├── .github └── ISSUE_TEMPLATE │ ├── add_project.md │ └── membership.md ├── README.md ├── meetings ├── 2020_11_24 │ └── README.md ├── 2020_12_15 │ ├── README.md │ ├── ccs2020.pdf │ └── ccs2020_slides.pdf ├── 2021_01_12 │ ├── README.md │ └── SecuringMoveIt2.pdf ├── 2021_01_26 │ ├── README.md │ └── RMFOverview-SecurityWG-Public.pdf ├── 2021_02_09 │ └── README.md ├── 2021_02_23 │ └── README.md ├── 2021_03_09 │ └── README.md ├── 2021_04_13 │ └── README.md ├── 2021_04_27 │ └── README.md ├── 2021_05_11 │ ├── 2021-05-ROS2SecurityWGpresentation.pdf │ ├── 2021-05-ROS2SecurityWGpresentation.pptx │ └── README.md ├── 2021_06_08 │ └── README.md ├── 2021_08_10 │ └── README.md ├── 2021_09_14 │ └── README.md ├── 2021_11_09 │ ├── 2021-011-SwRI-ROS2SecurityWGpresentation.pdf │ └── README.md ├── 2021_12_14 │ └── README.md ├── 2022_01_11 │ └── README.md ├── 2022_02_08 │ └── README.md ├── 2022_03_08 │ ├── NoDL_ Presentation_SWG_Mar08.pdf │ └── README.md ├── 2022_04_12 │ └── README.md ├── 2022_05_17 │ └── README.md ├── 2022_06_14 │ └── README.md ├── 2022_07_12 │ └── README.md ├── 2022_09_13 │ └── README.md ├── 2022_11_08 │ └── README.md ├── 2022_12_13 │ └── README.md ├── 2023_01_10 │ └── README.md ├── 2023_02_14 │ └── README.md ├── 2023_03_14 │ └── README.md ├── 2023_04_11 │ └── README.md ├── 2023_05_09 │ └── README.md ├── 2023_06_13 │ └── README.md ├── 2023_09_12 │ └── README.md ├── 2023_10_10 │ └── README.md └── 2023_11_14 │ └── README.md └── vuln-remediation.md /.github/ISSUE_TEMPLATE/add_project.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Project addition request 3 | about: Request addition of project to ROS 2 Security Working Group 4 | title: 'REQUEST: Add project ' 5 | labels: add-project 6 | assignees: '' 7 | --- 8 | 9 | 13 | 14 | ### Description 15 | - What is this project? (brief description) 16 | - What is the project state? (ie, are there specific plans, a roadmap, timeline, etc.) 17 | - What is your motivation for wanting it under the Security Working Group? 18 | - How do you expect the Security Working Group to contribute to it? 19 | 20 | ### Existing URLs 21 | 26 | 27 | ### Requirements 28 | - [ ] Builds on ROS 2 master with no warnings 29 | - [ ] Has linters enabled 30 | - [ ] `colcon test` runs successfully 31 | - [ ] Test coverage is greater than 50% 32 | 33 | ### Sponsors (if applicable) 34 | - (at)sponsor-1 35 | - (at)sponsor-2 36 | 37 | ### Extra 38 | 39 | 40 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/membership.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Organization Membership Request 3 | about: Request membership in ROS 2 Security Working Group 4 | title: 'REQUEST: New/alter membership' 5 | labels: membership 6 | assignees: '' 7 | --- 8 | 9 | ### Request 10 | - Are you looking to become a member? 11 | - Are you looking to move from one Working Group role to another (e.g. member to reviewer)? 12 | 13 | ### Requirements 14 | - [ ] I have enabled 2FA on my GitHub account (https://github.com/settings/security) 15 | - [ ] I am actively contributing to 1 or more projects under the ROS 2 Security Working Group 16 | 17 | ### Sponsors (if applicable) 18 | - (at)sponsor-1 19 | - (at)sponsor-2 20 | 21 | ### List of contributions to ROS 2 Security Working Group 22 | - PRs reviewed / authored 23 | - Issues triaged 24 | - Other relevant project involvement 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group 2 | The Security Working Group's mission is to advocate for and implement security features within ROS 2. The working group negotiates a balance between the benefits of security and the enablement of technology, striving for a secure-by-default design which can be customized to suit a targeted security profile. 3 | 4 | This document outlines the governance of the ROS 2 Security Working Group. Updates to this document will be handled in the same manner as other project updates governed by the Working Group. 5 | 6 | ## Subprojects 7 | A significant portion of the Security Working Group's mission is achieved by maintaining ROS projects. The following projects are owned by this Working Group: 8 | 9 | * [SROS2 utilities](https://github.com/ros2/sros2) 10 | 11 | ### Adding subprojects 12 | To request that the Security Working Group take on ownership and maintainership of a particular project, create a new issue in this repository using the appropriate issue template. You may be requested to present your proposal at the next Security Working Group meeting. The Working Group will accept the project upon unanimous agreement from Approvers. 13 | 14 | ### Standards for subprojects 15 | Subprojects must meet the following criteria: 16 | * Builds must pass against ROS 2 master 17 | * Test suite must pass 18 | * Test coverage must be greater than 50% 19 | * The ROS 2 standard linter set must be enabled and adhered to 20 | * Builds must have 0 warnings 21 | 22 | ## Governance 23 | The [chair of this Working Group](https://index.ros.org/doc/ros2/Governance/) is appointed by the ROS 2 Technical Steering Committee (TSC). In accordance with the [TSC charter](https://index.ros.org/doc/ros2/_downloads/f48e811f5e1a3760466483bf752f1a9e/ros2-tsc-charter.pdf), the chair is responsible for managing the Working Group. This includes organizing meetings, and ensuring that these guidelines, which are designed exclusively to help the Working Group achieve its mission, remain effective. 24 | 25 | ### Meetings 26 | * The working group typically meets twice a month, at alternating times to accomodate our community's varied timezones 27 | * Meetings are announced and an agenda created on the ROS Discourse using the [wg-security tag](https://discourse.ros.org/tags/wg-security) 28 | * To receive meeting invitations, join [ros-security-working-group-invites](https://groups.google.com/forum/#!forum/ros-security-working-group-invites) 29 | * Meeting notes are kept on the [ROS Wiki](http://wiki.ros.org/ROS2/WorkingGroups/Security) 30 | * Meetings are recorded and available [on YouTube](https://www.youtube.com/playlist?list=PLpUh4ScdBhSMaEekJ8xeAAGmWUgR9S1K_) 31 | * Meetings are open to the public, and anyone is welcome to join 32 | 33 | ### Communication channels 34 | The following venues are public and everyone is welcome to join in working group discussions: 35 | * Track the [wg-security tag on ROS discourse](https://discourse.ros.org/tags/wg-security) 36 | * Chat in the [Security WG Room on Matrix](https://matrix.to/#/!LcRLnAIRWjSCfZmMeD:matrix.org?via=matrix.org) 37 | * Tag the working group on Github using @ros-security-wg 38 | * Email the working group using the [ROS Security Working Group mailing list](https://groups.google.com/forum/#!forum/ros-security) (this list also receives the @ros-security-wg mentions on Github). 39 | 40 | ### Roles 41 | Security Working Group members may act in one or more of the following roles: 42 | * __Member__ 43 | * Attend at least one out of the last three Security Working Group meetings 44 | * Responsible for triaging issues 45 | * __Reviewer__ 46 | * All reviewers are members 47 | * Responsible for reviewing pull requests 48 | * __Approver__ 49 | * All approvers are reviewers 50 | * Responsible for approving and merging pull requests 51 | * Responsible for vetting and accepting new projects into the Working Group 52 | 53 | To become a member or change role, create an issue in this repository using the appropriate issue template. Such applications are accepted upon unanimous agreement from Approvers, and are typically based on the applicant's history with the subprojects of the Working Group. 54 | -------------------------------------------------------------------------------- /meetings/2020_11_24/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 24 Nov 2020 3 | 4 | [Meeting Recording](https://youtu.be/7ZJidRtTqXI) | [Meeting Announcement](https://discourse.ros.org/t/security-wg-meeting/17519) 5 | 6 | 7 | ## Agenda 8 | 9 | - Administrivia: future meeting minutes 10 | - G-turtle goals 11 | - MoveIt2 security use case 12 | - ROS 2 without a file system, [rcl #545](https://github.com/ros2/rcl/issues/545) and [discourse post](https://discourse.ros.org/t/ros-2-without-a-file-system/16942) 13 | - [Galactic Roadmap](https://index.ros.org/doc/ros2/Roadmap/#id2) 14 | - sros2 quality status: any comments? 15 | - ROS2 secure launch and access control 16 | - [RMF](https://osrf.github.io/ros2multirobotbook) as a use case, see the [demo](https://github.com/osrf/rmf_demos) 17 | - Revoking keys 18 | 19 | ## Attendees 20 | [Iker Luengo Gil](https://github.com/IkerLuengo), 21 | [Jacob Hassold](https://github.com/jhdcs), 22 | [Jaime Martin Losa](https://github.com/JaimeMartin), 23 | [Jeremie Deray](https://github.com/artivis), 24 | [Kyle Fazzari](https://github.com/kyrofa), 25 | [Marco Gutierrez](https://github.com/marcoag), 26 | [Mikael Arguedas](https://github.com/mikaelarguedas), 27 | [Ruffin White](https://github.com/ruffsl), 28 | [Sid Faber](https://github.com/sidfaber) 29 | 30 | 31 | ## Administrivia 32 | 33 | Following a brief discussion, it was decided to move new meeting minutes to the [`ros-security/community` Github reposityr](https://github.com/ros-security/community). Existing meeting minutes in the [ROS wiki](http://wiki.ros.org/ROS2/WorkingGroups/Security) will not be ported. 34 | 35 | The [vulnerability remediation procedure PR](https://github.com/ros-security/community/pull/8) is still open for comments. 36 | 37 | 38 | ## G-Turtle goals 39 | 40 | Five open items could become part of our G-Turtle deliverables: 41 | 42 | ### Reference implementation with MoveIt 43 | 44 | Goal would be to demonstrate "Hey, look, here's an example of a real system that's secured." Although the config may be able to stand on its own, it would be more useful as an example. 45 | This example will also be useful for us to find issues with the security implementation on a complex system to test: CPU / network utilization, what to sign, what to encrypt, overall impact to the system. 46 | This also becomes a proving ground for NoDL. 47 | 48 | Use this implementation to configure security levels per topic, following the ones supported by DDS-Security: NONE, SIGN, ENCRYPT. Currently SROS2 is all or nothing, either all topics are encrypted or no security feature is used at all. See [Tracking ticket #130, "Provide some granularity for individual topic protection"](https://github.com/ros2/sros2/issues/130). 49 | 50 | Simulation may be challenging; a simulated implementation may not quite match the real world implementation. However, we should be able to spec the project in stages. Start simple and build upon the demo. 51 | 52 | ### Enable DDS security without a file system 53 | 54 | The scope of this issue is much wider than just security. Success depends upon buy-in from both the micro-ROS community and from Open Robotics. 55 | 56 | The WG agrees to continue to move the discussion forward to flesh out a design, but not to perform any work on the code at this time. 57 | 58 | ### [sros2 quality](https://github.com/ros2/sros2/issues/217) 59 | 60 | Even though a quality upgrade is stalled on dependent package quality levels, we should continue working on improving sros2 quality. The most important work is to improve documentation. 61 | 62 | Currently sros2 users aren't using online resources, and they need more / better documentation. The recommended path forward is to add a full section on security to the ROS 2 tutorials. This should build on the examples of the existing tutorials, and demonstrate how to re-do them with security enabled. 63 | 64 | A discussion also ensued on the current status of [answers.ros.org](https://answers.ros.org/questions/). 65 | 66 | ### Permissions file size 67 | 68 | Mikael has been working on uglifying the permissions files. Work on this continues. 69 | 70 | ### Integration test failures 71 | 72 | Mikael described the current state of [failures in test_security](https://github.com/ros2/system_tests/issues/446). The WG agreed that these tests should be fixed, although no specific action items were identified. 73 | 74 | ### Conclusion 75 | The WG will focus on the following primary items for G-turtle: 76 | 77 | - A reference implementation of security 78 | - Improving sros2 quality through documentation updates 79 | 80 | The WG will also continue working on the following items: 81 | 82 | - Design input for running ROS without a file system 83 | - Reducing permission file size / complexity 84 | - Fixing test failures 85 | 86 | ## Open Discussion 87 | ROS launch status: the initial launch is working but does not include access control. The work is in progress, but stalled pending discussions on [launch_ros PR 180](https://github.com/ros2/launch_ros/pull/180). Some comments are suggesting a plugin solution, which would change future PRs. 88 | 89 | Marco suggested [the Robotics Middleware Framework (RMF)](https://github.com/osrf/rmf_demos) as a reference implementation for ROS security. This should be ready to run with ROS 2; they have already done some work with security as well. 90 | 91 | Marco also asked about revoking keys: there's a need to handle that within RMF should an individual robot in a fleet be physically compromised. Jaime provided [information on CRLs from eProsima](https://fast-dds.docs.eprosima.com/en/latest/fastdds/security/auth_plugin/auth_plugin.html#generating-the-certificate-revocation-list-crl). 92 | 93 | ## References 94 | More information about items that were discussed: 95 | - [Vulnerability remediation procedure PR](https://github.com/ros-security/community/pull/8) 96 | - [sros2 quality](https://github.com/ros2/sros2/issues/217) 97 | - [Failures in test_security](https://github.com/ros2/system_tests/issues/446) 98 | - [Secure launch_ros PR 180](https://github.com/ros2/launch_ros/pull/180) 99 | - [The Robotics Middleware Framework (RMF)](https://github.com/osrf/rmf_demos) 100 | - [RMF: Programming multiple robots with ROS 2](https://osrf.github.io/ros2multirobotbook/) 101 | - [FastDDS and CRLs](https://fast-dds.docs.eprosima.com/en/latest/fastdds/security/auth_plugin/auth_plugin.html#generating-the-certificate-revocation-list-crl) 102 | 103 | ## Open action items 104 | 105 | - 2020/09/22: [Test failures on test_security](https://github.com/ros2/system_tests/issues/446) 106 | - 2020/06/09 (sid): Draft guidance for vendors on how to create a vulnerability disclosure policy. 