͨΊ஫ҙ͕ඞཁ 🛠4JHTUPSF$PTJHO ൚༻ ɹɹIUUQTEPDTTJHTUPSFEFWDPTJHOWFSJGZJOHBUUFTUBUJPO 🛠TMTBWFSJ
fi FS TMTBHJUIVCHFOFSBUPS޲͚ ɹɹIUUQTHJUIVCDPNTMTBGSBNFXPSLTMTBWFSJ fi FS 🛠HIBUUFTUBUJPO BUUFTUCVJMEQSPWFOBODF޲͚ ɹɹIUUQTEPDTHJUIVCDPNKBBDUJPOTIPXUPTTFDVSFZPVSXPSLVTFBSUJGBDUBUUFTUBUJPOTVTFBSUJGBDUBUUFTUBUJPOT 🛠,ZWFSOP ,VCFSOFUFT"ENJTTJPO8FCIPPL ɹɹIUUQTLZWFSOPJPEPDTQPMJDZUZQFTDMVTUFSQPMJDZWFSJGZJNBHFT 🛠4JHTUPSF1PMJDZ$POUSPMMFS ,VCFSOFUFT"ENJTTJPO8FCIPPL ɹɹIUUQTEPDTTJHTUPSFEFWQPMJDZDPOUSPMMFSPWFSWJFX

4-4"ͷ·ͱΊ ✅ιϑτ΢ΤΞαϓϥΠνΣʔϯηΩϡϦςΟͷϑϨʔϜϫʔΫ ɹɹ✔W࣌఺Ͱ͸#VJME5SBDLͷΈ໌֬Խ ✅Ϗϧυ؀ڥͷִ཭ ɹɹ✔Ϗϧυ؀ڥͷִ཭ɾ&QIFNFSBMԽʹΑΓϏϧυϓϩηεͷվ᜵Λ๷ࢭ ✅1SPWFOBODFʹΑΔূ੻ͷه࿥ͱݕূ ɹɹ✔ϏϧυདྷྺΛه࿥͢Δ͜ͱͰϏϧυϓϩηεΛಁ໌Խ ɹɹ✔ظ଴௨ΓϏϧυ͕࣮ߦ͞Εͨ͜ͱΛݕূ ɹɹ✔1SPWFOBODFΛఏڙ͢ΔϓϩδΣΫτ΋ଟ਺ଘࡏ

ࢀߟ 4-4"#VJME5SBDL͕߈ܸσϞͷࣄྫʹͲͷΑ͏ʹد༩͢Δ͔ 4-4"#VJME5SBDLΛઌ΄Ͳͷ߈ܸσϞʹద༻ͨ͠৔߹ɺҎԼͷΑ͏ͳܗͰϏϧυϓϩηεͷվ᜵ʹ د༩͢Δ͜ͱʹͳΓ·͢ɻ ˞͜ͷྫ͸͋͘·Ͱ#VJME1MBUGPSNʹࠞೖ͞ΕͨϚϧ΢ΣΞʹΑΓϏϧυϓϩηεͷվ᜵ͷΈ͕ߦΘΕΔͱ͍͏ࣄྫɻ ɹ#VJME1MBUGPSN͕׬શʹ৵֐͞Εͨ৔߹͸4-4"͕શ͘ػೳ͠ͳ͍৔߹΋͋ΔͨΊ஫ҙɻ Container Image Build
Producer Source Code Dockerfile Container Registry Container Image Run on Kubernetes Sign Verify Tampering Build Platform SLSA Build Track のスコープ外 ✅ ビルド環境の隔離によりビルドプロセスを改竄し辛くする ✅ Provenanceにより期待通りのビルドが行われたことを保証する ✅ ビルド環境にマルウェアを混入されてもEphemeral化により永続化されない

4-4"ʹج࣮ͮ͘૷ྫ ͜͜·ͰͷղઆΛ౿·࣮͑ͨ૷ྫΛࣔ͠·͢ɻ ɹ✅ίϯςφΠϝʔδͷϏϧυʹ൐͍"UUFTUBUJPO 1SPWFOBODF Λੜ੒͠Ξοϓϩʔυ ɹ✅ίϯςφΠϝʔδΛ࢖༻͢Δࡍʹ"UUFTUBUJPOΛݕূ Container Image Build Source
Code Dockerfile Container Registry Container Image Run on Kubernetes Generate Provenance Verify Container Image Provenance in-toto Attestation JNBHFCVJME HFOFSBUFQSPWFOBODF コンテナイメージのビルドとAttestationの生成 Attestationの検証

