Announcing SROS! Security enhancements for ROS

General
1

Hello everyone,

I’m happy to announce a set of proposed enhancements to Secure ROS, duly named SROS [1].

You may remember me from last year, myself being that one Docker enthusiast that wished to make ROS more repeatable, reproducible, and deployable using linux containers [2]. Following my ambition to help make existing ROS code even more reusable and relevant in the greater robotics community, I’ve again worked with OSRF this summer to help found the beginning of SROS.

Obligatory Disclaimer:
SROS is currently highly experimental and under heavy development
At time of writing, this effort is highly experimental and must not be considered production-grade. Rather, it is currently an exploration of various strategies for mitigating some of the most obvious ways that ROS systems would be compromised by “bad actors” of various sorts

SROS is intended to secure ROS across three main fronts:

  • Transport Encryption
    Verify the identity of nodes, the integrity of the traffic, and the privacy of the connection.
    • Native TLS support for all socket level communication
    • X.509 PKI certificates for chains of trust, authenticity and integrity
    • Keyserver for key pair generation and certificate customisation
  • Access Control
    Restrict a node’s scope of access within the ROS graph to only what is necessary.
    • Definable namespace globbing for node restrictions and actions
    • Audit graph network through security logs and events
    • User constructed and/or auto trained access control policies
  • Process Profiles
    Restrict a node’s scope of access within the host machine to only what is necessary.
    • Harden node processes on using Linux Security Modules in kernel
    • Quarantine a node’s file, device, signal, and networking access
    • Reusable AppArmor profile component library for ROS

Now that we have a working prototype, we’d like to formalize a REP for SROS to standardize some of the finer details [3]. If you happen to have an expertise in cybersecurity or an interest in securing ROS, you are welcome to review and contribute to the developing REP.

And as another plug for ROSCon 2016 [4], I’ll also be giving a talk on this subject:

{,S}ROS.png960×540 40.3 KB

​{,S}ROS: Securing ROS over the wire, in the graph, and through the kernel
So if you’d like to meet up and talk about securing ROS for robotic systems out in the wild, I’ll see you there.

Special thanks to OSRF for making this possible,
Ruffin White

[1] SROS - ROS Wiki
[2] ROSCon 2015 Hamburg: Day 1 - Ruffin White: ROS + Docker on Vimeo
[3] REP: 148 | SROS Draft by ruffsl · Pull Request #121 · ros-infrastructure/rep · GitHub
[4] ROSCon 2016
[5] SROS/Installation/Docker - ROS Wiki

P.S. If you’d like to play with SROS right away, be sure to try out the SROS docker image available from OSRF [5]:

$ docker run --rm -it \
    osrf/sros \
    bash -c "source /ros_entrypoint.sh && \
        sroskeyserver & \
        sleep 3 && \
        sroslaunch rospy_tutorials talker_listener.launch"
1 Like
2

#Update
I’d just like to mention for posterity that the recording and slides for the ROSCon talk mentioned are online:

3

Update

Additionally, if you would like to cite this work, or read a concise summary of SROS so far, feel free to check out our brief paper from the SROS session during the Towards Humanoid Robots OS workshop at Humanoids 16.

R. White, M. Quigley, and H. Christensen, “SROS: Securing ROS over thewire, in the graph, and through the kernel,” in Humanoids Workshop: Towards Humanoid Robots OS. Cancun, Mexico, 2016.

@inproceedings{white16humanoids,
  title={{SROS}: Securing {ROS} over the wire, in the graph, and through the kernel},
  author = {White, Ruffin and Quigley, Morgan and Christensen, Henrik},
  booktitle={Humanoids Workshop: Towards Humanoid Robots {OS}},
  year={2016},
  organization={Cancun, Mexico},}