I’m from arm. I’d like to share our enhancement of ROS2 and DDS security based on arm platforms.
In arm V7/V8 core architecture, we have TrustZone support (please take a look at this link) which can enhance the DDS Security Plugins currently implemented based on OpenSSL.
Through the use of arm TrustZone feature, we can switch the system execution states into:
• a Normal World (rich OS environment is executing here) and
• a physically isolated Secure World (here a trusted OS is running which protects many ROS2 security assets, like root keys through hardware protection).
As shown in below figure, the ROS2 runs in Normal World (Non Trusted) and the security assets are protected in Secure World (Trusted). Since Secure World is physically isolated from Normal World, the Secure World can protect the ROS2/DDS sensitive security assets from leakage to Normal World even if Normal World is hacked.
In contrast, since OpenSSL runs in Normal World which is not considered as trusted, the security assets in OpenSSL might be vulnerable if rich OS or applications are hacked.
With arm TrustZone, ROS2 with DDS security can run on billions of arm devices in an enhanced security environment.
We are very glad to discuss with you in details. Looking forward to hearing from you.