Docker,
the open platform for distributed applications, today announced the
availability of Docker
Content Trust, a new capability that uses digital signatures to
ensure the integrity of Dockerized content. Available as part of Docker
platform release 1.8, this feature allows Docker users to operate
exclusively on signed content when building or deploying Dockerized
applications. Based on Notary
and the The
Update Framework (TUF), a secure general design for the problem of
software distribution and updates, Docker Content Trust delivers the
highest level of security without compromising usability.
“As organizations evolve from a monolithic software architecture to
distributed applications, the secure distribution of software becomes
increasingly difficult to solve,” said Diogo Mónica, Security Lead for
Docker. “Without a standard method for validating the integrity of
content, Docker has the unique opportunity to leapfrog the status quo
and build a system that meets the strongest standard for software
distribution. With Docker Content Trust, users have a solution that
works across any infrastructure, offering security guarantees that were
not previously available to them.”
Docker Content Trust is implemented to work within a user’s existing
workflow without requiring users to learn a new set of commands or to be
trained on a deep set of security principles. When enabled, Docker
Content Trust ensures that all operations using a remote registry
enforce the signing and verification of images. In particular, Docker’s
central commands `push`, `pull`, `build`, `create` and `run` will only
operate on images that either have content signatures or explicit
content hashes. The result is that IT operations teams have the
assurance that only signed content is being used in their production
infrastructure. Leveraging this implementation of content trust, Docker
will be signing the Docker Hub Official
Repos, providing users with a trusted set of base images they can
use to build distributed applications.
The Power of Leveraging The Update Framework (TUF), the Strongest
Security Standard for Content Trust
The
Update Framework (TUF) is a standard for software delivery that
provides the strongest guarantees for secure content distribution. At
the heart of this model are a set of different cryptographic keys that
are used for signing and verification of content. TUF was built to allow
the resistance against a variety of different classes of attacks. By
leveraging TUF, Docker Content Trust inherits a flexible way to provide
high levels of security when building and distributing Docker images.
Docker Content Trust has two distinct keys, an Offline (root) key and a
Tagging (per-repository) key that are generated and stored client-side
the first time a publisher pushes an image. Each repository has its own
unique tagging key, which allows the holder to digitally sign Docker
images for a particular repository. The tagging key is used any time new
content is added or removed from the repository. Because the tagging key
is online, it is vulnerable to being compromised. With Docker Content
Trust, the publisher will be able to securely rotate compromised keys by
using the offline key, which should be securely stored offline.
Docker Content Trust also generates a Timestamp key that provides
protection against replay attacks, which would allow a malicious actor
to serve signed but expired content. Docker manages the Timestamp key
for you, reducing the hassle of having to constantly refresh the content
client-side.
Built on Notary to Ensure Interoperability with Any Registry
Docker Content Trust is enabled through an integration of Notary
into Docker Engine. Designed to be platform agnostic, Notary is an open
source project developed by Docker to serve as “infrastructure plumbing”
for secure and trusted content distribution. An enterprise with its own
private registry or third-party solutions can integrate with Notary to
have its repositories integrate with Docker Content Trust.
Availability
Docker Content Trust is available immediately as part of Docker Platform
1.8. For more information on how to use Docker
Content Trust.