Name: TUF Love for Your Containers: Preventing Rollback Attacks - Jonny Stoten, Docker
Start: 2024-11-12T15:27:00-0700
End: 2024-11-12T15:40:00-0700

November 12, 2024 | Salt Lake City, Utah
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for SigstoreCon Supply Chain Day 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Standard Time. To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.

The schedule is subject to change.

Tuesday November 12, 2024 3:27pm - 3:40pm MST

Alpine

In the ever-evolving world of containerized applications, securing the software supply chain has never been more critical. The Update Framework (TUF) has emerged as the trusted solution for securing software updates, but integrating its powerful security model into OCI registries has proven elusive—until now.

This talk introduces a new method for embedding TUF metadata directly into OCI registries leveraging the powerful features of registries’ content-addressable storage. You will learn how the approach protects against rollback attacks, simplifies metadata resolution, and enhances overall container image supply chain security.

We will dig into the details of TUF, tag timestamping and in-toto attestations. Whether you’re managing large container ecosystems or securing critical infrastructure, this talk will provide a glimpse into what’s on the horizon for container supply chain security!

Speakers

Jonny Stoten

Docker

Tuesday November 12, 2024 3:27pm - 3:40pm MST
Alpine

Technical Deep-dives or Research

SigstoreCon Supply Chain Day 2024

Jonny Stoten

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!