Virtual Event
May 4 - May 7
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2021 Virtual to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

Friday, May 7 • 11:50 - 12:25
Securing Content Distribution with The Update Framework (TUF) - Lukas Puehringer, NYU, Tandon School of Engineering & Joshua Lock, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Time and again we see insecure content delivery systems – such as software updaters, and configuration management systems – being compromised to deliver malicious content. The Update Framework (TUF) was designed not only to prevent and detect attacks, but also with risk mitigation (reducing the damage from a successful attack) as a core principle. Being the first security-focused project to graduate in the CNCF, TUF is widely used both inside and outside of the cloud ecosystem. It is in use today in places including CNAB, AWS Labs BottleRocket OS, and Datadog. With several ongoing integrations being actively developed including the Python Package Index (PyPI), Drupal, TYPO3 and Joomla. We will introduce TUF by describing the basic architecture, including how TUF protects against a variety of real-world attacks on any content distribution infrastructure. Then we look forward to discussion with the audience as we deep dive on a current technical issue.

avatar for Lukas Pühringer

Lukas Pühringer

Researcher / Engineer, NYU Tandon School of Engineering
Lukas Pühringer is a research scholar and software developer at the NYU Center for Cyber Security (CCS), where he leads the development of The Update Framework (TUF), and has been co-maintaining several of Prof. Justin Cappos’ software projects, most notably the supply chain security... Read More →
avatar for Joshua Lock

Joshua Lock

Distinguished Engineer, Verizon
Joshua is Open Source Architect in Verizon's Open Source Program Office, where he leads efforts to improve consistency around how Verizon uses open source. As part of his work at Verizon he works upstream on software supply chain security standards and tools; he is a steering committee... Read More →

Friday May 7, 2021 11:50 - 12:25 CEST
Maintainer Track Theater
  Maintainer Track Sessions
  • Presentation Slides Attached Yes