107 | 108 | Closing the following items as this work is actively in progress: 109 | 110 | - 2020/09/22: Kyle/Mikael to add an issue for uglifying permissions files 111 | - 2020/07/28: Mikael and Ruffin to try and shave size off the perm files and wildcard to optimize, then push upstream. Follow up with a discussion on matrix. See https://github.com/ros-swg/turtlebot3_demo/pull/34#issuecomment-665439493. 112 | - 2020/05/12: Review [Move security related filesystem and env utilities outside rcl · Issue #545 · ros2/rcl](https://github.com/ros2/rcl/issues/545) and comment 113 | -------------------------------------------------------------------------------- /meetings/2020_12_15/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 15 Dec 2020 3 | 4 | [Meeting Recording](https://youtu.be/7dLfG4kbMNE) | [Meeting Announcement](https://discourse.ros.org/t/ros-security-wg-breakout-meeting-invited-talk-on-privaros/17848) 5 | 6 | ## Agenda 7 | 8 | This meeting was an invited talk on _Privaros: A Framework for Privacy-Complaint Delivery Drones._ 9 | 10 | ## Attendees 11 | 12 | **Presenters:** Abhishek Vijeev, Rakesh Beck and Vinod Ganapathy 13 | 14 | Chinmay Gameti, 15 | Daniel Jeswin, 16 | Gianluca Caiazza, 17 | [Jeremie Deray](https://github.com/artivis), 18 | Maninderpal Singh, 19 | [Marco Gutierrez](https://github.com/marcoag), 20 | Prakhar Kumar, 21 | [Roger Strain](https://github.com/roger-strain), 22 | [Ruffin White](https://github.com/ruffsl), 23 | [Sid Faber](https://github.com/sidfaber) 24 | 25 | ## Discussion 26 | 27 | The presenters discussed motivations behind the development of Privaros, which is MAC (Mandatory Access Control) policy enforcement for drones. See the [whitepaper](ccs2020.pdf) and the [presentation slides](ccs2020_slides.pdf). Information from the talk can be found at the [Privaros whitepapter web site](https://www.csa.iisc.ac.in/~vg/papers/ccs2020/). 28 | -------------------------------------------------------------------------------- /meetings/2020_12_15/ccs2020.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ros-security/community/dae90d24d53d3010ddad9e65d68a2bc8e4e35918/meetings/2020_12_15/ccs2020.pdf -------------------------------------------------------------------------------- /meetings/2020_12_15/ccs2020_slides.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ros-security/community/dae90d24d53d3010ddad9e65d68a2bc8e4e35918/meetings/2020_12_15/ccs2020_slides.pdf -------------------------------------------------------------------------------- /meetings/2021_01_12/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 24 Nov 2020 3 | 4 | [Meeting Recording](https://youtu.be/drn4nOHS7BM) | [Meeting Announcement](https://discourse.ros.org/t/moveit-2-demo/18307) 5 | 6 | ## Agenda 7 | 8 | - Approve meeting minutes from last meeting 9 | - MoveIt 2 demo, Henning Kayser, MoveIt 2 Development Lead 10 | 11 | ## Attendees 12 | Gianluca Caiazza, 13 | Hamal Marino, 14 | [Iker Luengo Gil](https://github.com/IkerLuengo), 15 | [Jacob Hassold](https://github.com/jhdcs), 16 | [Jaime Martin Losa](https://github.com/JaimeMartin), 17 | [Jeremie Deray](https://github.com/artivis), 18 | [Kyle Fazzari](https://github.com/kyrofa), 19 | [Marco Gutierrez](https://github.com/marcoag), 20 | Marq Rasmussen, 21 | [Mikael Arguedas](https://github.com/mikaelarguedas), 22 | [Roger Strain](https://github.com/roger-strain), 23 | [Ruffin White](https://github.com/ruffsl), 24 | [Sid Faber](https://github.com/sidfaber), 25 | [Ted Kern](https://github.com/arnatious) 26 | 27 | 28 | ## Administrivia 29 | 30 | Approve the [minutes from the meeting on 15 Dec 2020](https://github.com/ros-security/community/pull/10) 31 | 32 | Next meeting is on January 26, 3 hours earlier, it will be a demo of RMF by Marco. 33 | 34 | 35 | ## MoveIt 2 Demo 36 | 37 | [Slides](SecuringMoveIt2.pdf) | [Web site](https://moveit.ros.org/) | [github](https://github.com/ros-planning/moveit2) 38 | 39 | Discussion outline: 40 | - [00:00](https://youtu.be/drn4nOHS7BM) Intro 41 | - [01:49](https://youtu.be/drn4nOHS7BM?t=109) Features and Interfaces: MoveGroup 42 | - [07:17](https://youtu.be/drn4nOHS7BM?t=437) Features and Interfaces: MoveItCpp API 43 | - [08:12](https://youtu.be/drn4nOHS7BM?t=492) Features and Interfaces: MoveIt Servo 44 | - [08:58](https://youtu.be/drn4nOHS7BM?t=538) MoveGroup use case and ROS vulnerabilities 45 | - [11:15](https://youtu.be/drn4nOHS7BM?t=675) Hardware security 46 | - [13:52](https://youtu.be/drn4nOHS7BM?t=832) What is the motivation for security in MoveIt? 47 | - [19:35](https://youtu.be/drn4nOHS7BM?t=995) An overview of SROS2 and what it enables: encryption for privacy, message integrity checking 48 | - [27:35](https://youtu.be/drn4nOHS7BM?t=1665) How NoDL fits in with security by automatically generating security artifacts 49 | - [32:45](https://youtu.be/drn4nOHS7BM?t=2145) Logging considerations 50 | - [35:40](https://youtu.be/drn4nOHS7BM?t=2140) A use case for using certificates to separate hardware code from consumer code 51 | - [39:33](https://youtu.be/drn4nOHS7BM?t=2373) Getting started simulating MoveIt 2; exploring how to secure a remote rviz instance 52 | - [45:36](https://youtu.be/drn4nOHS7BM?t=2736) Exploring the size of the ros graph generated with the MoveGroup demo 53 | - [51:11](https://youtu.be/drn4nOHS7BM?t=3071) Handling security failures in the proposed rviz use case 54 | 55 | 56 | ## References 57 | 58 | The following links were shared during the presentation: 59 | 60 | - https://github.com/ros-planning/moveit2/blob/main/moveit_ros/moveit_servo/doc/servo_tutorial.md 61 | - https://docs.google.com/presentation/d/1me_0kQZtZw7tZnrSGmVtdYv8eTcAbGjCNhTpgG8uIR4/edit#slide=id.p 62 | - https://github.com/ros-planning/moveit2/tree/main/moveit_demo_nodes 63 | 64 | 65 | --- 66 | 67 | ## Open sros2 quality issues 68 | [sros2 package Quality level status #217](https://github.com/ros2/sros2/issues/217) 69 | 70 | - Version 71 | - 1.ii: at a stable version (e.g. for semver that means version >= 1.0.0) 72 | - Change control 73 | - 2.v: documentation policy for all change requests 74 | - Documentation 75 | - 3.i: documentation for each "feature" 76 | - 3.ii: documentation for each item in the public API 77 | - 3.v: a "quality declaration" document 78 | - Testing 79 | - 4.i: system tests which cover all items in the "feature" documentation 80 | - 4.ii: system, integration, and/or unit tests which cover all of the public API 81 | - 4.iv.a: performance tests 82 | - 4.iv.b: a performance regression policy 83 | - Dependencies 84 | - 5.i: no direct runtime "ROS" dependencies which are not at the same level 85 | - 5.ii: no optional direct runtime "ROS" dependencies which are not 'Level N' 86 | - 5.iii: justification for why each direct runtime "non-ROS" dependency is equivalent to a 'Level N' package in terms of quality 87 | 88 | --- 89 | 90 | ## Open action items 91 | 92 | - 2020/09/22: [Test failures on test_security](https://github.com/ros2/system_tests/issues/446) 93 | - 2020/06/09 (sid): Draft guidance for vendors on how to create a vulnerability disclosure policy. 94 | -------------------------------------------------------------------------------- /meetings/2021_01_12/SecuringMoveIt2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ros-security/community/dae90d24d53d3010ddad9e65d68a2bc8e4e35918/meetings/2021_01_12/SecuringMoveIt2.pdf -------------------------------------------------------------------------------- /meetings/2021_01_26/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 26 Jan 2021 3 | 4 | [Meeting Recording](https://youtu.be/jWBJVDxFPfo) | [Meeting Announcement](https://discourse.ros.org/t/robotics-middleware-framework-rmf-demo/18531) 5 | 6 | ## Agenda 7 | 8 | - Approve [meeting minutes from last meeting](https://github.com/ros-security/community/pull/11) 9 | - MoveIt 2 demo follow-up 10 | - RMF Demo, [Marco Gutierrez](https://github.com/marcoag) 11 | 12 | ## Attendees 13 | Gianluca Caiazza, 14 | [Iker Luengo Gil](https://github.com/IkerLuengo), 15 | [Jacob Hassold](https://github.com/jhdcs), 16 | [Jaime Martin Losa](https://github.com/JaimeMartin), 17 | [Jeremie Deray](https://github.com/artivis), 18 | Kalle Koivisto, 19 | [Marco Gutierrez](https://github.com/marcoag), 20 | [Mikael Arguedas](https://github.com/mikaelarguedas), 21 | Paul Verhoeckx, 22 | [Ramon Wijnands](https://github.com/Rayman) 23 | [Roger Strain](https://github.com/roger-strain), 24 | Rokus Ottervanger, 25 | [Ruffin White](https://github.com/ruffsl), 26 | [Sid Faber](https://github.com/sidfaber), 27 | Tianshi Xiang 28 | 29 | ## Administrivia 30 | 31 | - No comments on meeting minutes 32 | - No additional action items from the MoveIt demo 33 | 34 | 35 | ## RMF Demonstration 36 | 37 | ### Introduction to RMF 38 | - 2:20 Intro - Marco works for OR in Singapore on Robotics Middleware Framework, including releases and exploring security 39 | 40 | - 5:01 (slide 4) - RMF is about multi-robot systems. Challenges include: 41 | - Interoperabilities 42 | - Testing 43 | - Infrastructure 44 | - Security 45 | 46 | - 7:03 (slide 7) - What RMF can do: it interacts with doors and lifts, handle test planning and allocation, fleet traffic, management and workcell interaction 47 | 48 | - 8:07 (slide 11) - The core system takes care of allocation tasks, traffic management, etc. Adapters can connect to different parts of the infrastructure. 49 | 50 | - 9:32 (slide 12) - RMF simplifies / standardizes messages. It is a system of systems synthesizer, allowing different systems to talk in different protocols; plugins translate between protocols. Also provides standard messages. 51 | 52 | - 10:32 (slide 13) - Different robots allow different amounts of control. 53 | 54 | - 15:30 (slide 16) - RMF can resolve unexpected conflicts in a dynamic envionment. 55 | 56 | - 18:26 (slide 22) - The RMF toolbox 57 | - Traffic editor: annotate floor plans 58 | - Building map tools 59 | - Testing; able to use [Ignition Robotics](https://app.ignitionrobotics.org/fuel) models 60 | - rmf_core provides integration with rmf 61 | 62 | - 20:30 (slide 28) - RMF includes [UI signalling](https://github.com/osrf/soss) 63 | 64 | - 21:00 (slide 29) - Use the operations dashboard for monitoring schedules and trajectories. The dashboard is migrating from rviz (foxy release) to web-based (build from source). 65 | 66 | ### Demonstration 67 | 68 | - 23:26 See the rmf-demos repository. Four demos: office, airport, clinic, hotel. Also a [multi-robot book](https://osrf.github.io/ros2multirobotbook) to help get started. Begin with the office demo, simplest of the group. You can submit deliveries or loops through the web interface or through gazebo. Also can submit a list of tasks, can be loaded from a .json file. 69 | 70 | - 29:35 (slide 32) - Security challenges. Most significant and difficult problem is dealing with third party hardware and software. 71 | 72 | ### Q&A 73 | 74 | - 32:05 Any questions on how security works? what you get with sros2? 75 | 76 | - 33:25 Can you expand on the human component of your security concerns? 77 | 78 | - 43:40 How do you define trust boundaries, set up your certificate hierarchy? 79 | 80 | - 46:50 Integrity vs. confidentiality of information from third parties. 81 | 82 | - 50:04 Where do we start with simulating RMF? 83 | 84 | - 52:53 Running rmf_core in the cloud or to a central location. 85 | 86 | - 58:08 Revoking certificates. See also the [secure version of the office demo](https://github.com/osrf/rmf_demos/blob/master/docs/secure_office_world.md). 87 | 88 | - 1:01:15 Is RMF ready for prime time? What is the short term plan for RMF? 89 | 90 | - 1:04:10 What about "fake" robots connecting to the fleet managers? 91 | 92 | 93 | ## References 94 | 95 | The following links were shared during the presentation: 96 | 97 | - [RMF Demos](https://github.com/osrf/rmf_demos) 98 | - [Office secured demo](https://github.com/osrf/rmf_demos/blob/master/docs/secure_office_world.md) 99 | - [RMF ros2 multi robot book](https://osrf.github.io/ros2multirobotbook) 100 | - [Free fleet](https://github.com/osrf/free_fleet), with [instructions](https://osrf.github.io/ros2multirobotbook/integration_free-fleet.html) 101 | - [RMF Core](https://github.com/osrf/rmf_core) 102 | - [Traffic Editor](https://github.com/osrf/rmf_core) 103 | 104 | --- 105 | 106 | ## Open sros2 quality issues 107 | [sros2 package Quality level status #217](https://github.com/ros2/sros2/issues/217) 108 | 109 | - Version 110 | - 1.ii: at a stable version (e.g. for semver that means version >= 1.0.0) 111 | - Change control 112 | - 2.v: documentation policy for all change requests 113 | - Documentation 114 | - 3.i: documentation for each "feature" 115 | - 3.ii: documentation for each item in the public API 116 | - 3.v: a "quality declaration" document 117 | - Testing 118 | - 4.i: system tests which cover all items in the "feature" documentation 119 | - 4.ii: system, integration, and/or unit tests which cover all of the public API 120 | - 4.iv.a: performance tests 121 | - 4.iv.b: a performance regression policy 122 | - Dependencies 123 | - 5.i: no direct runtime "ROS" dependencies which are not at the same level 124 | - 5.ii: no optional direct runtime "ROS" dependencies which are not 'Level N' 125 | - 5.iii: justification for why each direct runtime "non-ROS" dependency is equivalent to a 'Level N' package in terms of quality 126 | 127 | --- 128 | 129 | ## Open action items 130 | 131 | - 2020/09/22: [Test failures on test_security](https://github.com/ros2/system_tests/issues/435), [old version](https://github.com/ros2/system_tests/issues/446). 132 | - 2020/06/09 (sid): Draft guidance for vendors on how to create a vulnerability disclosure policy. 133 | -------------------------------------------------------------------------------- /meetings/2021_01_26/RMFOverview-SecurityWG-Public.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ros-security/community/dae90d24d53d3010ddad9e65d68a2bc8e4e35918/meetings/2021_01_26/RMFOverview-SecurityWG-Public.pdf -------------------------------------------------------------------------------- /meetings/2021_02_09/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 3 | 09 Feb 2021 | [Meeting Recording](https://youtu.be/C75mfbKpClE) | [Meeting Announcement](https://discourse.ros.org/t/ros-2-security-working-group-meeting-09-feb-2021/18862) 4 | 5 | ## Agenda 6 | 7 | - Approve WG minutes for 1/26 8 | - (Ted) Progress update on `launch --secure` 9 | - Follow-up from demos (MoveIt, RMF) 10 | - Old business 11 | 12 | 13 | ## Attendees 14 | 15 | Gianluca Caiazza, 16 | [Iker Luengo Gil](https://github.com/IkerLuengo), 17 | [Jacob Hassold](https://github.com/jhdcs), 18 | [Jeremie Deray](https://github.com/artivis), 19 | [Kyle Fazzari](https://github.com/kyrofa), 20 | [Marco Gutierrez](https://github.com/marcoag), 21 | Marques Rasmussen, 22 | [Roger Strain](https://github.com/roger-strain), 23 | [Ruffin White](https://github.com/ruffsl), 24 | [Sid Faber](https://github.com/sidfaber) 25 | [Ted Kern](https://github.com/arnatious) 26 | 27 | 28 | 29 | ## Discussion 30 | 31 | [Meeting minutes for 1/26](https://github.com/ros-security/community/pull/14) were approved. 