ROS Resources: Documentation | Support | Discussion Forum | Service Status | Q&A answers.ros.org

DDS Security Specification

Has there been any discussion of the DDS Security specification and how to handle it within the RMW – especially with the move to Fast RTPS as the default DDS/RTPS provider?

I know there are plenty of other priorities for ROS2 implementation, but was just curious what the status of this was and if eProsima has any plans to support the security spec? I poked around their repository and did not see anything as of yet but also understand it’s probably a significant investment to implement.

One aside question – is there a well known RTPS implementation for the JVM? I see jRTPS and maybe Kiara by eProsima?

Thanks much for your time!

Hi Steve,

Thanks for the question! And yes! Security of great interest to many of us. We are actively iterating with some ideas for how to integrate ROS 2 with DDS-Security. Everything is very much under construction at the moment, of course, but there are a few “sros2” branches that are getting closer to being a usable prototype.

We have been trying to put all of the security-related stuff in the rcl or lower layers. The goal is that the higher layers (i.e. the vast majority of code) won’t need any changes, since at least in theory, the security features are implemented by the middlewares and shouldn’t clutter up the application code which is only dealing with highly abstracted views of middleware. At the moment, you can set an environment variable called ROS_SECURITY_ROOT before running ROS 2 nodes, to point to a path in your filesystem where it can find the necessary piles of keys and configuration files for DDS-Security to do its thing.

At the moment the prototype only works with RTI Connext Secure, but we are taking pains to implement this in rcl in a way that could (in theory) be applied to any middleware, DDS or not, and certainly any vendor of DDS-Security, since it’s really just passing a path from the filesystem down, and the rmw implementation do whatever it wants, ideally following a simple set of conventions for how to contruct filenames from that path so that, for example, DDS-Security governance and permissions files can be used by more than one vendor.

We are assembling our prototype in the ‘sros2’ repo in the ROS 2 organization:

It includes a vcs repos file to check out of a bunch of sros2 branches. We’re currently working on a few python scripts to make it easier to generate all of the certificates/keys and DDS-Security configuration files, and distribute them using ssh/scp. It’s not polished yet, but I expect it will get there in a week or two.

I’ll let the eProsima folks chime in, if they want to describe their plans for DDS-Security in FastRTPS.

Cheers!

1 Like

Hi Steve,

Good news: :slight_smile:

Yes, we will support the DDS-Security specification. We have been working on that the last months, and we will have a first release in February 2017 supporting the ROS2 Security.

About the Java implementation, yes. You can use KIARA. It is not at the same level of development as Fast RTPS, but we can support you and help you if you have issues.

Regards!

1 Like

Hi,
A alternative setup is to use the USER_QOS_PROFILES to locate the policy files. I would be interested in how your governance/permission files are setup to handle the paramter_event topic being generated (as of alpha 8)?

Thanks
Vince