The New Old: Supply Chain Security

(with Sigstore and Kubernetes this time)

delet0r

2023-08-06

Intro

My name is delet0r
Working in IT-Security by day
Working on the Prototype Fund Project
SiC (Signed Containers) by night

Agenda

Packaging as Complexity Reduction
An Approach to Trust
Sigstore
Conclusion

1. Packaging as Complexity Reduction

A short and very simplified history tale
of tackling complexity by packaging and
distributing software (aka Supply Chains)

The Software Crisis

Figure: This is fine [1] — **Figure**: This is fine [1]

The Software Crisis

Term coined in 1968 at the NATO Software Engineering Conference
Referenced by Edsger Dijkstra in his Book The Humble Programmer
Describes the problems arising with the increasing complexity of programs

Tackling Complexity

Packaging programs is one way to reduce complexity
Hiding intricacies of a piece of software
- Build system
- Transitive dependencies
Put burden on the developer/distributor

The Escalation Evolution of Packaging

Distribution: Package Management
Deployment: Containerization
Operation: Cloud/Container Orchestration

The Evolution of Packaging

Distribution: Package Management
Deployment: Containerization
OperationCloud/Container: Orchestration

The Evolution of Packaging

Distribution: Package Management
Deployment: Containerization
Operation: Cloud/Container Orchestration

The Evolution of Packaging

Distribution: Package Management
Deployment: Containerization
Operation: Cloud/Container Orchestration

Shortcomings

Modern iterations of packaging miss important features of good
package management:
1. Integrity
2. Authenticity

So ok, now everbody is able to package up whole infrastructures and put them into the world
But we have no widespread method to check if what we receive is hasn’t been changed or if it’s even from the developer/distributor
Now we start to realize, that this is a problem and develop ad-hoc fixes for this
We could go with what package manager do and what they implemented a long time ago
Maintainers were trusted to properly handle packaging, updates, and distribution
PKIs were used sign the distributed packages proving that they are integer and authentic
Unfortunately due to the increase in copmplexity we can’t just use this approach
This is mainly due to the reason that this system was developed for a few instances were we trust the developers
This doesnt scale in a world were everybody can run a registry

Where are we?

Lower complexity bought with increased complexity somewhere else
Any package has potential hidden tail of dependencies
No practical way of ensuring their authenticity or integrity
(most of the time)
No conscious entity (like a team maintaining a Distro)we can
trust that does this for us

Agenda

~~Packaging as Complexity Reduction~~
An approach to Trust
Sigstore
Conclusion

2. An Approach to Trust

What is Trust?

Defining trust, especially in context of IT, is challenging
Becomes mushy when mixing technology with human interaction
Trust is the belief in the integrity of a person or a group

Proof is Not Trust

When setting up a system there are different things can be
done to ensure its security:
- Cryptography
- Formal proofs
This is not trust but rather logical proofs

Suspension of Disbelief

In every system there is a point were we can’t technically
prove properties anymore
For that we need Suspension of Disbelief … or Trust

Taking from literary theory: Suspension of Disbelief the willing acceptance of the impossibility in reality
In every system there is a point were we can’t technically prove properties anymore
Either because we just can’t, since it’s not something we can verify, e.g. :
- the adherence to processes (or the appliance of them)
- people not making mistakes (what happens if the crypto implementation is faulty)
- people acting without malicious intend
Or because actually verifying the correctness would just be too expensive
Here trust in the people and procedures is needed as basis for the security system
So what we mean here ist the acceptance of unproovablity
So with this out of the way we can now talk about two different ways that try to enable you to ensure the intgerity and authenticity of packages

Different ways of balancing Trust and Proofs

a. Content Moderation (Trust first)
b. Signatures (Proof first)

a. Content Moderation

Trust first approach
System were a set of people or an institution is trusted
with moderation
Trust in the decisions of the people/institution necessary

a. Docker Hub Trusted Content

Docker Hub Trusted Content
Released on May 27th 2021
Uses different flags on images
Flags indicate different reasons why docker deems
them trustworthy

a. Docker Hub Trusted Content in Real Life

Figure: Docker Hub Flag Screenshot — **Figure**: Docker Hub Flag Screenshot

a. Docker Hub Trusted Content in Real Life

b. Signatures

Proof first approach
Signing packages to proof the integrity and authenticity
of an package
Trust has to be put in the handling of keys and implementation
of processes

b. Signature

Wasn’t initially possible with Docker Images
Changed with Docker Image Format 1.10
Current examples:
- Docker Trust System
- Sigstore

Agenda

~~Packaging as Complexity Reduction~~
~~An Approach to Trust~~
Sigstore
Conclusion

3. Sigstore

Sigstore

Collection of tools, standards and processes
Ensures integrity and authenticity of artifacts independent of registry
Purpose build for use with Containers and Container Orchestration
Uses short lived certificates and certificate transparency

Sigstore is a Linux Foundation project
Purpose build around ensuring integrity and authenticity in context of container and container orchestration systems
- Interacts with OCI compliant registries
- provides tools for integration into container orchestration like Kubernetes and Open Shift
Uses short lived certificates and certificate transparency to reduce necessary trust
For the uninitiated:
short lived certifcates:
- usually 10 min valid
- as defense against possible key compromise
- as a workaround to problems inherent to key revocation
certificate transparency is the process of writing all created certificates into an append-only log that is publically monitored
that way even if compromise arises it can be detected
There they can be monitored for integrity, thereby allowing to detect compromised certificates
We chose Sigstore specifically due to these features and the way it appraches trust

How Sigstore Handles Trust?

