[ros-users] Announcing SROS! Security enhancements for ROS

Wed Oct 5 00:03:29 UTC 2016

Hi Ruffin,
It’s great to see that you’re working on this.  I’m looking forward to your talk next week.

Matt

From: ros-users [mailto:ros-users-bounces at lists.ros.org] On Behalf Of Ruffin White via ros-users
Sent: Tuesday, October 04, 2016 2:01 PM
To: User discussions <ros-users at lists.ros.org>
Subject: [ros-users] Announcing SROS! Security enhancements for ROS

TL;DR:
Secure ROS (SROS) is a set of proposed enhancements to ROS, enabling secure communications over networks, access control in the computation graph, and policy profile templates for linux security modules.
To read more: http://wiki.ros.org/SROS

Hello everyone,

I'm happy to announce a set of proposed enhancements to Secure ROS, duly named SROS [1].

You may remember me from last year, myself being that one Docker enthusiast that wished to make ROS more repeatable, reproducible, and deployable using linux containers [2]. Following my ambition to help make existing ROS code even more reusable and relevant in the greater robotics community, I've again worked with OSRF this summer to help found the beginning of SROS.

Obligatory Disclaimer:
SROS is currently highly experimental and under heavy development
At time of writing, this effort is highly experimental and must not be considered production-grade. Rather, it is currently an exploration of various strategies for mitigating some of the most obvious ways that ROS systems would be compromised by "bad actors" of various sorts

SROS is intended to secure ROS across three main fronts:
· Transport Encryption
Verify the identity of nodes, the integrity of the traffic, and the privacy of the connection.
o Native TLS support for all socket level communication
o X.509 PKI certificates for chains of trust, authenticity and integrity
o Keyserver for key pair generation and certificate customisation
· Access Control
Restrict a node's scope of access within the ROS graph to only what is necessary.
o Definable namespace globbing for node restrictions and actions
o Audit graph network through security logs and events
o User constructed and/or auto trained access control policies
· Process Profiles
Restrict a node's scope of access within the host machine to only what is necessary.
o Harden node processes on using Linux Security Modules in kernel
o Quarantine a node’s file, device, signal, and networking access
o Reusable AppArmor profile component library for ROS
Now that we have a working prototype, we'd like to formalize a REP for SROS to standardize some of the finer details [3].
If you happen to have an expertise in cybersecurity or an interest in securing ROS, you are welcome to review and contribute to the developing REP.
Visit the cross-post on discourse for discussion [6].

And as another plug for ROSCon 2016 [4], I'll also be giving a talk on this subject:
{,S}ROS: Securing ROS over the wire, in the graph, and through the kernel
So if you'd like to meet up and talk about securing ROS for robotic systems out in the wild, I'll see you there.

Special thanks to OSRF for making this possible,
Ruffin White

[1] http://wiki.ros.org/SROS
[2] https://vimeo.com/142150815
[3] https://github.com/ros-infrastructure/rep/pull/121
[4] http://roscon.ros.org/2016/
[5] http://wiki.ros.org/SROS/Installation/Docker
[6] http://discourse.ros.org/t/announcing-sros-security-enhancements-for-ros/536

P.S. If you'd like to play with SROS right away, be sure to try out the SROS docker image available from OSRF [5]:
$ docker run --rm -it \
    osrf/sros \
    bash -c "source /ros_entrypoint.sh && \
        sroskeyserver & \
        sleep 3 && \
        sroslaunch rospy_tutorials talker_listener.launch"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ros.org/pipermail/ros-users/attachments/20161005/58844f03/attachment.html>