[Discourse.ros.org] [Next Generation ROS] ROS2 Security

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Discourse.ros.org] [Next Generation ROS] ROS2 Security

Dirk Thomas via ros-users


Compared with ROS, ROS2 take more secure communication into consideration at the beginning of its design which will be built upon the Data Distribution System (DDS) specified by OMG and DDS defines security mechanisms in its DDS Security Spec. However, in ROS2 DDS is wrapped by a very thin (e.g feature-lean) layer which does not necessarily allow the use of all DDS features. In addition, not all DDS implementations also include the DDS security features. The default transport implementation wrapped in ROS2 is Fast RTPS which does not implement the whole DDS specification but only the RTPS transport layer. This layer however, does not specify any security by itself, is this supposed to be added by DDS on-top ?

I saw there is SROS2 (https://github.com/ros2/sros2) which provides the tools and instructions to use ROS2 on top of DDS-Security, will it be the official branch to enable ROS2 security separately?

Anyway, what's the current plan or target for ROS2 inherent security ?

please help clarify/share if any guy know more details :slight_smile: , thanks !





---
[Visit Topic](https://discourse.ros.org/t/ros2-security/2273/1) or reply to this email to respond.


If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
[hidden email]
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <http://lists.ros.org/mailman//options/ros-users>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Discourse.ros.org] [Next Generation ROS] ROS2 Security

Dirk Thomas via ros-users


Thanks for your interest in the security of ROS 2! We share your interest in this topic, and want ROS 2 security features to be available "from day one."

In fact, as of very recently, Fast-RTPS now includes the Authentication and Encryption plugins of the DDS-Security standard:
http://docs.eprosima.com/en/latest/security.html
This version of Fast-RTPS is distributed with the Beta 2 version of ROS 2, which was released last month (June 2017).

We intend to support security features that can pass through the various adapter layers in ROS 2 and target both open-source middlewares (e.g., Fast-RTPS) as well as various proprietary middlewares (e.g., RTI Connext Secure) as our resources permit.

The work in the SROS 2 branches was merged into the "mainline" ROS 2 trees last month, just before the release of Beta 2.

Cheers!





---
[Visit Topic](https://discourse.ros.org/t/ros2-security/2273/2) or reply to this email to respond.


If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
[hidden email]
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <http://lists.ros.org/mailman//options/ros-users>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Discourse.ros.org] [Next Generation ROS] ROS2 Security

Dirk Thomas via ros-users
In reply to this post by Dirk Thomas via ros-users


Thank you for your sharing, @codebot could you please share me more details regarding the following points:

[quote="codebot, post:2, topic:2273"]
We intend to support security features that can pass through the various adapter layers in ROS 2 and target both open-source middlewares (e.g., Fast-RTPS) as well as various proprietary middlewares (e.g., RTI Connext Secure) as our resources permit.
[/quote]

for example, where to find the detail to learn more technical detail :smile:

As for SROS2, now it's merged into the ROS2 mainline, does this mean that the mainline is always enough to use the ROS2 security features from the current to the future ? or the further development will continue on SROS2 when necessary but merge the work on SROS2 into the mainline at a certain ROS2 release milestone?  thank you !





---
[Visit Topic](https://discourse.ros.org/t/ros2-security/2273/3) or reply to this email to respond.


If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
[hidden email]
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <http://lists.ros.org/mailman//options/ros-users>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Discourse.ros.org] [Next Generation ROS] ROS2 Security

Dirk Thomas via ros-users
In reply to this post by Dirk Thomas via ros-users


Thanks for you interest in ROS 2 security!

[quote="Roser, post:3, topic:2273"]
As for SROS2, now its merged into the ROS2 mainline, does this mean that the mainline is always enough to use the ROS2 security features from the current to the future ? or the further development will continue on SROS2 when necessary but merge the work on SROS2 into the mainline at a certain ROS2 release milestone?
[/quote]

The sros2 repository is mostly to provide tools to generate and manage security files more easily. The support for DDS-Security has been added within the core of ROS2  itself (you can find the set of changes on various repository on [this issue](https://github.com/ros2/ros2/issues/339)). DDS-Security support is now a "core" feature of ROS 2 and will be developed and integrated following the same process as any other ROS 2 features.
So ROS2 will always ship with DDS-Security support from now on.

[quote="Roser, post:3, topic:2273"]
for example, where to find the detail to learn more technical detai
[/quote]

Are you looking for details about DDS-Security itself ? or how DDS-Security is wrapped in the ROS2 interface ?

If the former, I think that the best resources are the [DDS-Security specification](http://www.omg.org/spec/DDS-SECURITY/1.0/) provided by OMG. For details about specific implementations, refer to the vendor's DDS-Security section [here](http://docs.eprosima.com/en/latest/security.html) for Fast-RTPS, through the RTI Portal for Connext (the information is not public AFAIK).

If the latter, the set of pull requests referenced in [#339](https://github.com/ros2/ros2/issues/339) will give context about how the security parameters are passed down the layers of the ROS2 stack. In brief you can decide to create a secure node in ROS2 by simply defining [environment variables](https://github.com/ros2/sros2/blob/master/SROS2_Linux.md#define-the-sros2-environment-variables), the user code itself is exactly the same.
The RCL layer will ensure that the directory to find the security files exists and pass it to the rmw_<VENDOR> layer. Each rmw implementation will use it's own logic to find the specific files and configure the participant accordingly (see [rmw_fastrtps_cpp](https://github.com/ros2/rmw_fastrtps/pull/103/files) and [rmw_connext_cpp](https://github.com/ros2/rmw_connext/pull/225/files) to see how ot's done for the 2 currenty supported vendors). Once the participant created with these settings, the DDS implementation will take care of performing the authentication / encryption / access control functions.

Hope this helps





---
[Visit Topic](https://discourse.ros.org/t/ros2-security/2273/4) or reply to this email to respond.


If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
[hidden email]
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <http://lists.ros.org/mailman//options/ros-users>
Loading...