32 | 33 | 34 | ### Launch --secure 35 | 36 | Instead of introducing the `--secure` option directly into ros launch (and also add dependency on nodl), the decision was made to create an extension system for ros launch which allows adding arbitrary flags and code. The plugin work is complete and a PR is proposed to support the new architecture. 37 | 38 | [ros2/launch_ros PR #216](https://github.com/ros2/launch_ros/pull/216) can use a review, this adds the plugin extensibility to `ros2launch`. 39 | 40 | Also [osrf/ros2launch_security PR #1](https://github.com/osrf/ros2launch_security/pull/1) needs reviews, this is the security extension implemented with the plugin architecture. 41 | 42 | For reference, see the progression of how we got here with [ros2/launch_ros PR #180](https://github.com/ros2/launch_ros/pull/180), "add --secure option to launch with encryption". 43 | 44 | 45 | ### Follow up on demos 46 | 47 | MoveIt! and RMF are both good candidates for instructing how to install `sros2` and to explore more advanced features. 48 | 49 | Marco intends to continue implementing security in RMF. One focus of theres will be on certificate revocation, certificate authority hierarchies, and related features necessary for building third party trust. 50 | 51 | Sid will continue discussing MoveIt security. This focus will be on establishing granular permissions in an existing ROS graph. 52 | 53 | RMF and MoveIt are complimentary use cases. Marco and Sid will continue refining the goals and give an update at the next WG meeting. 54 | 55 | 56 | ### Old business 57 | 58 | A brief discussion ensued regarding open quality issues (see below) and the [ROS vulnerability disclosure policy](https://ros.org/reps/rep-2006.html). 59 | 60 | 61 | --- 62 | 63 | ## Open sros2 quality issues 64 | [sros2 package Quality level status #217](https://github.com/ros2/sros2/issues/217) 65 | 66 | - Version 67 | - 1.ii: at a stable version (e.g. for semver that means version >= 1.0.0) 68 | - Change control 69 | - 2.v: documentation policy for all change requests 70 | - Documentation 71 | - 3.i: documentation for each "feature" 72 | - 3.ii: documentation for each item in the public API 73 | - 3.v: a "quality declaration" document 74 | - Testing 75 | - 4.i: system tests which cover all items in the "feature" documentation 76 | - 4.ii: system, integration, and/or unit tests which cover all of the public API 77 | - 4.iv.a: performance tests 78 | - 4.iv.b: a performance regression policy 79 | - Dependencies 80 | - 5.i: no direct runtime "ROS" dependencies which are not at the same level 81 | - 5.ii: no optional direct runtime "ROS" dependencies which are not 'Level N' 82 | - 5.iii: justification for why each direct runtime "non-ROS" dependency is equivalent to a 'Level N' package in terms of quality 83 | 84 | --- 85 | 86 | ## Open action items 87 | 88 | - 2020/09/22: [Test failures on test_security](https://github.com/ros2/system_tests/issues/435), [old version](https://github.com/ros2/system_tests/issues/446). 89 | - 2020/06/09 (sid): Draft guidance for vendors on how to create a vulnerability disclosure policy. On hold pending external interest. 90 | -------------------------------------------------------------------------------- /meetings/2021_02_23/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 23 Feb 2021 3 | 4 | [Meeting Recording](https://youtu.be/WxEUQD7NnSA) | [Meeting Announcement](https://discourse.ros.org/t/ros-2-security-working-group-meeting-23-feb-2021/19094) 5 | 6 | 7 | ## Agenda 8 | 9 | - Approve WG meeting minutes for 09 FEB 10 | - (Marco) Update on RMF use case 11 | - (Sid, 5min) Update on MoveIt use case 12 | 13 | 14 | ## Attendees 15 | 16 | [Jacob Hassold](https://github.com/jhdcs), 17 | [Jeremie Deray](https://github.com/artivis), 18 | Kalle Koivisto, 19 | [Marco Gutierrez](https://github.com/marcoag), 20 | [Roger Strain](https://github.com/roger-strain), 21 | [Sid Faber](https://github.com/sidfaber) 22 | 23 | 24 | ## Administrivia 25 | 26 | [Minutes from the meeting on 09 FEB 2021](https://github.com/ros-security/community/pull/15/files) were approved. 27 | 28 | Monitor [SROS2 ISSUE 252: Default RMW no longer ships with DDS security features](https://github.com/ros2/sros2/issues/252). 29 | 30 | ## Use Cases 31 | Marco provided an update on RMF security with a [list of RMF security needs](https://docs.google.com/document/d/1cGl00uS2OQ9Eg5c-G-U2gwBsfKYaVZHKuSZrf4uoBeE/edit). There's some overlap between Marco's work with Jeremey's logging work and Ted's work on NoDL: 32 | 33 | - Certificate revocation is the #1 use case, need something like a `revoke_permissions` API. 34 | 35 | - Need to be able to use the CLI tools when security is enabled. Jeremey remarked that this can potentially be covered through NoDL. 36 | 37 | - Interested in implementing CA hierarchies to see if they help with revocation 38 | 39 | - Looking for security to suppor some assertion of third party security, vendor guidelines, etc. 40 | 41 | - Require some form of setup testing. After the security environment is set up, check that the setup is correct and everything is working. Some of this may be met through the logging plugin (in progress) 42 | 43 | - Secure launch; generate detailed policies from a NoDL description. 44 | 45 | Sid provided an update on the MoveIt use case. A LXD container is provided by MoveIt with a working demo that can be used to implement security. A test case will be to create a read-only extension of the LXD container that can be used to monitor the robot state. 46 | 47 | 48 | ## Documentation question 49 | 50 | Kalle opened a discussion on implementing security for a fleet of drones: 51 | 52 | - What are the diffeent encryption/authentication schemas? 53 | 54 | - What controls do we have to change them? 55 | 56 | - Can SROS fetch the keys? 57 | 58 | - What documentation exists? 59 | 60 | A discussion ensued, with a reference to the [DDS spec](https://www.omg.org/spec/DDS-SECURITY/1.1/PDF) and the current state of SROS implementation and documentation. 61 | 62 | 63 | --- 64 | 65 | ## Open sros2 quality issues 66 | [sros2 package Quality level status #217](https://github.com/ros2/sros2/issues/217) 67 | 68 | - Version 69 | - 1.ii: at a stable version (e.g. for semver that means version >= 1.0.0) 70 | - Change control 71 | - 2.v: documentation policy for all change requests 72 | - Documentation 73 | - 3.i: documentation for each "feature" 74 | - 3.ii: documentation for each item in the public API 75 | - 3.v: a "quality declaration" document 76 | - Testing 77 | - 4.i: system tests which cover all items in the "feature" documentation 78 | - 4.ii: system, integration, and/or unit tests which cover all of the public API 79 | - 4.iv.a: performance tests 80 | - 4.iv.b: a performance regression policy 81 | - Dependencies 82 | - 5.i: no direct runtime "ROS" dependencies which are not at the same level 83 | - 5.ii: no optional direct runtime "ROS" dependencies which are not 'Level N' 84 | - 5.iii: justification for why each direct runtime "non-ROS" dependency is equivalent to a 'Level N' package in terms of quality 85 | 86 | --- 87 | 88 | ## Open action items 89 | 90 | - 2020/09/22: [Test failures on test_security](https://github.com/ros2/system_tests/issues/446) 91 | - 2020/06/09 (sid): Draft guidance for vendors on how to create a vulnerability disclosure policy. 92 | -------------------------------------------------------------------------------- /meetings/2021_03_09/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 09 Mar 2021 3 | 4 | [Meeting Recording](https://youtu.be/iYObjFJITtU) | [Meeting Announcement](https://app.element.io/?pk_vid=16062276209ae8cc#/room/!LcRLnAIRWjSCfZmMeD:matrix.org) 5 | 6 | ## Agenda 7 | 8 | - Approve [PR #16: Add minutes for meeting on 23 Feb 2021](https://github.com/ros-security/community/pull/16/files) 9 | - (ruffin) [Broken TB3 demo](https://github.com/rticommunity/rmw_connextdds/issues/8) 10 | - (All) [Foxy Regression](https://github.com/ros2/sros2/issues/252) recap 11 | - (Sid) ROS2 security with an external CA 12 | 13 | 14 | ## Attendees 15 | 16 | Gianluca Caiazza, 17 | [Jacob Hassold](https://github.com/jhdcs), 18 | [Marco Gutierrez](https://github.com/marcoag), 19 | Phil Wolff, 20 | [Roger Strain](https://github.com/roger-strain), 21 | [Ruffin White](https://github.com/ruffsl), 22 | [Sid Faber](https://github.com/sidfaber) 23 | 24 | 25 | ## Administrivia 26 | 27 | [Meeting minutes for meeting on 23 Feb 2021](https://github.com/ros-security/community/pull/16/files) were approved. 28 | 29 | Members agreed to shift the working group meetings to monthly, 45 minutes long. 30 | 31 | 32 | ## [Broken TB3 demo](https://github.com/rticommunity/rmw_connextdds/issues/8) 33 | 34 | While revisiting a more complex example, the Foxy Regression was identified. After that was fixed, moved ahead with a more complex implementation with many nodes and many topics. The cyclone `fastrtps` security plugins work. `rmwconnect_cpp` did not working even without security enabled. RTI v6 connextdds implementation works both with and without security with ACLs disabled. Encryption was working. 35 | 36 | Currently the default rmw is no longer working even without access controls nor encryptions. It only works without security. Also although the toy demos are working, it does not work well at scale. Need to continue investigating how to improve testing to cover scaling. 37 | 38 | Main lesson learned from the [Foxy Regression](https://github.com/ros2/sros2/issues/252) recap is to improve unit testing to detect this type of failure, but recognize that unit tests still won't cover everything. 39 | 40 | 41 | ## ROS2 security with an external CA 42 | 43 | Sid discussed the MoveIt use case status: 44 | - two identical LXD images, able to separate duties: one robot container, one monitor container. Have a test launch that moves the arm (not supposed to work on the monitor node) 45 | - Able to enable security on the robot container, and transfer the security artifacts to the monitor container to secure the robot. Also able to create separate security artifacts for the monitor container. 46 | - All done using an offboard CA. 47 | 48 | Discussed some questions about the status of the current use case. Full iteration on the details will likely happen in a PR to update ROS documentation. 49 | 50 | - Is an offboard CA using LXD + openssl a good use case to document? Yes. It should grow into dealing with multiple, external CAs, even a cahin of CAs and how to use them with ROS. 51 | 52 | - Optimize the setup within reason to keep certificate size to a minimum. 53 | 54 | - Keep the revocation use case as a separate but important issue. 55 | 56 | - The initial root CA policy can include default certificate signature length of one year, default root CA lifetime of 10 years, trimming attributes other than the certificate common name. However, see [`keyserver_config.yaml`](https://github.com/ros/ros_comm/blob/sros/tools/sros/conf/keyserver_config.yaml) for a discussion on which extended attributes should be set. 57 | 58 | - It's acceptible to use the same CA for both identity and permissions. The use case for separating them is rare. 59 | 60 | 61 | This can also map to the [Distributed Identity Foundation](https://identity.foundation/?) model for creating distributed trust. This builds on the CA model. This may be a nice alternative to the traditional CA model, and could enable components within ROS to trust each other. 62 | 63 | 64 | ## References 65 | 66 | The following links were shared during the presentation: 67 | 68 | - [Terminate called after throwing an instance of 'rclcpp::exceptions::RCLError' with Nav2 #8](https://github.com/rticommunity/rmw_connextdds/issues/8) 69 | - [HowTo: Create a ROS CA](https://docs.google.com/document/d/1xvJZp9Sr3KpVZuoRGVsCsoApzrh-hj3C6gz57B68Euc/edit) 70 | - [ros_comm/tools/sros/conf/keyserver_config.yaml](https://github.com/ros/ros_comm/blob/sros/tools/sros/conf/keyserver_config.yaml) 71 | - [The Distributed Identity Foundation](https://identity.foundation/) 72 | - [ROS Security WG Breakout Meeting | Invited Talk on Privaros](https://discourse.ros.org/t/ros-security-wg-breakout-meeting-invited-talk-on-privaros/17848) 73 | 74 | 75 | --- 76 | 77 | ## Open sros2 quality issues 78 | [sros2 package Quality level status #217](https://github.com/ros2/sros2/issues/217) 79 | 80 | - Version 81 | - 1.ii: at a stable version (e.g. for semver that means version >= 1.0.0) 82 | - Change control 83 | - 2.v: documentation policy for all change requests 84 | - Documentation 85 | - 3.i: documentation for each "feature" 86 | - 3.ii: documentation for each item in the public API 87 | - 3.v: a "quality declaration" document 88 | - Testing 89 | - 4.i: system tests which cover all items in the "feature" documentation 90 | - 4.ii: system, integration, and/or unit tests which cover all of the public API 91 | - 4.iv.a: performance tests 92 | - 4.iv.b: a performance regression policy 93 | - Dependencies 94 | - 5.i: no direct runtime "ROS" dependencies which are not at the same level 95 | - 5.ii: no optional direct runtime "ROS" dependencies which are not 'Level N' 96 | - 5.iii: justification for why each direct runtime "non-ROS" dependency is equivalent to a 'Level N' package in terms of quality 97 | 98 | --- 99 | 100 | ## Open action items 101 | 102 | - 2020/09/22: [Test failures on test_security](https://github.com/ros2/system_tests/issues/446) 103 | - 2020/06/09 (sid): Draft guidance for vendors on how to create a vulnerability disclosure policy. 