Merge branch 'master' of github.com:secure-systems-lab/ssl-site

JustinCappos · JustinCappos · commit 2e200762dae4 · 2022-06-13T10:44:10.000+08:00
diff --git a/_data/data.yml b/_data/data.yml
@@ -107,7 +107,7 @@ people:
           name: "Sebastien Awwad"
           anchor: sebastien_awwad
           internal: true
-          role: "Developer"
+          role: "Developer, now Security Engineer at Anaconda"
           since: "2015"
           photo: "img/people/sebastien_awwad.jpg"
           interests: "Incentivizing secure code, secure frameworks, computational neuroscience"
@@ -142,7 +142,7 @@ people:
           name: "Trishank Kuppusamy"
           anchor: trishank_kuppusamy
           internal: true
-          role:  "Ph.D. 2017, now Staff Security Engineer at DataDog"
+          role:  "Ph.D. 2017, now Engineering Manager at DataDog"
           since: "2011"
           photo: "img/people/trishank_kuppusamy.jpg"
           site: "https://github.com/trishankkarthik"
@@ -203,7 +203,7 @@ people:
           name: "Yiwen Li"
           anchor: yiwen_li
           internal: true
-          role: "Ph.D. 2021 (co-advised by Brendan Dolan-Gavitt), now a Cloud Networking Solution Engineer at Intel"
+          role: "Ph.D. 2021 (co-advised by Brendan Dolan-Gavitt), now a Software Platform Architect at Intel"
           since: "2013"
           photo: "img/people/yiwen_li.jpg"
           interests: "Operating system security, virtualization, network security"
@@ -271,7 +271,7 @@ people:
           role: "Research Associate/Technical Writer"
           since: "2015"
           photo: "img/people/lois_delong.jpg"
-          interests: "Experimental design involving human subjects; links between natural languages and programming languages"
+          interests: "Experimental design involving human subjects; links between natural and programming languages; preparation and dissemination of technical standards"
           publications:
                 - name: "Behaviour and Information Security"
                   link: "/papers/yeh_atoms_eeg_b_it_2021.pdf"
@@ -782,7 +782,7 @@ projects:
     program, in which Uptane is a key component of the security package.
     <a href=\"https://uptane.github.io/\">Our website</a> contains high level
     information about the project, including the
-    <a href=\"https://uptane.github.io/papers/uptane-standard.1.2.0.html\">Uptane Standard for Design and Implementation v.1.1.0</a>
+    <a href=\"https://uptane.github.io/papers/uptane-standard.2.0.0.html\">Uptane Standard for Design and Implementation v.2.0.0</a>
     and
     <a href=\"https://uptane.github.io/papers/uptane-deployment-best-practices-1.1.0.html\">Uptane Deployment Best Practices</a>.
     We invite all
@@ -817,7 +817,7 @@ projects:
         site: "https://in-toto.io"
         description: "Do you know who has handled your software prior to its installation on your machine? Even if developers are careful to secure each step in their products' supply chain, there is little assurance about what happens in-between these steps. The in-toto system holistically enforces the integrity of a software supply chain by gathering and signing information about each step in the process. As such, in-toto provides accountability about how software is written, packaged and distributed...and by who."
         products: "The in-toto software has already been integrated into several open
-    source projects. In 2019, Datadog announced the use of <a href=\"https://www.datadoghq.com/blog/engineering/secure-publication-of-datadog-agent-integrations-with-tuf-and-in-toto/\">TUF and in-toto</a> on their agents integration downloader. In November 23 of 2020, the framework released<a href=\"https://techxplore.com/news/2020-12-free-tool-layer-software-chain.html/\">Version 1.0.0</a>. Also, a <a href=\"https://salsa.debian.org/reproducible-builds/debian-rebuilder-setup\">constellation of rebuilders</a> are generating in-toto metadata so you can check your Debian packages were built reproducibly when using <a href=\"https://github.com/in-toto/apt-transport-in-toto\">apt</a>. We welcome you to download the in-toto instructions, which includes a <a href=\"https://github.com/in-toto/demo/\">demo version</a> of our software, or to clone our <a href=\"https://github.com/in-toto/in-toto/\">repository</a> and follow the directions to integrate in-toto into your software project!"
