We had a great second meeting for the folks in other time zones. In attendance were people from Amazon, RTI, Alias Robotics, UCSD, and Acutronic Robotics. Unfortunately I completely forgot to record the meeting so the only artifact is the summary below.
I'm tentatively going to schedule the next meeting for October 30th @ 08:00 AM PDT. Please let me know in the next couple of days if this is not a convenient time, otherwise I will post here with the meeting details.
# Summary
- Alias
- Current in assessment phase for ROS2
- General check for vulnerabilities
- Interest in collaborating on threat model
- RTI
- Not working specifically on security for ROS2
- Should parts of DDS need augmentation, happy to collaborate on them
- Threat model
- Collaborate via a wiki on SROS2 repo
- Want to start with a less complex, publicly available system to model as an example
- Could use the Turtlebot3
- Victor @ Acutronic offered to use https://acutronicrobotics.com/modularity/mara/ as a possible alternative
- Should security be exclusive with performance?
- Need to balance security and performance
- May want to have subset of nodes secure
- May only sign or could be sensitive data
- Publicly known data not very sensitive
- High performance, high through put topics may not tolerate problem
- Does the sensitivity of the data merit the performance hit (tf or odometry)
- Someone could reconstruct sensitive information from non-sensitive data
- Reconstruct context based on partial information
- Default should be total security
- Model how does partial disclosure affect the system
- There is a paper in the SROS2 tutorial about security, latency, throughput
- Realtime systems
- Security on realtime systems could impact the realtime aspects
- Various security related functions that will need to happen
- Handshake could cause some non-deterministic elements which would be detrimental to realtime
- Are there other non-deterministic security related functions that could affect realtime systems?
- How do we deal with security failures?
- Extend lifecycle state related to safety of the component
- Allow system to recover by fixing the issue
- Could have mediator that fixes the issue
- This could have problems if nodes begin requesting permissions not needed before
- Nodes/messages could be marked as critical and cause an error if those messages are not able to be processed due to permission errors
- Would require the CA to live close to the system
- Have specific error modes when permission
- SROS2 tutorial has a walkthrough on securing Turtlebot3
- Compilation has problems since there's not a 32-bit build of ROS2
- Use QEMU to cross-compile
- Problems getting the XRCE agent with security enabled, could not communicate with the XRCE node
- Ended up with insecure XRCE nodes and using the RTI router to connect it to the rest of the secure graph
- Need agent to be able to relay the XRCE traffic under it's own GUID potentially?
Thanks for everyone for attending!
---
[Visit Topic](
https://discourse.ros.org/t/ros2-security-working-group-online-meeting/6393/20) or reply to this email to respond.
If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
ros-users@lists.ros.org
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <
http://lists.ros.org/mailman//options/ros-users>
(text/plain)