104 | -------------------------------------------------------------------------------- /meetings/2021_04_13/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 13 Apr 2021 3 | 4 | [Meeting Recording](https://youtu.be/6FBraGphxcI) | [Meeting Announcement](https://matrix.to/#/!LcRLnAIRWjSCfZmMeD:matrix.org/$debdyjMNrch_edOWmavhC9CckFfXqBg4mwr2-5y9fvQ?via=matrix.org) 5 | 6 | 7 | ## Agenda 8 | 9 | - Approve: [Add meeting minutes for March 9, 2021](https://github.com/ros-security/community/pull/17) 10 | - Upcoming Foxy sync, [Galactic feature freeze](https://discourse.ros.org/t/galactic-api-and-feature-freeze-in-rolling/19795) on 4/19 11 | - Security logging in Fast-DDS, quick update 12 | - Old business 13 | 14 | ## Attendees 15 | 16 | Gianluca Caiazza, 17 | [Iker Luengo Gil](https://github.com/IkerLuengo), 18 | [Jacob Hassold](https://github.com/jhdcs), 19 | [Jeremie Deray](https://github.com/artivis), 20 | [Roger Strain](https://github.com/roger-strain), 21 | [Ruffin White](https://github.com/ruffsl), 22 | [Sid Faber](https://github.com/sidfaber) 23 | 24 | 25 | ## Administrivia 26 | 27 | [Minutes from the meeting on March 9, 2021](https://github.com/ros-security/community/pull/17) were approved. 28 | 29 | ## Galactic Feature Freeze 30 | 31 | Recent merge from Mikael updated to the latest version; nothing else significant seems to be pending. 32 | 33 | 34 | ## Security Logging 35 | 36 | The security logging plugin has already landed in FastDDS (FastRTPS), it gives the ability to log to a text file. However, the DDS spec also allows logging directly to the DDS graph. This is current work-in-progress. 37 | 38 | [Watch the demo](https://youtu.be/6FBraGphxcI?t=289) 39 | 40 | Part of this work proposes permissions for the logging readers and logging writers. Nodes should have write access to the log node automatically when logging is enabled. 41 | 42 | Additionally the security logging topic has some characters (semicolons) that ros does not recognize. Should the ros2 logging node be neede within the ROS graph, a bridge node may be required. However, the topic can remain invisible to the graph when not needed in ROS and used to log directly to syslog or another destination. 43 | 44 | 45 | ## Test update 46 | 47 | [FastRTPS issue 522](https://github.com/ros2/rmw_fastrtps/issues/522) and [ros2 PR 1114](https://github.com/ros2/ros2/pull/1114) addressed a fastdds problem that created a regresson for multiple subscribers on a single topic. This issue should be fixed with the latest release, and the ROS2 team is working on a backport to foxy. However, an sros2 issue should be created to add tests with multiple readers and multiple writers. 48 | 49 | ***See [sros2 issue 261](https://github.com/ros2/sros2/issues/261)*** 50 | 51 | 52 | 53 | 54 | --- 55 | 56 | ## Open sros2 quality issues 57 | [sros2 package Quality level status #217](https://github.com/ros2/sros2/issues/217) 58 | 59 | - Version 60 | - 1.ii: at a stable version (e.g. for semver that means version >= 1.0.0) 61 | - Change control 62 | - 2.v: documentation policy for all change requests 63 | - Documentation 64 | - 3.i: documentation for each "feature" 65 | - 3.ii: documentation for each item in the public API 66 | - 3.v: a "quality declaration" document 67 | - Testing 68 | - 4.i: system tests which cover all items in the "feature" documentation 69 | - 4.ii: system, integration, and/or unit tests which cover all of the public API 70 | - 4.iv.a: performance tests 71 | - 4.iv.b: a performance regression policy 72 | - Dependencies 73 | - 5.i: no direct runtime "ROS" dependencies which are not at the same level 74 | - 5.ii: no optional direct runtime "ROS" dependencies which are not 'Level N' 75 | - 5.iii: justification for why each direct runtime "non-ROS" dependency is equivalent to a 'Level N' package in terms of quality 76 | 77 | --- 78 | 79 | ## Open action items 80 | 81 | - 2020/09/22: [Test failures on test_security](https://github.com/ros2/system_tests/issues/446) 82 | - 2020/06/09 (sid): Draft guidance for vendors on how to create a vulnerability disclosure policy. 83 | -------------------------------------------------------------------------------- /meetings/2021_04_27/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 27 April 2021 3 | 4 | 5 | ## Agenda 6 | 7 | - Approve WG meeting minutes for 13 APR 8 | - Using a `data:` or `pkcs11:` URI with DDS security 9 | 10 | 11 | ## Attendees 12 | 13 | Gianluca Caiazza, 14 | [Jeremie Deray](https://github.com/artivis), 15 | Kalle Koivisto, 16 | [Phil Wolff](https://github.com/evanwolf), 17 | [Roger Strain](https://github.com/roger-strain), 18 | [Sid Faber](https://github.com/sidfaber) 19 | Tomoya Fujita 20 | 21 | 22 | ## Drone use case 23 | 24 | Discussed by Kalle: Consider the scenario where a swarm of drones uses ROS 2 to communicate within the drone and between drones. 25 | The swarm also has a ground control that is the trust anchor for comms within the swarm. 26 | The idea is still under design, but the issue is to have a central key store within the enclave. 27 | They're hoping to implement DDS to support the central key store and consume keys over PKCS 11. 28 | 29 | They're currently using FastRTPS which does not appear to support PCKS 11, but they're willing to contribute to FastRTPS and potentially to SROS to build the implementation. 30 | The FastRTPS middleware is most commonly used by the drone community. 31 | 32 | This may also open the need to revisit the idea of securing ROS on a constrained environment without a file system. 33 | 34 | References (links shared during the meeting): 35 | - An example [WIP document](https://docs.google.com/document/d/1xvJZp9Sr3KpVZuoRGVsCsoApzrh-hj3C6gz57B68Euc/edit#heading=h.85wyx39e3qj5) on using an external certificate store; this document will eventually be proposed into the [ROS 2 tutorials](https://docs.ros.org/en/foxy/Tutorials.html). 36 | - The [rcl issue](https://discourse.ros.org/t/ros-2-without-a-file-system/16942/2) that led to the [discourse discussion](https://github.com/ros2/rcl/issues/545) on running ROS without a file system 37 | 38 | --- 39 | 40 | ## Open sros2 quality issues 41 | [sros2 package Quality level status #217](https://github.com/ros2/sros2/issues/217) 42 | 43 | - Version 44 | - 1.ii: at a stable version (e.g. for semver that means version >= 1.0.0) 45 | - Change control 46 | - 2.v: documentation policy for all change requests 47 | - Documentation 48 | - 3.i: documentation for each "feature" 49 | - 3.ii: documentation for each item in the public API 50 | - 3.v: a "quality declaration" document 51 | - Testing 52 | - 4.i: system tests which cover all items in the "feature" documentation 53 | - 4.ii: system, integration, and/or unit tests which cover all of the public API 54 | - 4.iv.a: performance tests 55 | - 4.iv.b: a performance regression policy 56 | - Dependencies 57 | - 5.i: no direct runtime "ROS" dependencies which are not at the same level 58 | - 5.ii: no optional direct runtime "ROS" dependencies which are not 'Level N' 59 | - 5.iii: justification for why each direct runtime "non-ROS" dependency is equivalent to a 'Level N' package in terms of quality 60 | -------------------------------------------------------------------------------- /meetings/2021_05_11/2021-05-ROS2SecurityWGpresentation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ros-security/community/dae90d24d53d3010ddad9e65d68a2bc8e4e35918/meetings/2021_05_11/2021-05-ROS2SecurityWGpresentation.pdf -------------------------------------------------------------------------------- /meetings/2021_05_11/2021-05-ROS2SecurityWGpresentation.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ros-security/community/dae90d24d53d3010ddad9e65d68a2bc8e4e35918/meetings/2021_05_11/2021-05-ROS2SecurityWGpresentation.pptx -------------------------------------------------------------------------------- /meetings/2021_05_11/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 10 May 2021 3 | 4 | [Meeting Recording](https://youtu.be/bxJ-EJ_6LxM) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-may-2021/20270) 5 | 6 | 7 | ## Agenda 8 | 9 | - Approve WG meeting minutes for 13 APR and 27 APR 10 | - (Kalle) Using a data: or pkcs11: URI with DDS security 11 | 12 | 13 | ## Attendees 14 | 15 | Gianluca Caiazza, 16 | Jeremie Deray, 17 | Sid Faber, 18 | Tomoya Fujita, 19 | Marco Gutiérrez, 20 | Jacob Hassold, 21 | Kalle Koivisto, 22 | Iker Luengo Gil, 23 | Víctor Mayoral Vilches, 24 | Manuel Segarra-Abad, 25 | Roger Strain, 26 | Ruffin White-Magner, 27 | Tianshi Xiang 28 | 29 | 30 | ## Administrivia 31 | 32 | [Minutes from the meeting on 13 APR 2021](https://github.com/ros-security/community/pull/18) were approved. 33 | 34 | [Minutes from the meeting on 27 APR 2021](https://github.com/ros-security/community/pull/19) were approved. 35 | 36 | 37 | ## `pkcs11:` URI Support 38 | 39 | Kalle Koivisto 40 | [presentated slides (pdf](2021-05-ROS2SecurityWGpresentation.pdf), [pptx)](2021-05-ROS2SecurityWGpresentation.pptx) 41 | on his project to create a platform for drone fleets. 42 | 43 | The platform allows a drone fleet to perform missions autonomously. 44 | It contains cloud, fog and edge compute drones. 45 | All parts of the fleet run in a ros network, both between drones and within drones. 46 | Zones within the drone are logically divided with a hypervisor and virtual machines. 47 | 48 | A crypto back end on the drone should be used to safely store keys and provide crypto access via PKCS#11. 49 | The current struggle is finding best way to protect the ROS private keys, preferably with PKCS11 API. 50 | Although the DDS spec supports PKCS, the middleware does not seem to have implemented this. 51 | PKCS may also be used for other (non-ROS) crypto options, but all the private keys must be stored in a hardened isolated crypto back end. 52 | 53 | The implementation is similar to a typical/standard provisioning implementation for encryption trust. 54 | The drone generates its own key pair and a Certificate Signing Request (CSR) that is signed by the cloud. 55 | The local file system can still store the identity cert, permissions file and CAs. 56 | PKCS would be used to access secrets stored in the secure back end, not on the file system: sign, encrypt, decrypt with pkcs11. 57 | This allows the crypto back end to be fully replaceable, enables many different use cases. 58 | 59 | ### Q&A 60 | 61 | Iker: The preso is quite clear. 62 | FastDDS does not yet support pkcs. 63 | It's unclear how much work is required to support pkcs, but it's worth exploring. 64 | Open to starting to work on this. 65 | 66 | Ruffin: Would the certificates be in-band our out-of-band? 67 | Probably out-of-band during a provisioning phase. 68 | The sros2 api would need updated to support creating/issuing the certs, etc. 69 | 70 | There's an open issue on the state of PKCS11 in python's crypto library. 71 | The current implementation had to help with their s/mime signing support. 72 | 73 | This will require a ROS 2 design change to specify how to configure PKCS URIs. 74 | 75 | There is currently no need to support `data:` URIs. 76 | For this use case each drone has a local file system for storing security files. 77 | 78 | Certificate revocation lists (CRLs) are currently not supported. 79 | CRLs are a nice-to-have so drones can be removed from the fleet. 80 | 81 | 82 | ### Next steps 83 | 84 | Iker and Calle to work on the way forward. 85 | This likely will start with an updated design doc to support PKCS URIs. 86 | 87 | 88 | 89 | --- 90 | 91 | ## Open sros2 quality issues 92 | [sros2 package Quality level status #217](https://github.com/ros2/sros2/issues/217) 93 | 94 | - Version 95 | - 1.ii: at a stable version (e.g. for semver that means version >= 1.0.0) 96 | - Change control 97 | - 2.v: documentation policy for all change requests 98 | - Documentation 99 | - 3.i: documentation for each "feature" 100 | - 3.ii: documentation for each item in the public API 101 | - 3.v: a "quality declaration" document 102 | - Testing 103 | - 4.i: system tests which cover all items in the "feature" documentation 104 | - 4.ii: system, integration, and/or unit tests which cover all of the public API 105 | - 4.iv.a: performance tests 106 | - 4.iv.b: a performance regression policy 107 | - Dependencies 108 | - 5.i: no direct runtime "ROS" dependencies which are not at the same level 109 | - 5.ii: no optional direct runtime "ROS" dependencies which are not 'Level N' 110 | - 5.iii: justification for why each direct runtime "non-ROS" dependency is equivalent to a 'Level N' package in terms of quality 111 | 112 | --- 113 | 114 | ## Open action items 115 | 116 | - 2020/09/22: [Test failures on test_security](https://github.com/ros2/system_tests/issues/446) 117 | - 2020/06/09 (sid): Draft guidance for vendors on how to create a vulnerability disclosure policy. 118 | -------------------------------------------------------------------------------- /meetings/2021_06_08/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 08 Jun 2021 3 | 4 | [Meeting Recording](https://youtu.be/YwpZgNoYsd8) | [Meeting Announcement](https://discourse.ros.org/t/security-wg-meeting-june-8-2021/20806) 5 | 6 | 7 | ## Agenda 8 | 9 | - Approve WG meeting minutes for 11 May 10 | - PKCS#11 design proposal for FastDDS and SROS2 11 | - ROS 2 `sros2` documentation update PR 12 | 13 | 14 | ## Attendees 15 | 16 | Bartolome Jimenez Vera, 17 | Iker Luengo Gil, 18 | Jacob Hassold, 19 | Jeremie Deray, 20 | Kalle Koivisto, 21 | Marco Gutiérrez, 22 | Mikael Arguedas, 23 | Roger Strain, 24 | Ruffin White, 25 | Sid Faber, 26 | Tianshi Xiang 27 | 28 | 29 | ## Administrivia 30 | 31 | [Minutes from the meeting on 11 May 2021](https://github.com/ros-security/community/pull/20/files) were approved. 32 | 33 | ## PKCS#11 Design Proposal 34 | 35 | Iker and Kalle presented a simple proposal for adding `pkcs#11` support to ROS 2. 36 | The intent is to make sros aware of a `.p11` file type with the same name as the security key. 37 | ROS would recognize this file exists and read the file as a PKCS URI and hand the URI off to the middleware. 38 | ROS will not pass the .p11 file to the middleware (that would not be compliant with the DDS standard), but would deserialize the .p11 file and treat it as a PKCS URI. 39 | 40 | Current plans skip any changes to the encryption plugin and only address the authentication plugin. 41 | The primary intent is to protect the private keys. 42 | 43 | Should an implementation have both a .p11 and a .key file (or a similar related unexpected situation), generate an error rather than trying to implement some priority logic. 44 | 45 | This change may include updates to sros2 utilities to easily enroll with PKCS and generate the needed artifacts. 46 | 47 | DDS vendors should be made aware of the change, although it should have minimal impact. 48 | 49 | 50 | ## Documentation Update PR 51 | 52 | Sid gave an overview of the [ROS 2 Security documentation update PR](https://github.com/ros2/ros2_documentation/pull/1662). 53 | Please review / comment. 