|
| 1 | +# Lab 8 — Submission |
| 2 | + |
| 3 | +## Task 1: Sign + Tamper Demo |
| 4 | + |
| 5 | +### Registry + image push |
| 6 | +- Registry container: `lab8-registry` running on `localhost:5001` |
| 7 | +- Image pushed: `localhost:5001/juice-shop:v20.0.0` |
| 8 | +- Image digest: localhost:5001/juice-shop@sha256:cbdfc00de875926f20ff603fac73c5b68577e37680cf2e0c324adda42ffc1113 |
| 9 | + |
| 10 | +### Signing |
| 11 | +- Output of `cosign sign` (just the success line is fine): |
| 12 | +``` |
| 13 | +Pushing signature to: localhost:5001/juice-shop |
| 14 | +``` |
| 15 | + |
| 16 | +### Verification (PASSED) |
| 17 | +Output of `cosign verify` on original digest: |
| 18 | +```json |
| 19 | +[{"critical":{"identity":{"docker-reference":"localhost:5001/juice-shop@sha256:cbdfc00de875926f20ff603fac73c5b68577e37680cf2e0c324adda42ffc1113"},"image":{"docker-manifest-digest":"sha256:cbdfc00de875926f20ff603fac73c5b68577e37680cf2e0c324adda42ffc1113"},"type":"https://sigstore.dev/cosign/sign/v1"},"optional":{}}] |
| 20 | +``` |
| 21 | + |
| 22 | +### Tamper Demo (FAILED — correctly) |
| 23 | +Output of `cosign verify` on tampered digest: |
| 24 | +``` |
| 25 | +WARNING: Skipping tlog verification is an insecure practice that lacks transparency and auditability verification for the signature. |
| 26 | +Error: no signatures found |
| 27 | +error during command execution: no signatures found |
| 28 | +``` |
| 29 | + |
| 30 | +### Sanity — original still verifies |
| 31 | +``` |
| 32 | +WARNING: Skipping tlog verification is an insecure practice that lacks transparency and auditability verification for the signature. |
| 33 | +
|
| 34 | +Verification for localhost:5001/juice-shop@sha256:cbdfc00de875926f20ff603fac73c5b68577e37680cf2e0c324adda42ffc1113 -- |
| 35 | +The following checks were performed on each of these signatures: |
| 36 | + - The cosign claims were validated |
| 37 | + - Existence of the claims in the transparency log was verified offline |
| 38 | + - The signatures were verified against the specified public key |
| 39 | +``` |
| 40 | + |
| 41 | +### Why digest binding matters (Lecture 8 slide 6) |
| 42 | +Digest binding guarantees that we are signing the exact immutable bits of an image rather than a mutable tag pointer. If Cosign had signed the tag, an attacker could push a malicious image to the same tag (like `v20.0.0`), and naive verification tools would trust the compromised image because the tag name itself would have a valid signature attached to it, leading to a supply-chain compromise. |
| 43 | + |
| 44 | +--- |
| 45 | + |
| 46 | +## Task 2: SBOM + Provenance Attestations |
| 47 | + |
| 48 | +### SBOM attestation |
| 49 | +- Attached: yes (`cosign attest --type cyclonedx` exit 0) |
| 50 | +- Verify-attestation output (first 30 lines of decoded payload): |
| 51 | +```json |
| 52 | +{ |
| 53 | + "_type": "https://in-toto.io/Statement/v0.1", |
| 54 | + "predicateType": "https://cyclonedx.org/bom", |
| 55 | + "subject": [ |
| 56 | + { |
| 57 | + "name": "localhost:5001/juice-shop", |
| 58 | + "digest": { |
| 59 | + "sha256": "cbdfc00de875926f20ff603fac73c5b68577e37680cf2e0c324adda42ffc1113" |
| 60 | + } |
| 61 | + } |
| 62 | + ], |
| 63 | + "predicate": { |
| 64 | + "bomFormat": "CycloneDX", |
| 65 | + "specVersion": "1.6", |
| 66 | + "serialNumber": "urn:uuid:155e81f1-3958-45e0-b615-1a8dbb5df200", |
| 67 | + "version": 1, |
| 68 | + "metadata": { |
| 69 | + "timestamp": "2026-06-28T14:33:00Z", |
| 70 | + "tools": { |
| 71 | + "components": [ |
| 72 | + { |
| 73 | + "type": "application", |
| 74 | + "author": "aquasecurity", |
| 75 | + "name": "trivy", |
| 76 | + "version": "0.50.1" |
| 77 | + } |
| 78 | + ] |
| 79 | + } |
| 80 | + } |
| 81 | + } |
| 82 | +} |
| 83 | +``` |
| 84 | +- Component count matches Lab 4 source: yes |
| 85 | +- diff between Lab 4 SBOM and the extracted-from-attestation SBOM: (empty diff = success) |
| 86 | + |
| 87 | +### Provenance attestation |
| 88 | +- Attached: yes |
| 89 | +- Builder ID in predicate: `https://localhost/lab8-student` |
| 90 | +- buildType in predicate: `https://example.com/lab8/local-build` |
| 91 | + |
| 92 | +### What this gives a Lab 9 verifier (2-3 sentences) |
| 93 | +Having both signatures and attestations allows a Kubernetes admission controller (such as Kyverno) to verify not only who built the image, but also its contents (SBOM). When a new vulnerability (like Log4Shell) emerges, an attested image guarantees that the embedded SBOM is genuine and has not been tampered with. This enables security teams to instantly query running applications for vulnerable components without blindly trusting unverified specifications from third-party vendors. |
| 94 | + |
| 95 | +--- |
| 96 | + |
| 97 | +## Bonus: Blob Signing (Codecov 2021 mitigation) |
| 98 | + |
| 99 | +### Sign + verify |
| 100 | +- Signed: `my-tool.tar.gz` + `my-tool.tar.gz.bundle` |
| 101 | +- Verify-blob success output: |
| 102 | +``` |
| 103 | +WARNING: Skipping tlog verification is an insecure practice that lacks transparency and auditability verification for the blob. |
| 104 | +Verified OK |
| 105 | +``` |
| 106 | + |
| 107 | +### Tamper test failed (correctly) |
| 108 | +``` |
| 109 | +WARNING: Skipping tlog verification is an insecure practice that lacks transparency and auditability verification for the blob. |
| 110 | +Error: failed to verify signature: could not verify message: invalid signature when validating ASN.1 encoded signature |
| 111 | +error during command execution: failed to verify signature: could not verify message: invalid signature when validating ASN.1 encoded signature |
| 112 | +``` |
| 113 | + |
| 114 | +### Codecov 2021 mitigation (2-3 sentences) |
| 115 | +The Codecov compromise occurred because clients were downloading a bash script and executing it directly (`curl | bash`) without any cryptographic integrity checks. If CI pipelines had required downloading both the script and its signature bundle, and then ran `cosign verify-blob` before execution, the hacker-modified script would have instantly failed verification (invalid signature). This would have completely prevented the supply chain attack from impacting hundreds of companies. |
0 commit comments