+    source projects. In 2019, Datadog announced the use of <a href=\"https://www.datadoghq.com/blog/engineering/secure-publication-of-datadog-agent-integrations-with-tuf-and-in-toto/\">TUF and in-toto</a> on their agents integration downloader. In November 23 of 2020, the framework released <a href=\"https://techxplore.com/news/2020-12-free-tool-layer-software-chain.html/\">Version 1.0.0</a>, and on March 10, CNCF <a href=\"https://www.cncf.io/blog/2022/03/10/supply-chain-security-project-in-toto-moves-to-the-cncf-incubator/\">announced</a> the project had graduated to the incubator. Also, a <a href=\"https://salsa.debian.org/reproducible-builds/debian-rebuilder-setup\">constellation</a> <a href=\"https://r-b.engineering.nyu.edu/\">of</a> <a href=\"https://reproducible.seal.purdue.wtf/\">rebuilders</a> are generating in-toto metadata so you can check your Debian packages were built reproducibly when using <a href=\"https://github.com/in-toto/apt-transport-in-toto\">apt</a>. We welcome you to download the in-toto instructions, which includes a <a href=\"https://github.com/in-toto/demo/\">demo version</a> of our software, or to clone our <a href=\"https://github.com/in-toto/in-toto/\">repository</a> and follow the directions to integrate in-toto into your software project!"
         people:
             - *santiago_torres
             - *lukas_puhringer
diff --git a/_posts/2022-03-28-intoto-incubator.md b/_posts/2022-03-28-intoto-incubator.md
@@ -0,0 +1,25 @@
+---
+layout: article
+title:  in-toto moves to the CNCF Incubator
+subnav: blog
+comments: true
+tagline: "The in-toto project, a supply chain security solution which provides protection by collecting and verifying relevant data at each step of a software product’s lifecycle,  was recently promoted to the incubator of the Cloud Native Computing Foundation."
+author: 'Lois Anne DeLong'
+categories:
+  - '<a href="/projects#in-toto">in-toto</a>'
+
+---
+
+The in-toto project, a supply chain security solution which provides protection by collecting and verifying relevant data at each step of a software product’s lifecycle,  was recently promoted to the incubator of the [Cloud Native Computing Foundation](https://www.cncf.io/).  CNCF, a [Linux Foundation](https://www.linuxfoundation.org/ )-supported program designed to “assist the growth and development of promising new open source technologies applicable to cloud applications,” announced the promotion in a [press release](https://www.cncf.io/blog/2022/03/10/supply-chain-security-project-in-toto-moves-to-the-cncf-incubator/)  issued March 10, 2022.
+
+“Born” in the [Secure Systems Laboratory](https://ssl.engineering.nyu.edu/)  at NYU’s Tandon School of Engineering in 2015, under the guidance of lab director Dr. Justin Cappos, the move to the CNCF “incubator” is an indication of in-toto’s growing maturity. It marks fulfillment of a number of criteria, including adoption by other projects and active participation from multiple organizations. Incubating projects must also adopt the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md)  and achieve and maintain the [Core Infrastructure Initiative Best Practices Badge](https://bestpractices.coreinfrastructure.org/en). 
+
+"I am very excited to see in-toto grow into CNCF incubation. Not only because of what it means for the project, but for all the doors that it opens for new contributors, synergies with other CNCF projects and the ability to tackle new and open questions with regards to supply chain security, in the cloud or otherwise,” states [Dr. Santiago Torres Arias](https://www.cerias.purdue.edu/site/people/faculty/view/3153), an assistant professor at Purdue University and a lead developer on in-toto while completing his doctorate at New York University.  “On a personal level, I can't overstate the uniqueness of in-toto's case, for it is not only an open source project, but one of the few that come from the academic world into the broader public with fresh ideas and a bold proposition to solve the problem at an ecosystem level. I can't wait to see what's to come for in-toto in the coming years."
