Thank you Thomas for leading the organization once again! Eager to participate from Alias Robotics on this. We have some work to share with you guys. Can you please add the following Items to the agenda:
2.3 Alias Robotics update about threat modeling for industrial robots.
2.4 Alias Robotics update with ROSIN security analysis for ROS 2 based on our tools.
As @Odei pointed out, in collaboration with Acutronics Robotics, we have been extending the threat model developed by Amazon Robotics to include an industrial robotic Arm. In this, case, the MARA modular robot arm. We have submitted the PR to ROS 2 design. Feedback is very much appreciated!
If there is some time left today Iād like to ask whether this group here would be interested to perform such analysis on such a car robot/use case in Autoware?
The difference between your threat model and https://www.aliasrobotics.com/research/rsf.htm is in that the latter are guidelines on how to make a secure robot and the threat model checks whether implementation of the guidelines is correct (that is there is not attack surface exposed)
You try hard to focus on ROS 2 framework only (as oppose to e.g. RTOS)
Is that correct?
Otherwise we in Autoware currently do not have anyone that has security background, so we were looking for someone that could help us get started. But I guess we can try on our own first and ask for help here if needed.
For 4. weād be open to add pointers to URLs about how to secure RTOS but we just donāt want the doc to become a guide to secure RTOS as this is out of the scope of the doc. You can see, for instance, what we wrote around NTP attacks. We point to āgood practicesā but they are not directly described in the doc.
Apologies I couldnāt participate yesterday @Thomas_Moulard and the rest of the group . Terribly overloaded these last few weeks trying to fix some internal matters. Iāve noted down in my calendar the next meeting and Iāll put together some slides to kick off the next meeting with our contributions so far while discussing in a bit more detail our disclosure with MARA.