►
From YouTube: ROS 2 Security Working Group (2020-12-15)
Description
Invited talk on Privaros.
B
All
right
so
thanks
everyone
for
coming,
we'll,
go
ahead
and
get
started,
go
ahead
and
the
designated
presenter
can
go
ahead
and
share
their.
B
A
Okay,
so
welcome
everyone.
We
are
a
team
from
a
computer
system
security
lab
at
indian
institute
of
science
bangalore
in
this
paper.
In
this
presentation
I
will
present
our
work.
Prevaros.
A
Our
paper
concerns
the
problem
of
privacy
in
the
age
of
drones.
End
user
drones
are
now
commonly
available
for
few
hundred
dollars
and
it
is
predicted
that
this
use
case
will
grow
even
more
in
the
future.
Drones
are
equipped
with
sensors
such
as
camera
and
gps,
which
poses
threat
to
individual
privacy.
A
A
A
However,
even
in
this
setting,
we
need
mechanisms
to
enforce
a
privacy.
This
is
because
delivery
drones
visit
various
host
airspaces
as
a
part
of
their
delivery
route.
Each
host
airspace
may
have
different
privacy
needs.
The
responsibility
lies
on
the
guest
delivery
drone
to
prove
to
the
host
airspace
that
they
are
in
compliance
with
the
privacy
requirements
of
the
host.
A
A
In
this
paper,
we
contribute
privacy,
which
is
a
drone.
Software
stack
with
mechanism
to
enforce
privacy
policies
specified
by
the
host
airspaces
privacy
adds
mandatory
access
control
policy
enforcement
to
ross,
which
is
a
middleware
in
robotics
and
drone
platform.
Priveros
runs
on
the
guest
delivery
drones
and
enforces
the
host
privacy
policies.
A
It
uses
hardware
attestation
on
the
guest
drone
to
prove
to
the
host
space
that
the
drone
is
in
compliance.
Trusted
hardware
is
not
a
far-fetched
idea.
In
fact,
many
upcoming
regulations,
such
as
a
digital
sky,
which
is
proposed
by
the
government
of
india,
requires
commercial
drones
to
be
equipped
with
trusted,
hardwares
and
associate
cryptographic
keys.
A
When
a
drone
fleet
operator
wishes
to
send
a
drone
on
a
delivery
route,
the
drone
contacts,
the
aviation
authority
with
its
identity
and
a
proposed
drone
a
delivery
route
and
also
presents
a
hardware
based
attestation
to
its
software
stack.
In
particular.
A
drone
must
prove
to
the
avsn
authority
that
it
is
running
preveros,
enable
software
stack.
A
A
A
A
A
A
In
privacy,
we
use
trusted
application
to
declassify
sensitive
information.
In
this
case,
we,
the
trusted
blood,
filter
application,
is
entrusted
with
the
task
of
identifying
sensitive
objects
such
as
faces
and
blurring
them
suitably.
We
rely
on
host
to
identify
these
applications
to
perform
the
job
of
declassification.
A
A
A
A
Applications
running
on
a
ros
platform
publishes
a
message
under
a
topic
such
as
camera.
In
this
case
publishing
to
a
topic.
Camera
output
applications
such
as
navigator
can
subscribe
to
this
topic.
Ross
uses
a
dynamically
a
dynamic
discovery
protocol
offered
by
the
dds
to
match
up
the
publisher,
and
subscribers
once
the
match
up
has
happened.
Raw
establishes
direct
a
network
socket-based
communication
via
the
underlying
operating
system.
A
As
it
stands,
vanilla
ross
does
not
perform
any
security
checks.
It
is
easy
to
spoof
message
messages,
impersonate
application
and
inject
a
message
to
address
this
issue.
Secure
ros
is
developed
which
encrypts
the
communication
between
applications
also
prevent
obvious
attacks,
such
as
message,
spoofing
message,
injection
and
also
authenticates
application.
A
A
A
This
will
require
application
code,
and
this
will
basically
require
us
to
modify
the
application
and
also
to
regenerate
the
manifest
and
also
the
introduction
of
tested
application,
since
the
applications
are
not
written
in
such
are
not
written
in
such
a
way
such
that
they
will
communicate
with
trusted
application
to
perform
the
redirection.
A
Application
so
so
a
perivarous
enhances
these
shortcomings.
