CNCF To Host Two Security Projects – Notary and TUF Specification

By October 24, 2017Announcement

Riyaz Faizullabhoy, Docker Security Engineer, today announced on stage at Open Source Summit Europe, that the Cloud Native Computing Foundation (CNCF) Technical Oversight Committee (TOC) has voted Notary in as our 13th hosted project and TUF in as our 14th hosted project.

“With every project presented to the CNCF, the TOC evaluates what that project provides to the cloud native ecosystem,” said Chris Aniszczyk, COO of Cloud Native Computing Foundation. “Notary and the TUF specification address a key challenge for enterprises working with containers by providing a solution for trusted, cross-platform delivery of content. We are excited to have these projects come in as one collective contribution to CNCF and look forward to cultivating their communities.”

Notary Based on The Update Framework (TUF) specification

Docker Platform including Enterprise Edition and Community Edition, Moby Project, Huawei, Motorola Solutions, VMWare, LinuxKit, Quay, and Kubernetes have all integrated Notary/TUF.

Originally created by Docker in June 2015, Notary is based on The Update Framework (TUF) specification, a secure general design for the problem of software distribution and updates. TUF helps developers to secure new or existing software update systems, which are often found to be vulnerable to many known attacks. TUF addresses this widespread problem by providing a comprehensive, flexible security framework that developers can integrate with any software update system.

Notary is one of the industry’s most mature implementations of the TUF specification and its Go implementation is used today to provide robust security for container image updates, even in the face of a registry compromise. Notary takes care of the operations necessary to create, manage, and distribute the metadata needed to ensure the integrity and freshness of user content. Notary/TUF provides both a client, and a pair of server applications to host signed metadata and perform limited online signing functions.

Image 1: Diagram illustrates the interactions between the Notary client, server, and signer

It is also beginning to gain traction outside the container ecosystem as platforms like Kolide use Notary to secure distribution of osquery through their auto-updater.

“In a developer’s workflow, security can often be an afterthought; however, every piece of deployed code from the OS to the application should be signed. Notary establishes strong trust guarantees to prevent malicious content from being injected into the workflow processes,” said David Lawrence, Senior Software Engineer at Docker. “Notary is a widely used implementation in the container space. By joining CNCF, we hope Notary will be more widely adopted and different use cases will emerge.”

Notary joins the following CNCF projects Kubernetes, Prometheus, OpenTracing, Fluentd, linkerd, gRPC, CoreDNS, containerd, rkt, CNI, Envoy, and Jaeger.

Use Case Examples of Notary:

  • Docker uses Notary to implement Docker Content Trust and all of the docker trust subcommands.
  • Quay is using Notary as a library, wrapping it and extending it to suit their needs. For Quay, Notary is flexible rather than single-purpose.
  • CloudFlare’s PAL tool uses Notary for container identity, allowing one to associate metadata such as secrets to running containers in a verifiable manner.
  • LinuxKit is using Notary to distribute its kernels and system packages.

Notable Notary Milestones:

  • 865 GitHub stars, 156 forks
  • 45 contributors
  • 8 maintainers from 3 companies; Docker, CoreOS, Huawei
  • 2600+ commits, 34 releases

TUF

TUF (The Update Framework) is an open source specification that was written in 2009 by Professor Justin Cappos and developed further by members of the Professor Cappos’s Secure Systems Lab at NYU’s Tandon School of Engineering.

TUF is designed to work as part of a larger software distribution framework and provides resilience to key or server compromises. Using a variety of cryptographic keys for content signing and verification, TUF allows security to remain as strong as is practical against a variety of different classes of attacks.

TUF is used in production by Docker, LEAP, App Container, Flynn, OTAInfo, ATS Solutions, and VMware.

“In addition to focusing on security, one of our primary goals has been to operate securely within the workflow that groups already use on their repositories,” said Professor Cappos. “We have learned a tremendous amount by working with Docker, CoreOS, OCaml, Python, Rust, and automotive vendors to tune TUF to work better in their environments.”

TUF has a variety of use cases beyond containers. For example, several different companies in the automotive industry have integrated a TUF-variant called Uptane, with more integrations underway. As a result, Uptane was recently named one of Popular Science’s Top 100 Technologies of the Year. There is also a lot of momentum toward adoption by different programming language software repositories, including standardization by Python (PEP 458 and 480). TUF has also been security audited by multiple groups.

Notable TUF Milestones:

  • Open source since 2010
  • 517 GitHub stars, 74 forks
  • 27+ contributors from CoreOS, Docker, OCaml, Python, Rust (ATS Solutions) and Tor
  • 2700+ commits

As CNCF hosted projects, Notary and TUF will be part of a neutral community aligned with technical interests. The CNCF will also assist Notary and TUF with marketing and documentation efforts as well as help grow their communities.

“The inclusion of Notary and TUF into the CNCF is an important milestone as it is the first project to address concerns regarding the trusted delivery of content for containerized applications,” said Solomon Hykes, Founder and CTO at Docker and CNCF TOC project sponsor. “Notary is already at the heart of several security initiatives throughout the container ecosystem and with this donation, it will be even more accessible as a building block for broader community collaboration.”

For more on Notary, check out the release blog for Notary and Docker Content Trust, as well as Docker’s Notary doc pages and read Getting Started with Notary and Understand the Notary service architecture. For more on TUF, check out The Updated Framework page and watch Professor Cappos in this video and this conference presentation video.

Stay up to date on all CNCF happenings by signing up for our monthly newsletter.