Doing a TUF: Secure Any Shared Storage
E148 | Sun 16 Jul 11:30 a.m.–noon
Presented by
-
Nisha Kumar
@_ctlfsh
https://nishakm.github.io
Nisha is a software developer at Oracle Cloud Infrastructure (not to be confused with the Open Container Initiative). Nisha is involved in the SPDX and CNCF communities, trying to improve software and service transparency.
Nisha Kumar
@_ctlfsh
https://nishakm.github.io
Abstract
The Update Framework (TUF) is an Open Source Framework used to secure software repository. OK, that's great. But what does that look in practice? A repository is just storage that is accessible to anyone other than you. Think about a shared Google folder. That's a repository. For software development, that's a database, an AWS S3 bucket, or even just a directory on disk. This talk will walk you through the steps to implement TUF on a typical data store you may use on a regular basis. Then we will see how TUF ensures the consumers of that data can verify your identity and the freshness of the things you share.
The Update Framework (TUF) is an Open Source Framework used to secure software repository. OK, that's great. But what does that look in practice? A repository is just storage that is accessible to anyone other than you. Think about a shared Google folder. That's a repository. For software development, that's a database, an AWS S3 bucket, or even just a directory on disk. This talk will walk you through the steps to implement TUF on a typical data store you may use on a regular basis. Then we will see how TUF ensures the consumers of that data can verify your identity and the freshness of the things you share.