Uses different technologies to reduce necessary trust
through it’s components
Infrastructure consists of:
- Trust Root
- Fulcio (+ additional certificate transparency log)
- Rekor
- (Cosign, CLI for signing and verifying)

Sigstores Infrastructure Overview

Sigstore Infrastructure Components

Sigstore TUF

Sigstore Fulcio

Sigstore Rekor

Sigstore Signing Process

Sigstore Publishing Process

Sigstore Verification Process

Integrating Sigstore into Kubernetes

Two ways of integrating Sigstore:
- a. Via the Container Runtime Cri-O
- b. Via an Admission Controller

a. Cri-O Integration

Integration via Cri-O container runtime
Alternative OCI (Open Container Initiative)-compatible runtime
Uses containers/image libraries

a. Policies

containers/image allows to define requirements for downloading images
Configured via policy.json file on orchestrator node
Can require:
- Scope
- Signatures and their formats

a. Cri-O Configuration

Example configuration for requiring Sigstore signing [3]:

b. Admission Controller Integration

Define custom plugins that intercept calls to the Kubernetes API
and either validates or modifies them (since Kubernetes 1.25)
Sigstore project provides a policy controller to
define requirements on the download of container images
Is still under development

b. Admission Controller Configuration

Introduces the ClusterImagePolicy object to define polices
Policies are defined on a per namespace basis
Enabled by adding label policy.sigstore.dev/include=true to a namespace

b. Configuring a ClusterImagePolicy

Example ClusterImagePolicy [4]:

This is an example ClusterImapePolicy confiugration
First we have glob that defines the images this policy applies to
There can be multiple policies applied to an image
if that is the case each policy has to have at least one passing authority
with authorities we can define the signature properties the image has to adhere to
in our example we define the following:
- the image has to have a keyless signature
  - the other two supported types are static and self-managed-keys
- Certificates are to be checked against the given Fulcio instance which should have CA matching the given public key
- The identities used to sign the image are either by a OIDC token of the specified email
- or a github workflow oidc token that matches a repository glob
There are a lot more thing we can specify but most of them allow to use self-hosted sigstore infrastructure or specifics of the other authorities

Agenda

~~Packaging as Complexity Reduction~~
~~An Approach to Trust~~
~~Sigstore~~
Conclusion

4. Conclusion

Conclusion

Provides system that ensures authenticity and integrity
Registry independent
Works as independent third party
Makes Package the Management approach scalable

Caveats

Solves a very specific problem
Good security practices and transparent processes have to follow
Introduces complexity as well
In the end a corner stone to build upon

Thank you :)

Contact me!
- Mastodon: https://chaos.social/@delet0r
- Threema-ID: FW4PW5C8
- Matrix: @delet0r:catgirl.cloud

External Images & Examples

[1]

Y. F. K. Green, This is fine. 2013. Accessed: Jul. 31, 2023. Available: https://gunshowcomic.com/648

[2]

Sigstore, Overview architecture diagram. 2023. Accessed: Jul. 23, 2023. [Online; Apache-2.0]. Available: https://www.sigstore.dev/img/alt_landscapelayout_overview.svg

[3]

Containers, “Policy.json example,” 2023. https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md (accessed Jul. 23, 2023).

[4]

Sigstore, “ClusterImagePolicy example,” 2023. https://docs.sigstore.dev/policy-controller/overview/ (accessed Jul. 23, 2023).

The New Old: Supply Chain Security

Intro

Intro

Agenda

1. Packaging as Complexity Reduction

A short and very simplified history taleof tackling complexity by packaging anddistributing software (aka Supply Chains)

The Software Crisis

The Software Crisis

Tackling Complexity

The Escalation Evolution of Packaging

The Evolution of Packaging

The Evolution of Packaging

The Evolution of Packaging

Shortcomings

Where are we?

Agenda

2. An Approach to Trust

What is Trust?

Proof is Not Trust

Suspension of Disbelief

Different ways of balancing Trust and Proofs

a. Content Moderation

a. Docker Hub Trusted Content

a. Docker Hub Trusted Content in Real Life

a. Docker Hub Trusted Content in Real Life

b. Signatures

b. Signature

Agenda

3. Sigstore

Sigstore

How Sigstore Handles Trust?

Sigstores Infrastructure Overview

Sigstore Infrastructure Components

Sigstore TUF

Sigstore Fulcio

Sigstore Rekor

Sigstore Signing Process

Sigstore Publishing Process

Sigstore Verification Process

Integrating Sigstore into Kubernetes

a. Cri-O Integration

a. Policies

a. Cri-O Configuration

b. Admission Controller Integration

b. Admission Controller Configuration

b. Configuring a ClusterImagePolicy

Agenda

4. Conclusion

Conclusion

Caveats

Thank you :)

External Images & Examples

A short and very simplified history tale
of tackling complexity by packaging and
distributing software (aka Supply Chains)