October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe
Wednesday, October 5 • 16:40 - 17:30
Software Update Security: When the Going Gets Tough, Get TUF Going!- Riyaz Faizullabhoy & Lily Guo, Docker

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Installing and updating software presents an interesting slate of security challenges.  The Update Framework (TUF) helps developers secure new or existing software update systems. TUF provides protection against data tampering, rollbacks, and many cases of key compromise. This presentation will discuss both the attacks that TUF protects against and how it actually does so under the hood. Additionally, this presentation will demonstrate the usability aspects of TUF as it is currently implemented in Docker Notary and Docker Content Trust, in particular how simple it is to recover from key compromise and delegate trust to collaborators. 

avatar for Riyaz Faizullabhoy

Riyaz Faizullabhoy

Security Engineer, Docker, Inc
Riyaz is a security engineer at Docker, and previously researched systems security and malware detection at UC Berkeley. At Docker, he is currently focused on Notary: a content signing platform based on The Update Framework. Riyaz has previously spoken at LinuxCon North America, Docker... Read More →

Wednesday October 5, 2016 16:40 - 17:30 CEST