My team at Amazon is planning to release a package that contains a series of functional tests to ensure security is enforced properly in a ROS2 system. These tests target access control and authentication plugins in the DDS layer. To summarize, the Authentication plugin verifies the identity of a user/application that invokes operations on DDS, performs mutual authentication between participants and establish shared secrets, and the Access Control plugin enforces policy decision on what operations on DDS an authenticated participant can perform i.e. which domain it can join, and which topic it can pub/sub.
You can run these tests in your CI/CD. The package comes with a README that will help you set up the package.
If you have any suggestions for making this more useful for you, please let us know.
Thanks in advance!
Deadline for release: 11/16/2018