Combining TUF and in-toto to build compromise-resilient CI/CD

12 views
Skip to first unread message

Trishank Karthik Kuppusamy

unread,
May 12, 2020, 4:47:03 PM5/12/20
to in-toto...@googlegroups.com
Hello everyone,

We are pleased to announce that two new drafts of in-toto Enhancements (ITEs) have been published that discuss how to combine The Update Framework (TUF) and in-toto to build an end-to-end compromise-resilient CI/CD:



TUF is a sibling project that is used to secure the last mile of the distribution process. It is used in production by companies such as Cloudflare, Docker, DigitalOcean, Flynn, IBM, Microsoft, LEAP, Kolide, and VMware. A variant of TUF called Uptane is widely used to secure over-the-air updates in automobiles.

In this context, we use TUF to provide some interesting properties:
1. Compromise-resilient, transparent distribution and rotation of the in-toto root layout public keys. In fact, all you need to distribute is one so-called root metadata file to your client applications, and you can slash-and-burn keys throughout your entire system (including in-toto layouts and functionaries) at any time without your client applications noticing anything.
2. Consistent snapshots, which not only prevents rollback and mix-and-match attacks, but also lets you associate different versions of your root layout with different packages, so you can transparently update rules for your software supply chain without breaking old packages.

We believe that the lessons we have learned would be just as useful for you, which is why we have published these ITEs. Let us know if you have questions!

Thanks,
Trishank

Santiago Torres

unread,
May 12, 2020, 4:47:29 PM5/12/20
to 'Trishank Karthik Kuppusamy' via in-toto-dev, in-toto...@googlegroups.com
On Tue, May 12, 2020 at 04:44:43PM -0400, 'Trishank Karthik Kuppusamy' via in-toto-dev wrote:
> Cc +in-toto...@googlegroups.com
>
> On Tue, May 12, 2020 at 4:33 PM Trishank Karthik Kuppusamy <
> trishank....@datadoghq.com> wrote:
>
> > Hello everyone,
> >
> > We are pleased to announce that two new drafts of in-toto Enhancements
> > (ITEs) have been published that discuss how to combine The Update
> > Framework (TUF) <https://theupdateframework.io/> and in-toto to build an
> > end-to-end compromise-resilient CI/CD:
> >
> > ITE-2: A general overview of combining TUF and in-toto to build
> > compromise-resilient CI/CD
> > <https://github.com/in-toto/ITE/blob/master/ITE/2/README.adoc>
> >
> > ITE-3: Real-world example of combining TUF and in-toto for packaging
> > Datadog Agent integrations
> > <https://github.com/in-toto/ITE/blob/master/ITE/3/README.adoc>
> >
> > TUF is a sibling project that is used to secure the last mile of the
> > distribution process. It is used in production by companies such as
> > Cloudflare, Docker, DigitalOcean, Flynn, IBM, Microsoft, LEAP, Kolide, and
> > VMware. A variant of TUF called Uptane is widely used to secure
> > over-the-air updates in automobiles.
> >
> > In this context, we use TUF to provide some interesting properties:
> > 1. Compromise-resilient, transparent distribution and rotation of the
> > in-toto root layout public keys. In fact, all you need to distribute is one
> > so-called root metadata file to your client applications, and you can
> > slash-and-burn keys throughout your entire system (including in-toto
> > layouts and functionaries) at any time without your client applications
> > noticing anything.
> > 2. Consistent snapshots, which not only prevents rollback and
> > mix-and-match attacks <https://theupdateframework.io/security/>, but also
> > lets you associate different versions of your root layout with different
> > packages, so you can transparently update rules for your software supply
> > chain without breaking old packages.
> >
> > We believe that the lessons we have learned would be just as useful for
> > you, which is why we have published these ITEs. Let us know if you have
> > questions!
> >
> > Thanks,
> > Trishank
> >
>
> --
> You received this message because you are subscribed to the Google Groups "in-toto-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to in-toto-dev...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/in-toto-dev/CAEd-exOsLD715i-OL4T0tL_OYUDqun%3DQH%3DKr6TNO4sKZkor2bg%40mail.gmail.com.
signature.asc
Reply all
Reply to author
Forward
0 new messages