+
+The CNCF promotion, and the increased visibility in the open source world that comes with it, arrives at a time when the need for reliable software supply chain security has never been greater. Chris Aniszczyk, CNCF chief technical officer, is quoted in a press release from the Foundation acknowledging this point. “We’re excited to have a project offering innovation in the supply chain security space,” he says, adding, “We look forward to seeing collaboration among the community to continue to make the cloud native ecosystem more secure.” Justin Cormack, who served as a CNCF project sponsor, concurs, noting, “in-toto …provides secure and trustworthy ways to represent and attest all the operations within the cloud native pipeline.”
+
+in-toto works as follows: For every piece of software it protects, it provides a layout that defines for each individual step what actions are to be taken and by who. This data is captured in metadata, as are all the artifacts involved. The designated functionary at each step also affixes a cryptographic signature on the metadata. When the end-user receives the finished product, he or she has a complete record of the product’s  journey, and can verify if the software was created according to the designer’s original plans.  If there is any divergence from the original layout, a user can pinpoint where the divergence occurred and who is responsible for it. 
+
+The in-toto development team also includes NYU Tandon alumnus [Dr. Trishank Karthik Kuppusamy](https://www.linkedin.com/in/trishank-karthik-kuppusamy), now Engineering Manager at Datadog; developer Lukas Pühringer, and current Ph.D. candidate [Aditya Sirish A Yelgundhalli](https://engineering.nyu.edu/student/aditya-sirish-yelgundhalli), all from the Secure Systems Laboratory at NYU Tandon; and Hammad Afzali Nanize, Anil Kumar Ammul, Sangat Vaidya, and Professor, and co-director of the Cybersecurity Research Center [Reza Curtmola](https://web.njit.edu/~crix/), all from the New Jersey Institute of Technology. The project has participated in various initiatives that have attracted other contributors, such as Christian Rebischke of Arch Linux and Qijia “Joy” Liu, a student at the University of Pennsylvania, through Google Summer of Code (GSoC), and several undergraduate students—Alan Chung Ma of Purdue University; Yuanrui Chen, Isha Vipul Dave, Kristel Fung, Cindy Kim, and Benjamin Wu, all from NYU—through various research programs at both universities. Finally, due to in-toto’s relevance and impact in the industry, it has received contributions from employees at various companies through their open source contribution teams. Some significant contributors from this group are Mark Lodato, Tom Hennen, and Sergio Felix of Google, and Joshua Lock, Jussi Kukkonen, Martin Vrachev, and Teodora Sechkova of VMWare.
+
+Since its inception, in-toto has been adopted or integrated into a number of major open source software projects, including several within the CNCF and the [Open Source Security Foundation](https://openssf.org/), and in [Grafeas](https://grafeas), [Kubesec](https://kubesec.io/), [rebuilderd](https://rebuilderd.com),  and [Sigstore’s cosign](https://github.com/sigstore/cosign/blob/main/specs/COSIGN_PREDICATE_SPEC.md). It has been implemented in different languages like Python, Golang, Java, and Rust, and is part of crucial security projects, such as [Reproducible Builds](https://reproducible-builds.org/)  and [SLSA](https://www.slsa.dev/). The project has been adopted in production by [Datadog](https://www.datadoghq.com/), which has used it to secure its pipelines since 2019, and [SolarWinds](https://static.sched.com/hosted_files/supplychainsecurityconna21/df/SupplyChainCon-TrevorRosen-Keynote.pdf), who redesigned their build pipelines after the SUNBURST attack came to light.  In its three years under the umbrella of the CNCF, in-toto has attracted more than 132 contributors from 16 plus different organizations.