54 | 55 | 56 | --- 57 | 58 | ## Open sros2 quality issues 59 | [sros2 package Quality level status #217](https://github.com/ros2/sros2/issues/217) 60 | 61 | - Version 62 | - 1.ii: at a stable version (e.g. for semver that means version >= 1.0.0) 63 | - Change control 64 | - 2.v: documentation policy for all change requests 65 | - Documentation 66 | - 3.i: documentation for each "feature" 67 | - 3.ii: documentation for each item in the public API 68 | - 3.v: a "quality declaration" document 69 | - Testing 70 | - 4.i: system tests which cover all items in the "feature" documentation 71 | - 4.ii: system, integration, and/or unit tests which cover all of the public API 72 | - 4.iv.a: performance tests 73 | - 4.iv.b: a performance regression policy 74 | - Dependencies 75 | - 5.i: no direct runtime "ROS" dependencies which are not at the same level 76 | - 5.ii: no optional direct runtime "ROS" dependencies which are not 'Level N' 77 | - 5.iii: justification for why each direct runtime "non-ROS" dependency is equivalent to a 'Level N' package in terms of quality 78 | 79 | -------------------------------------------------------------------------------- /meetings/2021_08_10/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 3 | 10 Aug 2021 4 | 5 | [Meeting Recording](https://youtu.be/fkFHfvDDsJg) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-august-2021) 6 | 7 | ## Agenda 8 | 9 | - [Approve WG meeting minutes for 08 Jun](#-administrivia) 10 | - [Shaun introduction](#shaun-introduction) 11 | - [PKCS#11 Design update](#pkcs1111-design-update) 12 | 13 | ## Attendees 14 | 15 | - Marco Gutiérrez 16 | - Gianluca Caiazza 17 | - Cameron Mott 18 | - Kalle Koivisto 19 | - Jacob Hassold 20 | - Shaun Murphy 21 | - Jeremie Deray 22 | 23 | ## Administrivia 24 | 25 | [Minutes from the meeting on 08 Jun 2021](https://github.com/ros-security/community/pull/21) were approved. 26 | 27 | ## Shaun introduction 28 | 29 | Shaun introduced himself and explained the chair change. 30 | After what he re-assured of Canonical commitment to the WG; 31 | Canonical is back filling the position. 32 | 33 | ## PKCS#11 Design update 34 | 35 | Summer time, people are either coming back from vacation or just starting them. 36 | Kalle said that Eprosima started the implementation for the integration of PKSC#11 in Fast-DDS with a planned timeline set for the end of the year. 37 | He also did a brief recall on the design: PKCS URI fed to openSSL in Fast-DDS; 38 | on SROS2 side, the key name will be given in the configuration file. 39 | The reference implementation is going to be done against softHSM. 40 | Normally, 'real' HSM solution should be fairly easy to integrate since PKCS11 makes the back-end replaceable. 41 | -------------------------------------------------------------------------------- /meetings/2021_09_14/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 3 | 14 Sep 2021 4 | 5 | [Meeting Recording](https://youtu.be/AVZEStdIn3c) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-september-2021) 6 | 7 | ## Agenda 8 | 9 | - [Approve WG meeting minutes for 10 Aug](#-administrivia) 10 | - [PKCS#11 update](#pkcs11-update) 11 | - [External CA setup](#external-ca-setup) 12 | 13 | ## Attendees 14 | 15 | - Shaun Murphy 16 | - Kalle Koivisto 17 | - Ruffin White-Magner 18 | - Marco Gutiérrez 19 | - Jooonas Loppi 20 | - Jacob Hassold 21 | 22 | ## Administrivia 23 | 24 | [Minutes from the meeting on 08 Jun 2021](https://github.com/ros-security/community/pull/21) were approved. 25 | 26 | ## PKCS#11 update 27 | 28 | Implementation going on as scheduled, e.t.a end of the year probably sooner. 29 | We'll need to discuss SROS2 integration. 30 | 31 | ## External CA setup 32 | 33 | Kalle is following the work on external CA setup based on Sid's doc ['HowTo: Set up a CA for ROS'](https://docs.google.com/document/d/1xvJZp9Sr3KpVZuoRGVsCsoApzrh-hj3C6gz57B68Euc/edit?usp=sharing). 34 | Looking at how SROS2 would create domain participant key and cert requests and any external PKI service would runs the CA (thus in place of SROS2 local CA). 35 | -------------------------------------------------------------------------------- /meetings/2021_11_09/2021-011-SwRI-ROS2SecurityWGpresentation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ros-security/community/dae90d24d53d3010ddad9e65d68a2bc8e4e35918/meetings/2021_11_09/2021-011-SwRI-ROS2SecurityWGpresentation.pdf -------------------------------------------------------------------------------- /meetings/2021_11_09/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 9 November 2021 3 | 4 | [Meeting Recording](https://www.youtube.com/watch?v=52Sc-Q3IqWU) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-november-2021/22976) 5 | 6 | 7 | ## Agenda 8 | 9 | (Jeremie) Approve WG meeting minutes for September 14, 2021 10 | (David Anthony) Introduction and show-case 11 | (Iker, Kalle) PKCS#11 update 12 | (Víctor and related group) Guest talk about DDS Security research (link to [Black Hat talk] (https://www.blackhat.com/eu-21/briefings/schedule/index.html#the-data-distribution-service-dds-protocol-is-critical-lets-use-it-securely-24934)) 13 | 14 | 15 | ## Attendees 16 | 17 | Jeremie Deray | artivis (Canonical), 18 | Víctor Mayoral-Vilches (Xilinx), 19 | David Anthony (SwRI), 20 | Florencia Cabral Berenfus (Canonical), 21 | Gianluca Caiazza (Secura Factors), 22 | Ruffin White (Secura Factors), 23 | Iker Luengo Gil (eProsima) 24 | 25 | 26 | ## Administrivia 27 | 28 | [Minutes from the meeting on September 14, 2021](https://github.com/ros-security/community/pull/23) were approved. 29 | 30 | 31 | ## ROS2 security usability 32 | 33 | David Anthony (SwRI) shared about their interest and challenges in using security with ROS 2, and trying to introduce security practices into their development workflow. 34 | 35 | [Link to the slides](2021-011-SwRI-ROS2SecurityWGpresentation.pdf) 36 | 37 | Some of their challenges in this process are: integrating security into the development workflow; working with command line tools in complex systems; and verifying that the system is properly configured after applying SROS2 tools. Some specific challenges are listed in Slide 5 of the PPT presentation. 38 | 39 | Some suggestions for improvement (Slide 6) are: 40 | - Having graphical tools for configuring and inspecting encryption, governance and policy settings (possibly using rqt graph to visualize which topics are encrypted; which keys are used for encryption, etc) 41 | - Better integration into CI/CD pipeline and deployment: be able to set configuration options programmatically 42 | Node introspection: possibility of node info or rostopic info show information on the enclaves a node is using/how publishers/subscribers are configured for encryption 43 | - Efficient key management for their large UAV swarm 44 | 45 | ### Feedback from other meeting participants: 46 | 47 | - Agreement that security features are there, but usability can be improved 48 | - Suggestion to look into the [‘ros2 launch security’](https://github.com/osrf/ros2launch_security)] effort, still under development 49 | - The way forward might require defining a security reference system based on a common use case. 50 | - Consider following the example of other working groups such as real time, [here](https://github.com/ros-realtime/reference-system), and past reference examples used in the SWG, such as the [Secure Turtlebot3 Demo](https://github.com/ros-swg/turtlebot3_demo) and [ROS2 Security Workshop at RosCon 2019](https://ros-swg.github.io/ROSCon19_Security_Workshop/) 51 | 52 | 53 | ### PKCS#11 Update 54 | 55 | - There is a [pull request](https://github.com/ros2/rmw_fastrtps/pull/565) for adding support for PKCS#11 56 | - There is a [pull request](https://github.com/eProsima/Fast-DDS/pull/2222) to add in FastDDS 57 | - A showcase could be shared with the SWG by January 58 | 59 | 60 | ### DDS security 61 | 62 | - There will be a [talk at the Black Hat Europe conference](https://www.blackhat.com/eu-21/briefings/schedule/index.html#the-data-distribution-service-dds-protocol-is-critical-lets-use-it-securely-24934) on Nov. 11, presenting some critical DDS security vulnerabilities that were found 63 | - Will look to arrange a brief about this for the SWG in the near future 64 | - Shared a scapy layer that implements a dissect of RTPS: https://github.com/secdev/scapy/pull/3403 65 | 66 | 67 | ## TODO 68 | 69 | Set up shared document to collectively work on defining a reference security demo (Jeremie) 70 | -------------------------------------------------------------------------------- /meetings/2021_12_14/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 3 | 14 December 2021 4 | 5 | [Meeting Recording](https://www.youtube.com/watch?v=SZXOOYDsjxc&feature=youtu.be) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-december-2021/23399) 6 | 7 | 8 | ## Agenda 9 | 10 | 11 | (Jeremie) Approval requested: Add minutes for meeting on November 9, 2021 12 | (Jeremie) Re-populate the WG with a group of individuals who can jointly manage the group. 13 | (Jeremie) Explicit the mechanisms and rules for role downgrading: The roles of the working group participants are explicitly defined together with the rules to upgrade said roles (see [here](https://github.com/ros-security/community#roles)). However, there are no explicit rules to downgrade roles, especially in the case of clear inactivity. 14 | (Jeremie) Call for action: cleanup sros2 issues/PRs. Starting with #275, #29. 15 | (Victor) Guest talk about DDS Security research 16 | (Jeremie - if time allows) Discussion around reference implementation 17 | 18 | 19 | ## Attendees 20 | 21 | Jeremie Deray, 22 | Kalle Koivisto, 23 | Christian R., 24 | Florencia Cabral, 25 | Ruffin White, 26 | Shaun Murphy, 27 | Werner Burger, 28 | Florian Tax, 29 | Gianluca Caiazza, 30 | Victor Mayoral-Vilchez 31 | 32 | 33 | ## Administrivia 34 | 35 | [Minutes from the meeting on November 9, 2021](https://github.com/ros-security/community/pull/24) were approved. 36 | 37 | 38 | ## Group membership and roles 39 | 40 | ### Approving member roles 41 | 42 | The group requires active members with roles as Reviewers and Approvers, and currently they are very limited. 43 | 44 | Some pending membership requests: 45 | - [Victor's request](https://github.com/ros-security/community/issues/25) is waiting for inactive approvers 46 | - [Florencia's request](https://github.com/ros-security/community/issues/27) is waiting for some changes in the rules 47 | - Ruffin should apply for Approver role 48 | 49 | Jeremie will add the official list of members to the community repo once it is updated. 50 | 51 | ### Role downgrading 52 | 53 | Currently, the group doesn't have explicit mechanisms and rules for role downgrading, and this is necessary, especially in the case of clear inactivity. It was agreed that a mechanism for downgrading members will be proposed at the next WG meeting. 54 | 55 | ## Open issues/PRs 56 | 57 | There are some sros2 issues and PRs pending review (i.e., [#275](https://github.com/ros2/sros2/issues/275), [#29](https://github.com/ros2/sros2/pull/29)). 58 | Members most familiar with them will work on these reviews; Victor will look at #275. 59 | 60 | ## DDS security research 61 | 62 | - Victor Mayoral-Vilchez gave a guest talk to present his research group's findings on Data Distribution Service (DDS) security vulnerabilities. These were first presented at the [Black Hat Europe conference 2021](https://www.blackhat.com/eu-21/briefings/schedule/index.html#the-data-distribution-service-dds-protocol-is-critical-lets-use-it-securely-24934) last November 11, and a similar talk to this was given at the [ROS Industrial Europe Conference](https://rosindustrial.org/events/2021/12/1/ros-industrial-conference-2021) on December 2. The results of the research were also shared on [ROS Discourse](https://discourse.ros.org/t/cybersecurity-in-the-ros-2-communication-middleware-targeting-the-top-6-dds-implementations/23254). He touched on the methodology used for this research, which included a dissector of ROS2 layers crafted by the team, which was used to analyze RTPS (DDS's underlying networking protocol). The findings included several vulnerabilities such as a network reflection/amplification vulnerability affecting the DDS protocol, and configuration-based vulnerabilities on several implementations. Finally, Victor shared demos of the POCs for these issues. 63 | 64 | - Victor also shared a personal project, the ["Robot Hacking Manual"](https://github.com/vmayoral/robot_hacking_manual), which includes case studies and tutorials that aim to raise awareness of and discuss tools for robotics cybersecurity, using a security-first approach. 65 | 66 | 67 | -------------------------------------------------------------------------------- /meetings/2022_01_11/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 3 | 11 January 2022 4 | [Meeting Recording](https://www.youtube.com/watch?v=Bwqekv1dTZo) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-january-2022/23714) 5 | 6 | ## Agenda 7 | - (Jeremie) Approval requested: Add minutes for meeting on December 14, 2021 8 | - (Jeremie) Admin 9 | - Membership request: #25 #27 #30 #31 - no 'approver' applications 10 | - Template: #29 11 | - (Jeremie) Explicit the mechanisms and rules for role downgrading: proposal review (gotta formalize that into a PR) 12 | - (Jeremie) Discussion around reference implementation 13 | 14 | ## Attendees 15 | Gianluca Caiazza 16 | Marco Gutierrez 17 | Victor Mayoral-Vilchez 18 | Roger Strain 19 | Ruffin White 20 | Florencia Cabral 21 | Cameron Mott 22 | David Anthony 23 | Jeremie Deray (artivis) | Canonical 24 | Tomoya Fujita 25 | 26 | ## Administrivia 27 | 28 | ### Approve last meeting minutes 29 | 30 | [Minutes from the meeting on December 14, 2021](https://github.com/ros-security/community/pull/32) were approved. 31 | 32 | ### Membership role changes and pull requests 33 | 34 | - Accepted membership change requests [#25](https://github.com/ros-security/community/issues/25), [#27](https://github.com/ros-security/community/issues/27), [#30](https://github.com/ros-security/community/issues/30), and [#31](https://github.com/ros-security/community/issues/31). Ruffin White was added as Approver; Victor Mayoral-Vilchez was added as Reviewer; and Florencia Cabral was added as Member. Finally Mikael Arguedas was downgraded to Reviewer. 35 | - Approved pull request [#29](https://github.com/ros-security/community/pull/29), with changes to the template for adding new projects to SWG. Victor will update request [#28](https://github.com/ros-security/community/issues/28) as per the new template. 