Loading…
Virtual Event
May 4 - May 7
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2021 Virtual to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

Back To Schedule
Friday, May 7 • 11:50 - 12:25
Securing Content Distribution with The Update Framework (TUF) - Lukas Puehringer, NYU, Tandon School of Engineering & Joshua Lock, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Time and again we see insecure content delivery systems – such as software updaters, and configuration management systems – being compromised to deliver malicious content. The Update Framework (TUF) was designed not only to prevent and detect attacks, but also with risk mitigation (reducing the damage from a successful attack) as a core principle. Being the first security-focused project to graduate in the CNCF, TUF is widely used both inside and outside of the cloud ecosystem. It is in use today in places including CNAB, AWS Labs BottleRocket OS, and Datadog. With several ongoing integrations being actively developed including the Python Package Index (PyPI), Drupal, TYPO3 and Joomla. We will introduce TUF by describing the basic architecture, including how TUF protects against a variety of real-world attacks on any content distribution infrastructure. Then we look forward to discussion with the audience as we deep dive on a current technical issue.

Speakers
avatar for Lukas Pühringer

Lukas Pühringer

Research Associate, NYU, Tandon School of Engineering
Lukas Pühringer is a research scholar and developer at NYU's Center for Cyber Security (CCS), where he leads the development of in-toto and has been co-maintaining several of Prof. Justin Cappos' software projects, such as The Update Framework (TUF) . Lukas has given talks about... Read More →
avatar for Joshua Lock

Joshua Lock

Open Source Engineer, VMware
Joshua is a maintainer of The Update Framework (TUF) and Supply-chain Levels for Software Artifacts (SLSA) projects. He works at VMware as the security team lead in their Open Source Technology Center. In a past life he spent many years working on and with the Yocto Project. Joshua... Read More →



Friday May 7, 2021 11:50 - 12:25 CEST
Maintainer Track Theater
  Maintainer Track Sessions
  • Presentation Slides Attached Yes