4-4"ʹج࣮ͮ͘૷ྫ ࠓճίϯςφΠϝʔδͷϏϧυ΍1SPWFOBODFͷੜ੒͸(JU)VC"DUJPOTΛ༻͍࣮ͯࢪ͍ͯ͠·͢ɻ IUUQTHJUIVCDPNNPDIJ[VLJDOEXEFNPBQQCMPCNBJOHJUIVCXPSL fl PXTCVJMEZBNM Container Image Build Source Code
Dockerfile Container Registry Container Image Run on Kubernetes Generate Provenance Verify Container Image Provenance in-toto Attestation JNBHFCVJME HFOFSBUFQSPWFOBODF GitHub ActionsのWorkflowで定義コンテナイメージのビルドとAttestationの生成

4-4"ʹج࣮ͮ͘૷ྫ ҎԼͷ8PSL fl PXͰ͸4-4"#VJME5SBDLͷ-FWFMʹ४ڌͨ͠ઃఆΛߦͳ͍ͬͯ·͢ɻ IUUQTHJUIVCDPNNPDIJ[VLJDOEXEFNPBQQCMPCNBJOHJUIVCXPSL fl PXTCVJMEZBNM OBNF$POUBJOFS*NBHF#VJMEXJUI4-4"1SPWFOBODF PO XPSL
fl PX@EJTQBUDI QVTI KPCT JNBHFCVJME QFSNJTTJPOT DPOUFOUTSFBE QBDLBHFTXSJUF VTFTHJUIVCXPSL fl PXTJNBHFCVJMESFVTFZBNM XJUI JNBHFSFHJTUSZHIDSJP JNBHFOBNF\\HJUIVCSFQPTJUPSZ^^ TFDSFUT HIDS@VTFSOBNF\\HJUIVCBDUPS^^ HIDS@QBTTXPSE\\TFDSFUT(*5)6#@50,&/^^ HFOFSBUFQSPWFOBODF OFFET JNBHFCVJME QFSNJTTJPOT BDUJPOTSFBE JEUPLFOXSJUF QBDLBHFTXSJUF VTFTTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPSHJUIVCXPSL fl PXT HFOFSBUPS@DPOUBJOFS@TMTBZNM!W XJUI JNBHFHIDSJP\\HJUIVCSFQPTJUPSZ^^ EJHFTU\\OFFETJNBHFCVJMEPVUQVUTJNBHFEJHFTU^^ SFHJTUSZVTFSOBNF\\HJUIVCBDUPS^^ TFDSFUT SFHJTUSZQBTTXPSE\\TFDSFUT(*5)6#@50,&/^^ CVJMEZBNM コンテナイメージをBuild Provenanceを生成

4-4"ʹج࣮ͮ͘૷ྫ#VJME*TPMBUJPO4USFOHUI (JU)VC"DUJPOTͷ৔߹͸(JU)VC)PTUFE3VOOFSΛ༻͍Δ͜ͱͰɺ Ϗϧυͷִ཭ʹؔ͢Δ4-4"-FWFM *TPMBUFE ͷཁ݅Λຬͨ͢͜ͱ͕Ͱ͖·͢ɻ IUUQTEPDTHJUIVCDPNKBBDUJPOTDPODFQUTSVOOFSTHJUIVCIPTUFESVOOFST OBNF$POUBJOFS*NBHF#VJMEXJUI4-4"1SPWFOBODF PO XPSL fl
PX@EJTQBUDI QVTI KPCT JNBHFCVJME QFSNJTTJPOT DPOUFOUTSFBE QBDLBHFTXSJUF VTFTHJUIVCXPSL fl PXTJNBHFCVJMESFVTFZBNM XJUI JNBHFSFHJTUSZHIDSJP JNBHFOBNF\\HJUIVCSFQPTJUPSZ^^ TFDSFUT HIDS@VTFSOBNF\\HJUIVCBDUPS^^ HIDS@QBTTXPSE\\TFDSFUT(*5)6#@50,&/^^ OBNF3FVTBCMF$POUBJOFS*NBHF#VJME8PSL fl PX KPCT QVCMJTI SVOTPOVCVOUVMBUFTU TUFQT OBNF#VJMEBOEQVTI$POUBJOFSJNBHF JECVJME VTFTEPDLFSCVJMEQVTIBDUJPO!W XJUI fi MF%PDLFS fi MF QVTIUSVF UBHT\\TUFQTNFUBPVUQVUTUBHT^^ MBCFMT\\TUFQTNFUBPVUQVUTMBCFMT^^ QSPWFOBODFUSVF TCPNGBMTF CVJMEZBNM JNBHFCVJMESFVTFZBNM コンテナイメージをBuildするWF ビルドジョブが Ephemeral VMで実行される

