[ros-users] [Discourse.ros.org] [Next Generation ROS] SROS2 - Securing certs and keys

Mikael Arguedas ros.discourse at gmail.com
Thu Aug 10 04:09:51 UTC 2017

@Roser Thanks for your interest in SROS and SROS2.

[quote="Roser, post:5, topic:2400"]
SROS supports AppArmor, why is it dropped from the SROS2 ?

The development of SROS2 has been focused on the communication security rather than the system security so far. I wouldn't say that system-security is "dropped" but rather "not implemented" yet.
As you may know ROS2 targets a wider variety of platforms (non-Linux or non-posix) and applications than ROS1. Currently SROS2 has been geared towards providing secure communication at the lowest level of the ros client library (rcl) to allow users to leverage it regardless of the programming language, platform or implementation of the communication protocol. Currently we test on Ubuntu, MacOS and Windows, in C++ and Python, and with eProsima's FastRTPS and RTI's Connext.

We haven't yet looked into the best way to interface system security tools to the current SROS2 implementation but we definitely want to do it in the future. Given that it is pretty orthogonal to the encryption of the communication it can be addressed separately. While Apparmor is awesome, it is Linux only and thus will target only one of our supported platforms. Ideally SROS2 will provide a way to define the permissions of your application in a platforms-agnostic manner and be extensible to implement generators that will provide "configuration files" or "profiles" according to the tool or platform you want to use. And the tool on Linux can very well be AppArmor.

[Visit Topic](https://discourse.ros.org/t/sros2-securing-certs-and-keys/2400/6) or reply to this email to respond.

More information about the ros-users mailing list