The Update Framework (TUF) Security Assessment
NCC Group consultants Mason Hemmel and Jeff Dileo recently completed a one-week audit of the Kolide TUF client. The audit took place between August 28, 2017 and September 1, 2017.
TUF, an acronym for The Update Framework, is a set-and-forget library for securing software updates. It combines a preponderance of current academic work on the subject into one specification which can be applied to any update use case.
Kolide’s implementation of the framework leverages Docker Notary as a trusted update store from which it can update instances of osquery.These three projects are intended to be used in tandem to form a self-updating system for OS-level monitoring and analytics.
For further reading, see our revelant public reports on osquery and Docker Notary.