Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ying Li, David Lawrence - When the going gets tough, get TUF going

Ying Li, David Lawrence - When the going gets tough, get TUF going

The Update Framework (TUF) helps developers secure new or existing software update systems by providing integrity and freshness guarantees over package distribution. Integrate TUF into your deployment pipelines to provide integrity and version guarantees for build and deployment artifacts.

https://us.pycon.org/2016/schedule/presentation/2187/

Eec9d25835717f1f1f12a354faf68d87?s=128

PyCon 2016

May 29, 2016
Tweet

More Decks by PyCon 2016

Other Decks in Programming

Transcript

  1. When the going gets tough, Get TUF going! David Lawrence

    - @endophage Ying Li - @cyli Docker Security Team
  2. Where does software come from?

  3. $> _

  4. $>curl | sudo bash

  5. None
  6. •authenticity

  7. None
  8. None
  9. •authenticity •integrity

  10. None
  11. None
  12. •authenticity •integrity •freshness

  13. $> pip install foo

  14. •authenticity (TLS) •integrity (TLS) •freshness

  15. •integrity foo==1.0 --hash=sha256:492f6b208a9… requirements.txt

  16. •authenticity (TLS) •integrity (TLS + hash ) •freshness (cache)

  17. None
  18. python setup.py upload no TLS twine upload TLS web form

    TLS curl / other maybe TLS foo
  19. None
  20. • authenticity • integrity • freshness • ease of use

  21. Get TUF (The Update Framework)

  22. None
  23. TUF repository

  24. TUF repository packages

  25. root timestamp snapshot targets delegation

  26. Root: Timestamp: Snapshot: Targets: Expiry: ... Root Metadata

  27. Offline for security • Backup in bank vault. • Use

    signing hardware
  28. pip-8.1.2 : { hashes } virtualenv-15.0.1 : { hashes }

    … Expiry: ... Targets Metadata
  29. Keys: { Alice: Bob: } Expiry: ... Targets Metadata A

    B pip: virtualenv: [Alice] [Bob]
  30. pip-8.1.2 : { hashes } pip-8.1.1 : { hashes }

    ... Expiry: ... Delegation Metadata A virtualenv-15.0.1 : { hashes } virtualenv-15.0.0 : { hashes } ... Expiry: ... B
  31. pip-8.1.2 pip-8.1.1 virtualenv-15.0.1 virtualenv-15.0.0 A B

  32. virtualenv-15.0.1.whl virtualenv-15.0.1.tgz virtualenv-15.0.0.whl virtualenv-15.0.0.tgz pip pip-8.1.2.whl pip-8.1.1.whl pip-8.1.2.tgz pip-8.1.1.tgz PyPA

    virtualenv A B C A wheels source
  33. • authenticity • integrity • freshness • ease of use

  34. • authenticity • integrity • freshness • ease of use

  35. Root : { hashes } Targets : { hashes }

    Alice : { hashes } Bob : { hashes } … Expiry: ... Snapshot Metadata
  36. • authenticity • integrity • freshness • ease of use

  37. Snapshot : { hashes } … Expiry: 24 hours from

    now Timestamp Metadata
  38. virtualenv-15.0.1.whl virtualenv-15.0.1.tgz virtualenv-15.0.0.whl virtualenv-15.0.0.tgz pip pip-8.1.2.whl pip-8.1.1.whl pip-8.1.2.tgz pip-8.1.1.tgz PyPA

    virtualenv A B C A wheels source X
  39. • authenticity • integrity • freshness • ease of use

  40. Timestamp Lifetime Snapshot Targets/ Delegations Root Metadata Lifetime

  41. Compromise is “when” not “if”

  42. None
  43. Root: Timestamp: Snapshot: Targets: Root Metadata Snapshot Metadata

  44. Root: Timestamp: Snapshot: Targets: Expiry: ... Root Metadata

  45. Root: Timestamp: Snapshot: Targets: Expiry: ... Root Metadata

  46. Root: Timestamp: Snapshot: Targets: new Root: Timestamp: Snapshot: Targets: old

  47. Root: Timestamp: Snapshot: Targets: new Root: Timestamp: Snapshot: Targets: old

    X
  48. • authenticity • integrity • freshness • ease of use

  49. None
  50. #

  51. # # #

  52. None
  53. #

  54. None
  55. #

  56. • authenticity • integrity • freshness • ease of use

  57. • authenticity • integrity • freshness • ease of use

  58. … • auditability

  59. None
  60. None
  61. ?

  62. PEP458

  63. A PEP480

  64. How can we start using TUF?

  65. None
  66. None
  67. github.com/docker/notary https://pytuf.heliocide.org

  68. • “Publish your code so others can use it in

    5 easy steps” Marko Samastur • “Shipping Software To Users With Python” Glyph • “Reliably Distributing Compiled Modules” - Paul Kehrer Python Packaging
  69. TUF Open Space (today: 1pm) C123-124

  70. Learn More • Read the spec: github.com/theupdateframework/tuf/ (docs/tuf-spec.txt) • Look

    at Notary: github.com/docker/notary • Read the Docker Content Trust docs: docs.docker.com/engine/security/trust/content_trust/
  71. Python PEPs 458 & 480 https://www.python.org/dev/peps/pep-0458 https://www.python.org/dev/peps/pep-0480

  72. THANK YOU