Summary from the ROSCon cross-compilation Meetup:

Current issues faced by users cross compiling ROS 2:

• lack of Python or third party library support in the instructions currently hosted on the ros2-for-arm organization.

• lack of instructions + sysroot for Android compilation makes it hard to compile high level packages and demos

Suggestions:

• Provide a single place for aggregating cross-compilation instructions

• Community members can modify the content to add instructions for their platform/architecture.

• Community members will also be in charge of testing / updating the instructions they provided if necessary.

• Possible location: a page on the ros2 wiki with section for each platform/architecture.

• Leveraging existing toolchains and infrastructure (@esteve suggested polly) could reduce maintenance effort and provide better experience for users.

• contributors can elect to provide a sysroot to allow installing and linking against target libraries more easily.

I unfortunately don’t have the full list of attendees, @nuclearsandwich @wjwwood @filipe.rinaldi @pokitoz @lmayencourt feel free to add missing information or @ attending participants I didn’t tag above.

ROSCon Security Meetup | Meeting Minutes

September 30th, 2018

Attendees:

• UCSD
  • Ruffin @ruffsl
• OSRF
  • Mikael @marguedas
  • Steven! @nuclearsandwich
• RTI
  • Gerardo @GerardoPardo
  • Fernando
• Alias Robotics
  • Gorka
  • David
  • Endika @EndikaGu
• ARM
  • Louis
  • Matt
  • Filipe

Topics

• Trusted Execution Environment (TEE)
  • Context
    • Enable sealing of secrets such as private key to protect PKI identity
    • Protecting run time session keys from other processes on the same host
  • Proposed
    • API for writing DDS-Security plugins leveraging ARM’s TrustZone
    • Performance overhead impacts of bifurcated trusted computation yet to be characterized

• Securing parameters in ROS2
  • Context
    • Remote parameters access is conducted via service interlaces
    • Current mapping between ROS2 to DDS only facilitates node-level access control
    • However all or none read/write access to a node’s local parameters is too granular
    • I.e. individual parameters access permission can not be precisely enforced
  • Proposed
    • Securing individual parameters on a node by enforcing DDS key permissions
    • Leverage the upcoming (DDS Security v1.2) ability of specifying keys in DDS permission plugin
    • This will require ROS 2 to used keyed messages for parameters interfaces
• Granular segmentation of ROS2 netwroks
  • Context
    • DDS domains IDs are used control discovery/crosswalk between DDS systems
    • Possible domain IDs are derived from a finite range of integers
    • Domain collisions may be unavoidable in public or populated LANs
  • Proposed
    • Next revision of the RTPS specification will introduce domain tags (arbitrary string)
    • Enabling isolation between ROS2 systems using the same DDS domain ID
• Expected behavior with locally insufficient permissions
  • Context
    • DDS implementations preform sanity checks when creating data readers/writers
    • Creation of reader/writer will fail if local permission are insufficient
    • Is it expected that failing to create services when permissions are insufficient should crash a node?
  • Proposed
    • RMW bubbles up warning
      • ROS2 node process continues along
      • Pro: Downstream users may restrict a third-party node’s access to remaining system without modifying released nodes
      • Con: Indeterminate program behavior for nodes that do not actually connect with interfaces requested
    • RMW bubbles up error
      • ROS2 node may crash due to insufficient permissions
      • Pro: clearer defined behavior for downstream users
      • Pro: burden of permission handling is on informed upstream developer
      • Con: Extra profiling of necessary permission is required to prevent node from crashing at runtime, e.g from dynamic topic name creation
  • Conclusion
    • Yes, downstream users cannot block node interfaces without coordinating with the upstream node, such as through constructor arguments enabling or disabling functionality

Awesome summary, I wish I could have been there. I was looking around at ROSCon but was never able to find you. I’m an engineer at Amazon and we’re also doing some work on security-related items for ROS2. I’d really like to get your input and find out what other folks are working on.

I’ve organized an ROS2 Security Online Meetup on Monday Oct 15th @ 17:00 PDT. Please feel free to join and give your input.

I started a new discussion thread about cross-compilation here: