The Update Framework

A framework for securing software update systems

History and Core Principles

The basic technology behind TUF was developed at the University of Washington in 2009 by Justin Samuel and Justin Cappos, and presented in a paper Samuel and Cappos coauthored with Nick Mathewson and Roger Dingledine, researchers from The Tor Project, Inc. Since 2011, TUF has been based at New York University Tandon School of Engineering, where Cappos is a tenured associate professor of computer science and engineering. There he works with a team of Ph.D. students, including Trishank Karthik Kuppusamy, who graduated in 2017, and developers, including Vladimir Diaz and Sebastien Awwad, to supervise the development of TUF and its adoption and integration by open source non-profits and tech companies.

Though TUF technologies have been customized to meet end-user specifications, four core principles continue to be central to its design.

In 2016, the TUF research group set up a process whereby the community could have input on technical issues. Named the TUF Augmentation Proposal, or TAP, this series of documents also provide information to the TUF community, or describe new feature for TUF or its processes or environment. Through the use of TAPs, as well as input from those who adopted the technology, the evolution of TUF technology can continue as security needs change.