ROS2 Security Working Group Online Meeting - Feb 13th, 2019 between 2:00 - 3:00 PM PST

Hi Everyone,

I work with @coleray who has been organizing these meetings in the past. First of all, we’d like to apologize for not organizing this for some time now. I am setting up next WG meeting on 2/13 between 2 - 3 PM PST. We can use first few minutes of the meeting to walk through security tooling we released as part of Crystal, do a quick demo and we can open it up for anything else we want to discuss. As always, We’re happy to take suggestions on an agenda. Please let me know if there’s something you would like to discuss.

You have been invited to an online meeting, powered by Amazon Chime.

  1. Click to join the meeting:

https://chime.aws/1287757019

Meeting ID: 1287 75 7019

  1. You can use your computer’s microphone and speakers, however, a headset is recommended. Or, call in using your phone:

United States Toll-Free: +1 855-552-4463
Meeting PIN: 1287 75 7019

One-click Mobile Dial-in (United States (1)): +1 206-462-5569,1287757019#

United States (1): +1 206-462-5569
International: https://chime.aws/dialinnumbers/

  1. To connect from an in-room video system, use one of the following Amazon Chime bridges:

SIP video system: meet.chime.in
or
H.323 system: 52.23.133.56

Meeting PIN: 1287757019#

2 Likes

Thanks everyone who made time to attend this. Here is the link to the recording of the meeting.

Summary:

  • Discussed security tooling discussed as part of ROS2-C: Demo

  • Discussion around how this can be used for a fleet of robots. This out of the box is intended towards making local dev easier. There is still work needed for fleet management and key/cert distribution across fleet of robots.

  • High level discussion about current state of the threat model Amazon is putting together. We discussed out current approach based on STRIDE (https://en.wikipedia.org/wiki/STRIDE_(security)). Feedback was mainly around using different hardware platforms to include platform specific threats. We’re hoping to make this available to the community in 2-3 weeks of timeline (publish on discourse and/or ROS2 design page). Idea is to keep this as a live document where community members can collaborate on including variety of hardware platforms, threats that are not captured and discuss potential mitigations for those threats. We will setup another Security WG meeting in 2-3 weeks timeline to review final version of threat model document.

Cheers,
Rutvik