36 | 37 | ### Mechanisms and rules for role downgrading 38 | 39 | It was proposed to define a mechanism to formally downgrade Approvers, where inactive approvers will be downgraded to Member roles after 3 months of inactivity. Jeremie will formalize this proposal in a PR. 40 | 41 | ## SROS2 reference implementation 42 | 43 | - Ruffin referenced existing demos for enabling SROS2 security on [a simulated Turtlebot3](https://github.com/ros-swg/turtlebot3_demo) and [on MoveIt2](https://github.com/ros-swg/moveit2_demo/tree/demo). Marco shared the [Robotic Middleware Framework (RMF)](https://github.com/open-rmf/rmf_demos/) demos, as interesting scenarios to consider, and Victor shared the [Robotics Capture the Flag](https://github.com/aliasrobotics/RCTF) project for reference. 44 | 45 | - Jeremie opened the discussion around different aspects of the reference implementation: 46 | - objectives (ie, showcase the security features of ROS 2 in an actual platform, raise awareness around security, and improve the usability and documentation of SROS2); 47 | - platform to be used (Turtlebot4 was proposed as the upcoming reference ROS 2 robot); 48 | - target timeline (ROSCon 2022, possibly bringing it to a security-oriented venue, and to publicize in advance to generate interest); and 49 | - possible partnerships. 50 | 51 | Some concerns raised included the timeline for the availability of the Turtlebot4 robot; as an alternative the Turtlebot3 could be used. Different 'Capture the Flag' scenarios were discussed for the implementation. Next, Jeremie will share a document collecting these ideas for the group to continue collaborating on this project. 52 | 53 | -------------------------------------------------------------------------------- /meetings/2022_02_08/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 3 | 08 February 2022 4 | [Meeting Recording](https://www.youtube.com/watch?v=bNjLwZB13h0) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-february-2022/24218) 5 | 6 | ## Agenda 7 | - (Jeremie) Approval requested: [Add minutes for meeting on January 11, 2022](https://github.com/ros-security/community/pull/34) 8 | - (Jeremie) Member downgrade rule proposal #35 9 | - (Victor) [Safety, Security and Performance in Robotics - A workshop led by the European Commission](https://news.aliasrobotics.com/safety-security-performance-european-commission/) 10 | - (Jeremie) Discussion around reference implementation 11 | 12 | 13 | ## Attendees 14 | Gianluca Caiazza 15 | Jeremie Deray (artivis) 16 | Victor Mayoral Vilches 17 | Roger Strain 18 | Marco Gutierrez 19 | Florencia Cabral 20 | Kalle Kovisto 21 | Kide Vuojärvi 22 | Bartolome Jimenez Vera 23 | Joonas Loppi 24 | Unai Ayucar Carbajo 25 | Adam Mitz 26 | 27 | 28 | ## Administivia 29 | 30 | ### Approve last meeting minutes 31 | 32 | [Minutes from the meeting on January 11, 2021](https://github.com/ros-security/community/pull/34) were approved. 33 | 34 | ## Workshop on Safety, Security and Performance in Robotics 35 | 36 | Victor shared about an upcoming [workshop on safety, security and performance in Robotics](https://news.aliasrobotics.com/safety-security-performance-european-commission/) led by the European commission on Feb. 9, which will explore how collaborative robots can be safe and secure. 37 | 38 | ## SROS2 reference implementation 39 | 40 | - There was a short exchange about the reference implementation. Victor shared he is part of a group trying to push forward the topic of ROS 2 security as well, using Turtlebot 3 and the navigation stack. This is complementary to what the group decides to do with the reference implementation. 41 | - In addition, it was proposed to start developing a shared document on security best practices for ROS and robotics more generally, in the form of a living wiki including both conceptual and practical guidelines. 42 | -------------------------------------------------------------------------------- /meetings/2022_03_08/NoDL_ Presentation_SWG_Mar08.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ros-security/community/dae90d24d53d3010ddad9e65d68a2bc8e4e35918/meetings/2022_03_08/NoDL_ Presentation_SWG_Mar08.pdf -------------------------------------------------------------------------------- /meetings/2022_03_08/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 08 March 2022 3 | [Meeting Recording](https://www.youtube.com/watch?v=C_3vnW8rQPA) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-march-2022/24528) 4 | 5 | ## Agenda 6 | 7 | - (Jeremie) Approval requested: [Add minutes for meeting on February 08, 2022](https://github.com/ros-security/community/pull/36) 8 | - (Florencia) Presentation "NoDL and its relation to sros2" 9 | 10 | ## Attendees 11 | 12 | Tomoya Fujita - Sony 13 | Gianluca Caiazza 14 | Guillaume Beuzeboc 15 | Roger Strain 16 | Marco Gutierrez 17 | Victor Mayoral-Vilches | Alias Robotics 18 | Jeremie Deray (artivis) | Canonical 19 | Florencia Cabral | Canonical 20 | 21 | ## Administivia 22 | 23 | ### Approve last meeting minutes 24 | 25 | [Minutes from the meeting on February 08, 2022](https://github.com/ros-security/community/pull/36) were approved. 26 | 27 | ## NoDL Presentation 28 | 29 | - Florencia presented [the NoDL project](https://github.com/ubuntu-robotics/nodl), including its technical description, usage, future directions, and packages currently using it, such as [ros2launch_security](https://github.com/osrf/ros2launch_security) and [nodl_to_policy](https://github.com/aprotyas/nodl_to_policy). 30 | - The presentation slides are available [here](NoDL_ Presentation_SWG_Mar08.pdf) 31 | - There was a follow-up discussion about this package's features, limitations and future work. Some points discussed related to using NoDL for third party nodes; assessing security policies generated from NoDL; and [HAROS](https://github.com/git-afsantos/haros) as a complementary project that introduces the ability to do static graph introspection. 32 | - Action points for future meetings included inviting the HAROS maintainers for a discussion, and taking advantage of synergies with academic work being done by other SWG members related to modeling ROS 2 computational graphs. -------------------------------------------------------------------------------- /meetings/2022_04_12/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 3 | 12 April 2022 4 | [Meeting Recording](https://youtu.be/_PFPi5L1rlk) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-april-2022/25013) 5 | 6 | ## Agenda 7 | 8 | - (Jeremie) Approval requested: [Add minutes for meeting on March 08, 2022](https://github.com/ros-security/community/pull/37) 9 | - Discussion around the recently published paper: SROS2: Usable Cyber Security Tools for ROS 2. Please read it in advance so we can have a good discussion. Some suggested discussion questions: 10 | - How can this work help promote usage and usability of SROS2? What's next? 11 | - How do you propose the framework or applied case study from this paper could be incorporated into our secured reference robot? Or contribute to other SWG projects? 12 | - One of the steps in the Devsecops framework is modeling/abstractions for using security, and during the last meeting it was mentioned leveraging NoDL for this aspect. Do you think there's some room for integrating NoDL with this framework? 13 | 14 | ## Attendees 15 | 16 | Roger Strain 17 | Kalle Koivisto 18 | Ruffin White 19 | Gianluca Caiazza 20 | Victor Mayoral-Vilches 21 | Jeremie Deray (artivis) | Canonical 22 | Florencia Cabral | Canonical 23 | 24 | ## Administivia 25 | 26 | ### Approve last meeting minutes 27 | 28 | [Minutes from the meeting on March 08, 2022](https://github.com/ros-security/community/pull/37) were approved. 29 | 30 | ## Paper discussion 31 | 32 | - Discussion around the recently published paper: [SROS2: Usable Cyber Security Tools for ROS 2](https://aliasrobotics.com/files/SROS2.pdf). Some of the main issues discussed were: 33 | - Regarding this work's contribution to promoting usage and usability of SROS2: 34 | - It proposes a methodology for securing ROS 2 computational graphs 35 | - Mapping graphs accurately is at the core of adding security 36 | - Looking forward, some nice ideas include: 37 | - Graphical User Interfaces for the security process 38 | - Other communication middlewares (beyond DDS) 39 | - NoDL to assist in compiling proper representations of graphs 40 | - Challenges while extrapolating which interfaces are being used from the launch files 41 | - Mapping tooling can be understood as complementary 42 | - This work can be brought into the ROS 2 documentation, and promoted to the community via tutorials. 43 | - Need to convey a holistic approach to thinking about security as more than a series of tools; this systematic framework to showcase the maturity of ROS 2 security contributes to this goal. 44 | - Interest in bringing this work into a SWG project. 45 | -------------------------------------------------------------------------------- /meetings/2022_05_17/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 3 | 17 May 2022 4 | [Meeting Recording](https://youtu.be/14M4Ce2_rjE) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-may-2022/25450) 5 | 6 | ## Agenda 7 | 8 | - (Florencia) Approval requested: [Add minutes for meeting on April 12, 2022](https://github.com/ros-security/community/pull/38) 9 | - Discussion on ROS 2 Security documentation, next steps 10 | - Proposal for a series of ROS 2 security research discussions + guest speakers 11 | 12 | ## Attendees 13 | 14 | Gianluca Caiazza 15 | Marco Gutiérrez 16 | Ruffin White 17 | Florencia Cabral 18 | 19 | ## Administivia 20 | 21 | ### Approve last meeting minutes 22 | 23 | [Minutes from the meeting on April 12, 2022](https://github.com/ros-security/community/pull/38) were approved. 24 | 25 | ## Discussion 26 | 27 | - There was a discussion around developing and monitoring documentation and tutorials on security of ROS 2. For example, there are some broken policies provided to the user on talker/listener tutorials that need fixing. Ruffin will open a documentation ticket on the ROS 2 site. 28 | - The paper ["Robot Operating System 2: Design, architecture, and uses in the wild"](https://www.science.org/doi/10.1126/scirobotics.abm6074) was published on the Science Robotics magazine on 11 May. 29 | - It was proposed to have a journal club in some meetings to discuss cutting edge research in the field. 30 | -------------------------------------------------------------------------------- /meetings/2022_06_14/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 3 | 14 June 2022 4 | [Meeting Recording](https://youtu.be/1yhoYe04OpU) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-june-2022/25948) 5 | 6 | ## Agenda 7 | 8 | - (Florencia) Approval requested: [Add minutes for meeting on May 17, 2022](https://github.com/ros-security/community/pull/39) 9 | 10 | ## Attendees 11 | 12 | Andre Santos 13 | Kalle Koivisto 14 | Gianluca Caiazza 15 | Roger Strain 16 | Adam Mitz 17 | Florencia Cabral 18 | Guillaume Beuzeboc 19 | Marco Gutierrez 20 | Roger Strain 21 | Ruffin White 22 | 23 | ## Administivia 24 | 25 | ### Approve last meeting minutes 26 | 27 | [Minutes from the meeting on May 17, 2022](https://github.com/ros-security/community/pull/39) were approved. 28 | 29 | ## Discussion 30 | 31 | - We had a guest presentation by Andre Santos, maintainer of the [HAROS (High-Assurance ROS) Framework](https://github.com/git-afsantos/haros). Andre shared an overview of the tool, a quality assurance framework based on static analysis of ROS code. There was discussion around usage examples, plugins, ROS 2 support, and future directions for development. -------------------------------------------------------------------------------- /meetings/2022_07_12/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 3 | 12 July 2022 4 | [Meeting Recording](https://youtu.be/IUulXXdCWm8) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-july-2022/26344) 5 | 6 | ## Agenda 7 | 8 | - (Florencia) Approval requested: [Add minutes for meeting on June 14, 2022](https://github.com/ros-security/community/pull/40) 9 | 10 | ## Attendees 11 | 12 | Roger Strain 13 | Adam Mitz, Object Computing, Inc. 14 | Gianluca Caiazza 15 | Florencia Cabral Berenfus 16 | Ruffin White 17 | 18 | ## Administivia 19 | 20 | ### Approve last meeting minutes 21 | 22 | [Minutes from the meeting on June 14, 2022](https://github.com/ros-security/community/pull/40) were approved. 23 | 24 | ## Discussion 25 | 26 | - There was a discussion about collaborating on a paper on SROS2, targeting possibly the Journal of Open Source Software (JOSS) (similar to [this](https://joss.theoj.org/papers/10.21105/joss.00456) published paper). 27 | - It was proposed to develop a survey to learn how many people have used SROS2 and their challenges. 28 | - The August meeting is canceled for the summer break. 29 | -------------------------------------------------------------------------------- /meetings/2022_09_13/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 3 | 13 September 2022 4 | [Meeting Recording](https://youtu.be/4WZHi23MV0E) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-september-2022/27260) 5 | 6 | ## Agenda 7 | 8 | - (Florencia) Approval requested: [Add minutes for meeting on July 12, 2022](https://github.com/ros-security/community/pull/41) 9 | 10 | ## Attendees 11 | 12 | - Kalle Koivisto 13 | - Roger Strain 14 | - Florencia Cabral 15 | 16 | ## Administivia 17 | 18 | ### Approve last meeting minutes 19 | 20 | [Minutes from the meeting on July 12, 2022](https://github.com/ros-security/community/pull/41) were approved. 21 | 22 | ## Discussion 23 | 24 | - There has been work over the last few months to enhance FastDDS, to add support for multilayer networks to communicate seamlessly, where ROS security features are enabled too. 25 | - Further discussion around rewriting ROS 2 nodes to move to memory safe languages (ie, Rust). Attendees exchanged information about other projects/developers already doing this, ie [this Github page](https://github.com/jhdcs). 26 | - Discussion around [Zenoh](https://zenoh.io/), following its presentation to [the last TSC meeting](https://discourse.ros.org/t/ros-2-tsc-meeting-minutes-8-18-2022/27050), and the security implications of this. For example, how can there be SROS2 support for Zenoh? 