secure software distribution in an adversarial world

Secure Software Distribution in an Adversarial World

@diogomonica

🔐💾↔👹🌎

source: edharrington.tumblr.com

Isn’t HTTPS enough?

What about GPG?

3 months later…

“A software update system is secure if it can be sure that it knows about the latest available updates in a timely manner, any files it downloads are the correct files, and no harm results from checking or downloading files.”

- The Update Framework

•Freshness •Signed collections •Key Hierarchy •Transparent key rotation •Threshold signing

Freshness

Freshness

Signed Packages Signed Collection

Signed Collections

Key Hierarchy

Key Hierarchy

Short Expiry

Long Expiry

Less Sensitive

More Sensitive

Key Hierarchy

Transparent Key Rotation

Transparent Key Rotation

offline

online

Transparent Key Rotation

Transparent Key Rotation

Threshold Signing

Threshold Signing

Use The Update Framework (TUF)

theupdateframework.com

Notary, an opinionated implementation of TUF

github.com/docker/notary

When the going gets tough, get TUF going

Thank you@diogomonica