OBNF$POUBJOFS*NBHF#VJMEXJUI4-4"1SPWFOBODF KPCT HFOFSBUFQSPWFOBODF OFFET JNBHFCVJME QFSNJTTJPOT BDUJPOTSFBE JEUPLFOXSJUF
QBDLBHFTXSJUF VTFTTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPSHJUIVCXPSL fl PXTHFOFSBUPS@DPOUBJOFS@TMTBZNM!W XJUI JNBHFHIDSJP\\HJUIVCSFQPTJUPSZ^^ EJHFTU\\OFFETJNBHFCVJMEPVUQVUTJNBHFEJHFTU^^ SFHJTUSZVTFSOBNF\\HJUIVCBDUPS^^ TFDSFUT SFHJTUSZQBTTXPSE\\TFDSFUT(*5)6#@50,&/^^ 4-4"ʹج࣮ͮ͘૷ྫ1SPWFOBODF(FOFSBUJPO ·ͨ4-4"ެࣜͰఏڙ͞Ε͍ͯΔTMTBHJUIVCHFOFSBUPSΛ࢖༻͢Δ͜ͱͰɺ 1SPWFOBODFʹؔ͢Δ4-4"-FWFM 6OGPSHFBCMF ͷཁ݅Λຬͨ͢͜ͱ͕Ͱ͖·͢ɻ IUUQTHJUIVCDPNTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPSCMPCNBJOJOUFSOBMCVJMEFSTDPOUBJOFS3&"%.&NE slsa-github-generatorで提供される Reusable Workflowを呼び出す CVJMEZBNM コンテナイメージおよびコンテナレジストリの認証情報

4-4"ʹج࣮ͮ͘૷ྫ1SPWFOBODF(FOFSBUJPO TMTBHJUIVCHFOFSBUPSͰੜ੒͞Εͨ4-4"1SPWFOBODF͸JOUPUP"UUFTUBUJPOͱͯ͠ ίϯςφΠϝʔδͱඥ෇͚ͯίϯςφϨδετϦʹΞοϓϩʔυ͞Ε·͢ɻ IUUQTHJUIVCDPNTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPSCMPCNBJOJOUFSOBMCVJMEFSTDPOUBJOFS3&"%.&NE OBNF$POUBJOFS*NBHF#VJMEXJUI4-4"1SPWFOBODF KPCT HFOFSBUFQSPWFOBODF OFFET
JNBHFCVJME QFSNJTTJPOT BDUJPOTSFBE JEUPLFOXSJUF QBDLBHFTXSJUF VTFTTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPSHJUIVCXPSL fl PXTHFOFSBUPS@DPOUBJOFS@TMTBZNM!W XJUI JNBHFHIDSJP\\HJUIVCSFQPTJUPSZ^^ EJHFTU\\OFFETJNBHFCVJMEPVUQVUTJNBHFEJHFTU^^ SFHJTUSZVTFSOBNF\\HJUIVCBDUPS^^ TFDSFUT SFHJTUSZQBTTXPSE\\TFDSFUT(*5)6#@50,&/^^ CVJMEZBNM コンテナイメージおよびコンテナレジストリの認証情報 8PSL fl PXͷ֓ཁ ✅&QIFNFSBM7.ʹTMTBHFOFSBUPSDPOUBJOFS͓ΑͼDPTJHOΛΠϯετʔϧ ✅TMTBHFOFSBUPSDPOUBJOFS͕(JU)VC$POUFYU͔Β1SPWFOBODFΛੜ੒ +40/ ✅DPTJHOBUUFTUͰ1SPWFOBODF͔ΒJOUPUP"UUFTUUBJPOΛੜ੒ ˞ ͠ίϯςφϨδετϦʹΞοϓϩʔυ ɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹ˞DPTJHOʹΑΔॺ໊͕,FZMFTTͰߦΘΕΔ ˞ࠓճ࢖༻͍ͯ͠ΔTMTBHJUIVCHFOFSBUPS͸1VCMJD3FLPSʹಁաϩάΛΞοϓϩʔυ͢ΔͨΊɺಛʹ1SJWBUFϦϙδτϦͰ࢖༻͢Δ৔߹͸஫ҙ͕ඞཁͰ͢ɻ ɹIUUQTHJUIVCDPNTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPSUSFFNBJOJOUFSOBMCVJMEFSTDPOUBJOFSQSJWBUFSFQPTJUPSJFT