27 | -------------------------------------------------------------------------------- /meetings/2022_11_08/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 3 | 08 November 2022 4 | [Meeting Recording](https://youtu.be/MDPYzRIm-ho) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-november-2022/28049) 5 | 6 | ## Agenda 7 | 8 | - (Florencia) Approval requested: [Add minutes for meeting on September 13, 2022](https://github.com/ros-security/community/pull/42) 9 | 10 | ## Attendees 11 | 12 | - Michael Jeronimo, Open Robotics 13 | - Adam Mitz, Object Computing Inc. 14 | - David Anthony, Southwest Research Institute 15 | - Meera Towler, Southwest Research Institute 16 | - Jeremie Deray (artivis), Canonical 17 | - Florencia Cabral Berenfus, Canonical 18 | 19 | ## Administivia 20 | 21 | ### Approve last meeting minutes 22 | 23 | [Minutes from the meeting on September 13, 2022](https://github.com/ros-security/community/pull/42) were approved. 24 | 25 | ## Discussion 26 | 27 | - We had a guest presentation by Michael Jeronimo from Open Robotics, who is working on the [Space ROS project](https://github.com/space-ros/space-ros). Some of the main points touched on: 28 | - an overview of 3 aspects of Space ROS: Foundation, Tools and processes, and Space-specific functionality, 29 | - the ongoing process for space certification, including tools being used for requirements management, 30 | - code quality analysis tools being used such as [IKOS](https://github.com/space-ros/ikos) and [Cobra](https://github.com/nimble-code/Cobra) with SARIF format input; an integration and analysis dashabord for issue navigation, visualization and dispositioning; and adding dynamic analysis such as MC/DC testing. 31 | - Contributions and input to the Space ROS project are welcome. Some possible areas include contributing to the VS Code SARIF Viewer, SARIF filtering, or the VS Code-based Docker workflow. 32 | - A discussion followed that touched, among other issues, on their efforts to integrate open source tools and processes to help improve software quality in the community. There is space for defining a quality level for ROS packages in terms of security. -------------------------------------------------------------------------------- /meetings/2022_12_13/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 13 December 2022 3 | [Meeting Recording](https://www.youtube.com/watch?v=NOwY3R3Nx10) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-december-2022/28373) 4 | 5 | ## Agenda 6 | - (Florencia) Approval requested: [Add minutes from meeting on November 08, 2022](https://github.com/ros-security/community/pull/43) 7 | 8 | ## Attendees 9 | 10 | - Gianmarco Pisanelli (AMRC) 11 | - Benjamin Morrow (AMRC) 12 | - Ruffin White 13 | - Eduardo Ponz (eProsima) 14 | - Florencia Cabral (Canonical) 15 | - Patrick Dahlke (Apex.AI) 16 | - Yen Yuthnea 17 | 18 | ## Administivia 19 | 20 | ### Approve last meeting minutes 21 | 22 | [Minutes from the meeting on November 08, 2022](https://github.com/ros-security/community/pull/43) were approved. 23 | 24 | ## Discussion 25 | 26 | * The group hosted Gianmarco Pisanelli and Ben Morrow from the [Advanced Manufacturing Research Centre (AMRC)](https://www.amrc.co.uk/) at the University of Sheffield, who gave a presentation about vulnerabilities they discovered in DDS. 27 | * Description of the issue: Currently the security keystores created by ros2 security use a single CA symlinked as both Identity CA and Permissions CA. This opens a security hole where a malicious node can sign its own permissions document with the following steps: 28 | * The node creates a new permissions.xml and signs it with its own enclave certificate and private key. 29 | * The node publishes the signed document over DDS as usual. 30 | * Other nodes attempt to verify the signature; since the enclave certificate is signed by the Identity CA, and the Identity CA is the same as the Permissions CA, the signature is accepted. 31 | * Because there is a chain of trust between this joint CA through the nodes' own certificates, to the new document, other nodes will believe it is authentic. 32 | * It does not seem possible to work around this issue by removing certificate flags; the enclave certificate must have the `digitalSignature` flag to be able to prove its identity and participate in Secure DDS. The solution is to separate the two CA roles into different certificates. That way, although the node could sign a document with its enclave certificate, that document would no longer be trusted because the enclave certificate would not be signed by the Permissions Authority. This would restore the ability to set proper ACLs on the nodes. 33 | * Ben shared a shell script that demonstrates the problem (available as part of [this Github issue](https://github.com/ros2/sros2/issues/282)), and shared a demo during the meeting. 34 | * Eduardo Ponz (eProsima) shared the open [design proposal to support PKCS#11 URIs](https://github.com/ros2/design/pull/319), as an alternative to private keys and certificates stored in the file system. 35 | * Another issue that was brought up relates to key management. When `create_enclave` is run, it generates a key and signs the certificate in a single step. This gives the option to either run this step on the machine where it will be used, or the one that has access to the CA key. The advised approach currently is to run in a separate machine isolated from the robot, then deploy on the robot. However, this is not the best in terms of security practices, as SROS2 does not seem to have an effective mechanism for key transmission between remote nodes. 36 | * The following action points were agreed upon: 37 | * Improve security examples in ROS 2 docs (Eduardo Ponz) 38 | * Revive the design proposal to support PKCS#11 URIs (Eduardo Ponz) 39 | * Look into splitting the CAs, and verifying the chain of trust (Ruffin White) 40 | * Create issues in the sros2 repo to reflect the findings (Ben Morrow) 41 | * Issue open: [Chain of trust issues with a single CA certificate](https://github.com/ros2/sros2/issues/282) 42 | * Issue open: [SROS2 does not seem to have an effective mechanism for keys transmission between remote nodes](https://github.com/ros2/sros2/issues/283) 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /meetings/2023_01_10/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 10 January 2023 3 | [Meeting Recording](https://youtu.be/SZFmDwoYMN0) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-january-2022/23714) 4 | 5 | ## Agenda 6 | - (Florencia) Approval requested: [Add minutes from meeting on December 13, 2022](https://github.com/ros-security/community/pull/44) 7 | 8 | ## Attendees 9 | 10 | - Eduardo Ponz Segrelles (eProsima) 11 | - Adam Mitz (Object Computing, Inc.) 12 | - Ruffin White 13 | - Gianluca Caiazza 14 | - Roger Strain 15 | - Florencia Cabral (Canonical) 16 | 17 | ## Administivia 18 | 19 | ### Approve last meeting minutes 20 | 21 | [Minutes from the meeting on December 13, 2022](https://github.com/ros-security/community/pull/44) were approved. 22 | 23 | ## Discussion 24 | 25 | * There was an update by Ruffin White on the [chain of trust issue](https://github.com/ros2/sros2/issues/282) with the single CA certificate in DDS, which was presented last meeting. This update builds on this [comment](https://github.com/ros2/sros2/issues/282#issuecomment-1377022381) added to the issue. 26 | * A discussion followed that touched on the DDS implementations affected, implications and possible workarounds. 27 | * There was an update by Eduardo Ponz Segrelles on [PKCS #11 support](https://github.com/ros2/design/pull/332). The developers revisited the design and opened a new PR addressing the comments on the original design, and also migrated some of the code on [RMW Fast RTPS](https://github.com/ros2/rmw_fastrtps/pull/565) to a PR for [RMW DDS Common](https://github.com/ros2/rmw_dds_common/pull/66), so other RMW implementations can leverage it. 28 | * The group agreed to rework the tutorials for creating and deploying keystores on the ROS 2 documentation. 29 | 30 | -------------------------------------------------------------------------------- /meetings/2023_02_14/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 14 February 2023 3 | [Meeting Recording](https://youtu.be/nOo80kP_I4E) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-february-2023/29675) 4 | 5 | ## Agenda 6 | - (Florencia) Approval requested: [Add minutes from meeting on January 10, 2023](https://github.com/ros-security/community/pull/45) 7 | 8 | ## Attendees 9 | 10 | - Florencia Cabral (Canonical) 11 | - Ruffin White 12 | - Gianluca Caiazza 13 | - Esteban Martinena Guerrero 14 | - Kalle Koivisto (Unikie / TII SSRC) 15 | - Eduardo Ponz Segrelles(eProsima) 16 | - Patrick Dahlke (Apex.AI) 17 | - Mikael Arguedas 18 | 19 | ## Administivia 20 | 21 | ### Approve last meeting minutes 22 | 23 | [Minutes from last meeting on January 10, 2023](https://github.com/ros-security/community/pull/45) were approved. 24 | 25 | ## Discussion 26 | 27 | * The group had a discussion around code scanning tools and security assurance for ROS projects. Some issues addressed were the status of integrations for ROS, challenges for ROS developers to use them in CI/CD workflows, and any development or documentation needed in that direction. A [request for community input](https://discourse.ros.org/t/inquiry-about-use-of-security-code-scanning-in-ros-projects/29713) was shared before this meeting to incorporate feedback from the community. 28 | * As agreed in the last meeting, a [PR was opened](https://github.com/ros2/ros2_documentation/pull/3318) for expanding the tutorials in the ROS 2 documentation on creating and deploying SROS2 keystores. Some of the feedback provided by the group included possibly adding a `deploy enclave` verb or another such mechanism to ease key deployment. 29 | * There was an update on PKCS #11 design and related PRs, and feedback from the group: 30 | - ros2/design: [ROS2 DDS Security PKCS#11 URI support #332](https://github.com/ros2/design/pull/332) 31 | - ros2/rmw_fastrtps: [Add support for PKCS#11 in security files](https://github.com/ros2/rmw_fastrtps/pull/565) 32 | - ros2/rmw_dds_common: [Add pkcs11 support to get_security_files](https://github.com/ros2/rmw_dds_common/pull/66) 33 | * Update on the chain of trust security vulnerability on DDS, as discussed in previous meetings. There is now a [proposed fix on Fast DDS](https://github.com/eProsima/Fast-DDS/pull/3294). 34 | -------------------------------------------------------------------------------- /meetings/2023_03_14/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 14 March 2023 3 | [Meeting Recording](https://youtu.be/sd8CGz5-Vpg) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-march-2023/30184) 4 | 5 | ## Agenda 6 | - (Florencia) Approval requested: [Add minutes from meeting on February 14, 2023](https://github.com/ros-security/community/pull/47) 7 | 8 | ## Attendees 9 | 10 | - Kalle Koivisto (Unikie / TII SSRC) 11 | - Patrick Dahlke (Apex.AI) 12 | - Florencia Cabral (Canonical) 13 | - Ruffin White 14 | - Gianluca Caiazza 15 | 16 | ## Administivia 17 | 18 | ### Approve last meeting minutes 19 | 20 | [Minutes from the meeting on February 14, 2023](https://github.com/ros-security/community/pull/47) were approved. 21 | 22 | ## Discussion 23 | 24 | - Florencia shared 2 ament wrappers recently developed to integrate static analysis tools: Bandit (supporting Python code) and Semgrep (security rule engine supporting Python, C++, XML, JSON, among others). The Github repos can be found here: [ament_bandit](https://github.com/florcabral/ament_bandit), [ament_semgrep](https://github.com/florcabral/ament_semgrep). Some questions and feedback referred to the output formats (Xunit is preferred), ROS-specific implementation aspects, interest from the WG to support the project, and target repository for upstream contribution. Other members will test the wrappers, and they would be proposed to the [ament_lint](https://github.com/ament/ament_lint) repo. 25 | - Discussion on whether SROS is being used with other middlewares aside from DDS. It has been discussed to get a Zenoh RMW layer, with [zenoh](https://zenoh.io/) support for security features using TLS. This could be helpful for generalizing the security artifact material for deployment, as currently there is only an example for using secure DDS. 26 | - Update on PKCS#11 PR: The most recent feedback requests to not propose the project via the design repo, which is being deprecated, and open a formal REP instead. 27 | -------------------------------------------------------------------------------- /meetings/2023_04_11/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 11 April 2023 3 | [Meeting Recording](https://www.youtube.com/watch?v=fNTe9yfIDfA&feature=youtu.be) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-april-2023/30721) 4 | 5 | ## Agenda 6 | - (Florencia) Approval requested: [Add minutes from meeting on March 14, 2023](https://github.com/ros-security/community/pull/48) 7 | 8 | ## Attendees 9 | 10 | - Robbie Fryers - Airbotics 11 | - Ruffin White 12 | - Eduardo Ponz - eProsima 13 | - Kalle Koivisto - Unikie 14 | - Florencia Cabral - Canonical 15 | 16 | ## Administivia 17 | 18 | ### Approve last meeting minutes 19 | 20 | [Minutes from the meeting on March 14, 2023](https://github.com/ros-security/community/pull/48) were approved. 21 | 22 | ## Discussion 23 | 24 | - Eduardo shared the REP that was opened for DDS Security PKCS#11 Support: [REP-2015](https://github.com/ros-infrastructure/rep/pull/375), as discussed in the last meeting. This is awaiting a review from the maintainers. 25 | - Discussion on use of containers for ROS deployment: limitations that can affect shared memory access or interprocess communication, and security considerations such as running Docker containers as root. 26 | -------------------------------------------------------------------------------- /meetings/2023_05_09/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 09 May 2023 3 | [Meeting Recording](https://www.youtube.com/watch?v=Xis_r6CLnyw&feature=youtu.be) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-may-2023/31232) 4 | 5 | ## Agenda 6 | - (Florencia) Approval requested: [Add minutes from meeting on April 11, 2023](https://github.com/ros-security/community/pull/49) 7 | 8 | ## Attendees 9 | 10 | - Kalle Koivisto (Unikie, TII SSRC) 11 | - Florencia Cabral (Canonical) 12 | - Marco Gutierrez 13 | 14 | ## Administivia 15 | 16 | ### Approve last meeting minutes 17 | 18 | [Minutes from the meeting on April 11, 2023](https://github.com/ros-security/community/pull/49) were approved. 