Want to view more sessions and keep the conversations going? Join us for KubeCon + CloudNativeCon North America in Seattle, December 11 - 13, 2018 (http://bit.ly/KCCNCNA18) or in Shanghai, November 14-15 (http://bit.ly/kccncchina18)
TUF / Notary Project Intro – David Lawrence, Docker, & Justin Cappos, NYU, TUF (Any Skill Level)
Software distribution and packaging systems are rapidly becoming the weak link in the software lifecycle. This talk provides an accessible overview of two CNCF projects (Notary and TUF), that provide a secure (compromise resilient) mechanism for distributing software. Notary, which implements the TUF specification, signs and transparently validates metadata to enable the system to recover from the compromise of servers, theft of keys, insider attacks, Notary / TUF are surprisingly easy to use and are deployed not only across major cloud companies, but a diverse set of adopters, including automobiles. WARNING: Attending this talk may cause (justifiable) fear in the software update mechanism on your devices!
Justin Cappos is a professor in the Computer Science and Engineering department at New York University. His research includes the TUF project (which is hosted by the Linux Foundation / CNCF), which provides a compromise-resilient mechanism for the secure distribution of software. His research advances are adopted into production use by Docker, git, Python, VMware, Cloudflare, Digital Ocean, most Linux distributions, and many automobiles. Due to the practical impact of his work, Cappos was named to Popular Science's Brilliant 10 list in 2013 recognizing him as one of 10 brilliant scientists under 40.
Lay security developer that has learned a lot of mistakes the hard way. David started off building authentication systems, moved on to encrypted cloud storage for a few years, and is now working on the Security Team at Docker, presently focused on securing software distribution.