4-4"ʹج࣮ͮ͘૷ྫ1SPWFOBODF(FOFSBUJPO ίϯςφΠϝʔδʹඥ෇͘JOUPUP"UUFTUBUJPO 1SPWFOBODFΛؚΉ ͷࢀর \ QBZMPBE5ZQFBQQMJDBUJPOWOEJOUPUP KTPO QBZMPBE\ @UZQFIUUQTJOUPUPJP4UBUFNFOUW
QSFEJDBUF5ZQFIUUQTTMTBEFWQSPWFOBODFW TVCKFDU< \ OBNF3&(*453:DOEXEFNPBQQ EJHFTU\ TIB%*(&45 ^ ^ > QSFEJDBUF\ CVJMEFS\ JEIUUQTHJUIVCDPNTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPSHJUIVCXPSL fl PXT HFOFSBUPS@DPOUBJOFS@TMTBZNM!SFGTUBHTW ^ CVJME5ZQFIUUQTHJUIVCDPNTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPSDPOUBJOFS!W DPTJHOEPXOMPBEBUUFTUBUJPO3&(*453:DOEXEFNPBQQNBJOcKRQBZMPBEc !CBTFEcGSPNKTPO JOWPDBUJPO\ DPO fi H4PVSDF\ VSJHJU IUUQT3&(*453:DOEXEFNPBQQ!SFGTIFBETNBJO EJHFTU\ TIBDCF ^ FOUSZ1PJOUHJUIVCXPSL fl PXTCVJMEZBNM ^ NBUFSJBMT< \ VSJHJU IUUQT3&(*453:DOEXEFNPBQQ!SFGTIFBETNBJO EJHFTU\ TIBDCF ^ ^ > ^ ^ TJHOBUVSFT< \ LFZJE TJH.&6.T ^ > ^ コンテナイメージ ProvenanceのBuilder ビルドプロセスの種類実行されたWorkflow ビルドプロセスへの入力 Attestationへの署名

4-4"ʹج࣮ͮ͘૷ྫ ίϯςφΠϝʔδʹJOUPUP"UUFTUBUJPOܗࣜͰඥ෇͚ΒΕͨ1SPWFOBODFͷݕূΛߦ͍ɺ ظ଴௨ΓίϯςφΠϝʔδͷϏϧυ͕࣮ߦ͞Εͨ͜ͱΛ֬ೝ͠·͢ɻ ݕূʹ͸$PTJHOͳͲͷ$-*πʔϧ΍,VCFSOFUFTͷ"ENJTTJPO8FCIPPL͕༻͍ΒΕ·͢ɻ Container Image Build Source Code Dockerfile
Container Registry Container Image Run on Kubernetes Generate Provenance Verify Container Image Provenance in-toto Attestation JNBHFCVJME HFOFSBUFQSPWFOBODF 手動 or Admission Webhook Attestationの検証

4-4"ʹج࣮ͮ͘૷ྫ1SPWFOBODF7FSJ fi DBUJPO ͜͜Ͱ͸$PTJHOΛ࢖༻ͯ͠ɺ1SPWFOBODFΛؚΉJOUPUP"UUFTUBUJPOͷݕূΛߦ͍·͢ɻ $PTJHOͰ͸$6&·ͨ͸3FHPͰݕূ༻ͷϙϦγʔΛఆٛͰ͖·͢ɻ ҎԼͷϙϦγʔͰ͸1SPWFOBODFͷ֤ϑΟʔϧυʹର͢Δظ଴஋Λఆ͍ٛͯ͠·͢ɻ FHظ଴͢Δೖྗ΍8PSL fl PXͰϏϧυ͕ߦΘΕ͔ͨ QBDLBHFTJHOBUVSF
EFGBVMUBMMPXGBMTF BMMPX\ JOQVUQSFEJDBUF5ZQFIUUQTTMTBEFWQSPWFOBODFW SFHFYNBUDI ?IUUQTHJUIVCDPNTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPSHJUIVCXPSL fl PXTHFOFSBUPS@DPOUBJOFS@TMTBaaZNM!SFGTUBHTW<> aa <> aa<> JOQVUQSFEJDBUFCVJMEFSJE JOQVUQSFEJDBUFCVJME5ZQFIUUQTHJUIVCDPNTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPSDPOUBJOFS!W JOQVUQSFEJDBUFJOWPDBUJPODPO fi H4PVSDFVSJHJU IUUQT3&(*453:DOEXEFNPBQQ!SFGTIFBETNBJO JOQVUQSFEJDBUFJOWPDBUJPODPO fi H4PVSDFFOUSZ1PJOUHJUIVCXPSL fl PXTCVJMEZBNM JOQVUQSFEJDBUFNBUFSJBMT<>VSJHJU IUUQT3&(*453:DOEXEFNPBQQ!SFGTIFBETNBJO ^ ˞JOUPUP"UUFTUBUJPOͷ1SFEJDBUF 1SPWFOBODFʹ֘౰ ͕JOQVUͱͯ͠ೖྗ͞ΕΔ QSPWFOBODFQPMJDZSFHP

4-4"ʹج࣮ͮ͘૷ྫ1SPWFOBODF7FSJ fi DBUJPO ݕূʹ੒ޭ͢Ε͹ɺ֘౰ͷίϯςφΠϝʔδ͸ظ଴௨ΓϏϧυ͞Εͨ΋ͷͰ͋Δͱ൑அͰ͖·͢ɻ DPTJHOWFSJGZBUUFTUBUJPOa UZQFTMTBQSPWFOBODFa DFSUJ fi DBUFPJEDJTTVFSIUUQTUPLFOBDUJPOTHJUIVCVTFSDPOUFOUDPNa DFSUJ
fi DBUFJEFOUJUZSFHFYQ?IUUQTHJUIVCDPNTMTBGSBNFXPSLTMTBHJUIVCHFOFSBUPSHJUIVCXPSL fl PXT HFOFSBUPS@DPOUBJOFS@TMTBZNM!SFGTUBHTW<> <> <> a QPMJDZQSPWFOBODFQPMJDZSFHPa 3&(*453:DOEXEFNPBQQNBJO DFSUJ fi DBUFPJEDJTTVFSͱDFSUJ fi DBUFJEFOUJUZSFHFYQ͸ॺ໊ݕূΛߦ͏ͨΊͷJTTVFSͱJEFOUJUZΛࢦఆ TMTBHJUIVCHFOFSBUPSݻ༗஋ IUUQTEPDTTJHTUPSFEFWDPTJHOWFSJGZJOHWFSJGZLFZMFTTWFSJ fi DBUJPOVTJOHPQFOJEDPOOFDU

ࢀߟ 4-4"8PSLTIPQ ✅0QFO44'4-4"8PSLTIPQ!0QFO4PVSDF4FDVSJUZ4VNNJU/PSUI"NFSJDB ɹɹIUUQTHJUIVCDPNTMTBGSBNFXPSLPTTOBTMTBXPSLTIPQ ೥ʹ։࠵͞Εͨ4-4"8PSLTIPQͷࢿྉ͕ެ։͞Ε͍ͯ·͢ɻ ຊ೔ղઆͨ͠಺༰ΛؚΊ༷ʑͳϋϯζΦϯؚ͕·Ε͍ͯΔͨΊɺڵຯͷ͋Δํ͸͝ࢀর͍ͩ͘͞ɻ

·ͱΊ ✅ίϯςφαϓϥΠνΣʔϯʹ͓͚Δվ᜵ࣄྫΛղઆ ɹɹ✔Ϗϧυϓϩηεͷվ᜵ͳͲॺ໊ͳͲैདྷͷରࡦͰ͸๷͖͗Εͳ͍έʔε͕͋Δ ✅୅දతͳͭͷϑϨʔϜϫʔΫʹ͍ͭͯΤοηϯεΛղઆ ɹɹ✔JOUPUP ɾαϓϥΠνΣʔϯͷεςοϓΛه࿥ɾݕূ ɾJOUPUP"UUFTUBUJPO ɹɹ✔4-4" ɾWͰ͸Ϗϧυͷอޢ͕த৺ #VJME5SBDL
ɾϏϧυ؀ڥͷִ཭ͱ1SPWFOBODFͷੜ੒ɾݕূ ✅ࠓޙͷൃల ɹɹ✔ιϑτ΢ΣΞαϓϥΠνΣʔϯηΩϡϦςΟ͸·ͩ·ͩൃల్্ͳҹ৅ ɹɹ✔JOUPUP"UUFTUBUJPO΍4-4"1SPWFOBODFʹ͍ͭͯఏڙ͢Δ044΍ରԠπʔϧ͕ঃʑʹ૿͍͑ͯΔҹ৅ ɹɹ✔ࠓ͙͢׆༻ͤͣͱ΋ͲͷΑ͏ͳ΋ͷ͔஌͓ͬͯ͘͜ͱ͸ॏཁ

5IBOL:PV Day1お疲れ様でした！！ Day2も楽しんでいきましょう！！

改竄して学ぶコンテナサプライチェーンセキュリティ ~コンテナイメージの完全性を目指して~/ta...

改竄して学ぶコンテナサプライチェーンセキュリティ ~コンテナイメージの完全性を目指して~/tampering-container-supplychain-security

More Decks by mochizuki875

Other Decks in Technology

Featured

Transcript