19 | 20 | ## Discussion 21 | 22 | - Florencia requested feedback from the group on ament wrappers: [ament_bandit](https://github.com/florcabral/ament_bandit/tree/main) and [ament_semgrep](https://github.com/florcabral/ament_semgrep) 23 | - Marco shared [a library versioning issue](https://github.com/ros2/sros2/issues/285) affecting the SROS package. This issue is caused by an attribute that has been removed from PKCS#7. It affects Windows currently, but will affect Linux in the future when OpenSSL is updated. 24 | -------------------------------------------------------------------------------- /meetings/2023_06_13/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 13 June 2023 3 | [Meeting Recording](https://www.youtube.com/watch?v=QyYzr0f69y4) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-june-2023/31548) 4 | 5 | ## Agenda 6 | - (Florencia) Approval requested: [Add minutes from meeting on May 09, 2023](https://github.com/ros-security/community/pull/50) 7 | 8 | ## Attendees 9 | 10 | - Patrick Dahlke 11 | - Ruffin White 12 | - Kalle Koivisto - Unikie 13 | - Florencia Cabral - Canonical 14 | 15 | ## Administivia 16 | 17 | ### Approve last meeting minutes 18 | 19 | [Minutes from the meeting on May 09, 2023](https://github.com/ros-security/community/pull/50) were approved. 20 | 21 | ## Discussion 22 | 23 | - Short discussion and questions from members about the security-oriented ament wrappers proposed to the WG. Still pending some CI testing. 24 | - Update on open issues of FastDDS/CycloneDDS interoperability (issues open [here](https://github.com/eProsima/Fast-DDS/issues/3259) and [here](https://github.com/eclipse-cyclonedds/cyclonedds/issues/1547)) 25 | -------------------------------------------------------------------------------- /meetings/2023_09_12/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 12 September 2023 3 | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-september-2023/33271) 4 | 5 | ## Agenda 6 | - (Florencia) Approval requested: [Minutes from meeting on June 13, 2023](https://github.com/ros-security/community/pull/53) 7 | 8 | ## Attendees 9 | 10 | - Cameron Mott (SwRI) 11 | - Victor Manske 12 | - Ruffin White 13 | - Mirko Ferrati (Canonical) 14 | - Florencia Cabral (Canonical) 15 | 16 | ## Administivia 17 | 18 | ### Approve last meeting minutes 19 | 20 | [Minutes from meeting on June 13, 2023](https://github.com/ros-security/community/pull/53) were approved. 21 | 22 | ## Discussion 23 | 24 | - The Canonical team shared 2 reports of vulnerabilities in ROS core packages that it has found through its own analyses. 25 | - The group discussed issues around exploitability, disclosure, and a larger effort to find and fix existing issues in ROS code. 26 | - The meeting was not recorded since the vulnerabilities discussed have not yet been made public. 27 | -------------------------------------------------------------------------------- /meetings/2023_10_10/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 10 October 2023 3 | [Meeting Recording](https://www.youtube.com/watch?v=4nXyK-iK61A) | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-october-2023/33933) 4 | 5 | ## Agenda 6 | - (Florencia) Approval requested: [Add minutes from meeting on September 12, 2023](https://github.com/ros-security/community/pull/54) 7 | 8 | ## Attendees 9 | 10 | - Jishnu Suresh - Lonebots 11 | - Kalle Koivisto - Unikie 12 | - Mirko Ferrati - Canonical 13 | - Florencia Cabral - Canonical 14 | 15 | ## Administivia 16 | 17 | ### Approve last meeting minutes 18 | 19 | [Minutes from the meeting on September 12, 2023](https://github.com/ros-security/community/pull/54) were approved. 20 | 21 | ## Discussion 22 | 23 | - The group discussed a plan to invite a representative from Zenoh MW to talk about its security model, and tasks needed for group-maintained projects such as SROS2 to integrate Zenoh examples and documentation. 24 | - Status of open PRs for group membership requests 25 | -------------------------------------------------------------------------------- /meetings/2023_11_14/README.md: -------------------------------------------------------------------------------- 1 | # ROS 2 Security Working Group Meeting Minutes 2 | 14 November 2023 3 | [Meeting Announcement](https://discourse.ros.org/t/security-working-group-meeting-november-2023/34567) 4 | 5 | ## Agenda 6 | - (Florencia) Approval requested: [Add minutes from meeting on October 10, 2023](https://github.com/ros-security/community/pull/55) 7 | 8 | ## Attendees 9 | 10 | - Kalle Koivisto - Unikie 11 | - Florencia Cabral - Canonical 12 | 13 | ## Administivia 14 | 15 | ### Approve last meeting minutes 16 | 17 | [Minutes from the meeting on October 10, 2023](https://github.com/ros-security/community/pull/55) were approved. 18 | 19 | ## Discussion 20 | 21 | - Progress on [RustDDS](https://github.com/jhelovuo/RustDDS), a memory-safe DDS implementation. Plan to have a presentation and discussion at a later meeting. 22 | - A vulnerability [was reported](https://github.com/eProsima/Fast-DDS/issues/3931) to the FastDDS Github repo recently and shared on the group’s Matrix channel. We discussed the issue and supporting the reporter to get feedback from the project maintainers. 23 | -------------------------------------------------------------------------------- /vuln-remediation.md: -------------------------------------------------------------------------------- 1 | # Vulnerability Remediation 2 | 3 | This document describes the typical process for remediating security vulnerabilies in ROS 2, including those submitted through the process described in [REP 2006, ROS 2 Vulnerability Disclosure Policy](https://www.ros.org/reps/rep-2006.html). 4 | 5 | ## Roles 6 | 7 | The vulnerability remediation process relies upon the following roles: 8 | 9 | ### Reporter 10 | 11 | The individual or organization reporting a vulnerability within ROS. The Reporter may have no prior knowledge of ROS including versioning, repositories or project governance. 12 | 13 | ### Coordinator 14 | 15 | The individual responsible for facilitating the coordinated response process. This includes triaging the initial vulnerability report, identifying a Maintainer responsible for fixing the vulnerability, and tracking the report to a resolution. The Coordinator must, to the best of his or her ability, protect the confidentiality of the vulnerability until a fix has been published. 16 | 17 | ### Maintainer 18 | 19 | The individual or organization responsible for updating the code base to eliminate the vulnerability. The Maintainer also must, to the best of his or her ability, protect the confidentiality of the vulnerability until a fix has been published. 20 | 21 | These roles generally align with standard definitions in [The CERT Guide to Coordinated Vulnerability Disclosure](https://vuls.cert.org/confluence/display/CVD/3.+Roles+in+CVD); however, our *Maintainer* assumes the duties of *Deployer*, and the *Coordinator* also assumes the duties of the *Vendor* and works with Open Robotics as needed. 22 | 23 | ## Process 24 | 25 | This process begins with a vulnerability report sent to [security@openrobotics.org](mailto:security@openrobotics.org). 26 | 27 | 1. **Assign a Coordinator.** Members of the `security` distribution list must reach consensus on the individual to take ownership of the issue. Open Robotics will assign a Coordinator when consensus cannot be reached. 28 | 29 | 1. **Triage.** The Coordinator must quickly determine the severity of the vulnerability. The Coordinator should perform some or all of these tasks to accurately triage the vulnerability and begin handling the vulnerablity: 30 | 31 | 1. **Coordinator acknowledges the report and seeks additional details.** This may require setting up a secure communications channel between the Reporter and the Coordinator. Not all vulnerability reports will need to establish secure comms, but the option should always be available. See below for information to consider requesting from the Reporter. 32 | 33 | 1. **Coordinator confirms scope and applicability.** If the vulnerability is not in scope or not applicable the Coordinator provides feedback to the Reporter. In addition to noting that the vulnerability was not accepted, feedback may include additional guidance such as [how to contact the ROS 2 Security Working Group](https://github.com/ros-security/community#communication-channels). 34 | 35 | 1. **Coordinator assigns a severity.** Severity generally should follow the [Common Vulnerability Scoring System (CVSS)](https://www.first.org/cvss/calculator/3.0), although the CVSS results may be adjusted to account for unique concerns. 36 | 37 | 1. **Coordinator identifies and notifies the responsible Maintainer.** When a vulnerability is in scope, follow "additional guidance" below on how to identify the Maintainer. If secure communications have been established with the Reporter, secure communications should also be set up with the Maintainer. Use the following template to reach out to the Maintainer, include a copy of the message to [security@openrobotics.org](mailto:security@openrobotics.org) (the template may be modified as needed to fit the situation): 38 | 39 | > SUBJECT: [HIGH | Medium | Low] risk security vulnerability in [package name] 40 | > 41 | > A [HIGH | Medium | Low] risk security vulnerability has been identified in [package name]. Please contact me at [contact] to discuss the vulnerability details. 42 | > 43 | > [include if needed] Based on the severity of the vulnerability, the details are particularly sensitive and need to be protected through secure communications. Please send me your public PGP key through which you can receive secure email; if you are unable to send and receive secure email, please let me know and we will establish another secure channel. 44 | > 45 | > [Attach a PGP key or a Key ID] 46 | > 47 | > [Sign the email with the PGP key] 48 | > 49 | 50 | 1. **Coordinator registers a CVE.** Seek help from the [ROS 2 Security Working Group](https://github.com/ros-security/community#communication-channels) if necessary to reserve the CVE. The reserved CVE should not include any detailed information; this will be added after disclosure. All subsequent communications should include the CVE number for traceability. 51 | 52 | 1. **Remediation** 53 | 54 | 1. **Maintainer fixes the vulnerability.** Work should be done locally as much as possible; when the fix is pushed to github the fix becomes visible to the public even though the patch has not been released to users. The final pull request for the fix should include a reference to the CVE in comments for traceability. 55 | 56 | 1. **Coordinator tracks to completion.** This likely will mean periodic update requests to the Maintainer until the Maintainer publishes a fix. Seek assistance from the Security Working Group if needed. 57 | 58 | 1. **Coordinator plans for vulnerability disclosure.** For high risk vulnerabilities or fixes with significant impact, create a communications plan for patch release and full disclosure. The plan should take input from the Maintainer and the Reporter. 59 | 60 | 1. **Disclosure** 61 | 62 | 1. **Maintainer conducts patch pre-notification.** When the fix is ready for release, the Maintainer, at his or her discretion, will notify select individuals that the fix is ready. This notification should be specifically to quickly remediate any build issues caused by the patch, to merge the pull request, monitor as the patch is bloomed, and finally confirm the fix is sync'd into the ROS distro. 63 | 64 | 1. **Coordinator notifies the Reporter that the patch has been released.** At this point the patch is available as an update to ROS users. 65 | 66 | 1. **Disclose the patch to a broader audience as desired.** Follow the vulnerabilty disclosure plan if one exists. Consider notifying the ROS community of the patch availability; for example, with a general post to [ROS discourse](https://discourse.ros.org/). 67 | 68 | 1. **Coordinator updates CVE details.** Include a link to the patch and final CVSS details. 69 | 70 | 71 | ## Additional Guidance 72 | 73 | ### Identifying the Maintainer 74 | 75 | If the Maintainer of the vulnerable package is not well known, check for a tag in the package's `package.xml` file. Also review recent activity for the package, and contact a recent pull request merger to find a responsible person. 76 | 77 | ### Requesting information from the Reporter 78 | 79 | Reporters may have a wealth of additional details about the vulnerability which they are willing to share when asked. Consider requesting some or all of the following: 80 | 81 | - Operating system 82 | - ROS distro 83 | - ROS package and ROS package version 84 | - Robot that you were testing 85 | - How to reproduce the issue 86 | - Do you have / can you provide a git patch to fix the issue? 87 | - Do you have a docker image, a snap, or similar artifacts to share? 88 | 89 | ### Unresponsive Maintainers 90 | 91 | As documented in [REP 2004, Package Quality Categories](https://ros.org/reps/rep-2004.html), ROS packages at quality level 1 and 2 are required to follow disclosure guidelines. The Coordinator should remind the Maintainer of their obligations under REP 2004, and escalate to the ROS 2 [Technical Steering Committee](https://index.ros.org/doc/ros2/Governance/) if necessary. 92 | 93 | 94 | ### The `security@openrobotics.org` distribution list 95 | 96 | This email distribution list is to be used exclusively for the public to report ROS vulnerabilities. Unless explicitly labeled otherwise, conversations to the list are considered private and confidential. Follow the [CISA Traffic Light Protocol (TLP)](https://www.cisa.gov/tlp) guidance for TLP:RED information usage and sharing. 97 | 98 | Distribution list membership will be maintained by Open Robotics. Membership must be broad enough to ensure coverage for timely response to Reporters. No email aliases or shared mailboxes may be included in the list. 99 | 100 | Individuals added to the distribution list must adhere to the following principles: 101 | - You must be able to take ownership of reported vulnerabilities and act as the Coordinator through remediation. When high risk vulnerabilities are reported, this means vulnerability coordination becomes your highest priority until a fix is released. 102 | - You must reach out to the Security Working Group or individual members of the Working group when you need assistance in handling vulnerability reports. 103 | - You must be able and willing to handle PGP-encrypted email. 104 | --------------------------------------------------------------------------------