Sign In

Communications of the ACM

ACM TechNews

How the ­pdate Framework Improves Security of Software ­pdates


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Design principles of The Update Framework.

The Update Framework was created to help organizations update their software securely.

Credit: eWeek

New York University professor Justin Cappos has been developing The Update Framework (TUF) for eight years with the goal of helping organizations securely update their software.

Hackers will always be able to get into parts of the infrastructure, but Cappos says the aim of TUF is even if that happens, it does not compromise the security of the entire system.

One key aspect of TUF is that it can support multiple types of deployment models and environments, without the need to replace existing infrastructure.

Cappos notes there are several basic design principles behind TUF, the first of which is a separation of responsibilities. He says parties that are trusted to do one set of actions are not trusted to do all functions.

In addition, TUF's design integrates a multi-signature trust model, which requires two or more digital keys for trust and authenticity; explicit and implicit trust revocation also are part of its design.

From eWeek
View Full Article

 

Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA


 

No entries found