diff --git a/_posts/2022-03-29-uptane-v2.md b/_posts/2022-03-29-uptane-v2.md
@@ -0,0 +1,31 @@
+---
+
+layout: article
+title: "Uptane V.2.0.0: Open source standard for securing automotive computing units releases new  version"
+subnav: blog
+comments: true
+tagline: "On March 18, the Uptane project, an open community effort to secure and protect software delivered over-the-air to automobiles, announced the release of *Uptane V.2.0.0 Standard for Design and Implementation*"
+author: '<a href="/people#lois_delong">Lois Anne DeLong</a>'
+categories:
+  - '<a href="/projects#uptane">Uptane</a>'
+
+---
+
+On March 18, the [Uptane](https://uptane.github.io/) project, an open community effort to secure and protect software delivered over-the-air to automobiles, announced the release of [*Uptane V.2.0.0 Standard for Design and Implementation*](https://uptane.github.io/papers/uptane-standard.2.0.0.html). This new edition of the Uptane Standard and the companion reference document *Deployment Best Practices* reflect the project’s evolution towards greater adaptability to the needs of legacy systems and the emerging threats of sophisticated and persistent attackers.
+
+In the new Standards volume, the Uptane project mandates a few key added actions — such as improving the process for verifying the authenticity of an image before downloading — while allowing more flexibility in implementations than in previous releases. An example of this latter change was the decision to remove references to the original Uptane-specific time server, instead letting implementers make their own decisions about secure sources of reliable time.
+
+The changes in Uptane V.2.0.0 fall into three categories: design changes, to improve security; language changes, to continue an ongoing commitment to clarity and simplicity; and policy/administrative changes, to bring the Uptane project in line with best practices in Standards development. The administrative changes, which are also intended to help the Uptane project preserve architectural integrity, include the adoption of a formal policy for approving major and minor releases. This new edition of Uptane also reflects the adoption of a style guide to ensure  consistency in spelling, capitalization, and the use of punctuation. 
+
+As is customary in major releases, there are a few clarifications in Uptane V.2.0.0 worth noting. None of these clarifications significantly change the code base of existing Uptane implementations,  so they should not cause compatibility issues. In addition to removing the requirement for use of the Uptane-specific time server and adding a requirement for an enhanced verification process, these Uptane V.2.0.0 changes also include:
+
+- recommending that filenames of images be encoded to prevent a path traversal on the client system.
+- requiring monitoring the download speed of image metadata and image binaries to detect and defend against a slow retrieval attack. 
+- requiring that a vehicle identifier be used when Targets metadata from the Director repository includes no images, to prevent replay attacks.
+
+In terms of language changes, the Uptane Standard now rigorously restricts the use of conformance imperatives — words such as SHALL or MUST that have specific meaning when used in standards — to the cases where they are actually required for interoperation or limiting behavior with the potential for causing harm. Uptane V.2.0.0 also clarifies the functional properties of cryptographic keys, so that signing keys (which must be unique) are not confused with encryption keys (which can be shared-use keys).  Uptane V.2.0.0 also clarifies that all primary ECUs always perform full verification on downloaded software update packages. 
+
+*Uptane Standard for Design and Implementation* is available for download in HTML and PDF formats through the [Uptane website](https://uptane.github.io/). The companion volume, *Uptane Deployment Best Practices* will be available for download from the website in the next few weeks.
+
+
+Uptane was developed by a team of engineers that included Dr. Justin Cappos, associate professor of computer science and engineering at NYU Tandon School of Engineering and director of its  Secure Systems Lab. Dr. Cappos remains an active contributor to the project, serving as a member of the project’s steering committee. The lab also continues to contribute to the project’s development through the work of Ph.D. candidate Marina Moore, and alumni like Dr. Trishank Karthik Kuppusamy, now engineering manager at Datadog. Uptane is  a [Joint Development Foundation](https://www.jointdevelopment.org/) project of the [Linux Foundation](https://www.linuxfoundation.org/). 
