![]() ![]() The technology that evolved into TUF was first developed at the University of Washington in 2009 by Justin Samuel and Justin Cappos, and its principles were first discussed in a paper Samuel and Cappos coauthored with Nick Mathewson and Roger Dingledine, researchers from The Tor Project, Inc. To date, the list of tech companies and organizations using TUF include IBM, VMware, Digital Ocean, Microsoft, Google, Amazon, Leap, Kolide, Docker, and Cloudflare. Even if one party-or the repository itself-is compromised, the number of projects affected will be limited. ![]() It also helps to ensure that keys used to perform a sensitive action can be stored in a secure, offline manner. Dividing the responsibility for authenticating a file or image ensures no single hacker can compromise the system. This strategy of “compromise-resilience” improves on existing methods based on keysigning by incorporating techniques, such as separation of signing duties and setting a threshold number of required signatures. TUF-enabled systems focus on limiting the impact of attacks and providing a mechanism for recovery. The design of TUF acknowledges that all software repositories will likely be compromised at some point, so any security strategy must be prepared for that scenario. Unfortunately, in delivering updates to neutralize flaws, these systems can unintentionally introduce vulnerabilities that, in turn, can be exploited by attackers. Ī software update, sometimes referred to as a patch, can add functionalities and address flaws in existing code. In this way, it protects software repositories, which are an increasingly desirable target for hackers. It does this with a stated goal of requiring minimal changes and effort from repository administrators, software developers, and end users. TUF uses a series of roles and keys to provide a means to retain security, even when some keys or servers are compromised. The Update Framework (TUF) is a software framework designed to protect mechanisms that automatically identify and download updates to software. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |