I work with @coleray who has been organizing these meetings in the past. First of all, we’d like to apologize for not organizing this for some time now. I am setting up next WG meeting on 2/13 between 2 - 3 PM PST. We can use first few minutes of the meeting to walk through security tooling we released as part of Crystal, do a quick demo and we can open it up for anything else we want to discuss. As always, We’re happy to take suggestions on an agenda. Please let me know if there’s something you would like to discuss.
You have been invited to an online meeting, powered by Amazon Chime.
Thanks everyone who made time to attend this. Here is the link to the recording of the meeting.
Summary:
Discussed security tooling discussed as part of ROS2-C: Demo
Discussion around how this can be used for a fleet of robots. This out of the box is intended towards making local dev easier. There is still work needed for fleet management and key/cert distribution across fleet of robots.
High level discussion about current state of the threat model Amazon is putting together. We discussed out current approach based on STRIDE (https://en.wikipedia.org/wiki/STRIDE_(security)). Feedback was mainly around using different hardware platforms to include platform specific threats. We’re hoping to make this available to the community in 2-3 weeks of timeline (publish on discourse and/or ROS2 design page). Idea is to keep this as a live document where community members can collaborate on including variety of hardware platforms, threats that are not captured and discuss potential mitigations for those threats. We will setup another Security WG meeting in 2-3 weeks timeline to review final version of threat model document.