A
A
A
I
remember
the
problem
of
network
checks
where,
at
the
level
of
lsm,
socket,
send
and
receive
message.
The
recipient
information
is
not
available
in
order
to
solve
this
problem.
What
we
did
is
we
attached
a
process
identifier
and
we
propagated
it
down
to
the
network
stack
and
then,
while
receiving
at
the
receiving
end,
we
performed
the
check.
A
So
this
is
how
we
were
able
to
reduce
the
network
checks
to
fine
grained
that
is
specifying
to
which
process
the
current
process
can
communicate
to
why
this
network,
via
the
sockets.
A
A
A
A
A
In
the
sros
manifest,
if
topics
are
not
present,
then
application
cannot
publish
or
subscribe
to
it.
So
so
without
any
change,
we
cannot
perform
the
redirection.
Therefore,
what
we
did
was
we
over
a
provisioned
application
with
the
temporary
topics
so
that
the
so
that
we
can
redirect
flows
by
the
trusted
applications.
A
So
for
this
during
the
manifest
checks
in
we
are
temporarily,
so
we
have
a
fixed
set
of
topics.
We
do
a
bypass
of
such.
A
So
the
main
thing
is
how
to
change
publisher
and
subscribers,
which
are
bound
to
topic
once
they
are
created
in
the
application
in
the
application
layer.
We
need
to
modify
code
in
order
to
change
this,
so
this
is
obviously
not
a
feasible
approach
in
the
dds
layer.
We
simply
cannot
replace
the
publishers
and
subscribers
by
creating
a
new
one.
A
So,
therefore,
in
in
order
to
change
so
the
so
the
application
still
so,
if,
if
you
want
to
perform
the
redirection,
we
cannot
modify
the
publisher
and
subscribers
of
the
application
application
doesn't
know
the
topics
are
changed,
but
still
the
redirection
happens.
This
we
were
able
to
achieve
this
by
modifying
the
our
readers
and
the
writers.
A
So
if
the
application
themself,
I
won't
reestablish
the
connection,
then
that
connection
won't
happen.
So
the
the
problem
here
is,
if
the
connection
is
terminated,
then
who
will
initiate
the
means
connection
to
solve
this
problem?
We
leverage
the
dds
discovery
protocol
so
which
is
means
advertised
periodically,
so
that
new
connections
will
be
formed
whenever
we
replace
a
data
writer
with
a
new
one.
F
So
roger
may
I
answer
that
question.
This
is
yeah,
so
it's
it's
a
very
good
question.
So
and
you
know
if
you
were
to
consider
essentially
like
cylindrical
zones
in
some
sense,
this
problem
would
arise
where
in
some
sense
you
know
you
just
have
a
cylinder
rising
up
from
the
from
the
boundaries
of
the
area.
But
so
you
know
different
countries
have
different
regulations.
F
One
of
the
things
that
digital
sky,
which
is
the
one
that
we
have
studied
a
little
bit,
is
proposing
digital
sky
is
the
is
a
standard
proposed
in
india.
Is
that
around
certain
regions,
for
example,
airports
they're,
proposing
conical
regions?
Okay,
so
it's
like,
so
what
so?
The
the
air
space
the
restricted
airspace
rises
like
a
cone
from
from
the
from
the
you
know,
the
location
that's
to
be
protected,
so
you
know,
as
you
approach
you
know,
you'll
have
to
go
down
the
boundary
of
the
coal.
F
So
when
you're,
when
you're
really
close
to
the
probably
only
when
you're
a
few
meters
above
the
ground,
can
you
be
really
close
to
the
boundary
as
you
rise
higher
and
higher
you're
supposed
to
be
further
and
further
away?
Does
that
make
sense
I
was
trying
to
you
know.
E
Yeah,
I
I
I
see
perfectly
what
you're
talking
about
there,
which
that
leads
to
the
second
thing
that
I'm
wondering,
because
if
you
do
have
that
capability,
then
that
means
that
you
know
adjacent
places
could
potentially
have
overlapping
areas
that
would
be
subject
to
both
policies.
Absolutely
is
there
any
problem
with
contradictory
policies.
F
Excellent
question:
this
is
not
something
that
we
have
investigated
yet
you
know
our
first.
Our
first
attempt
here
was
to
provide
the
basic
capability
to
enforce
mac.
I
think
there's
a
lot
of
potential
here
to
investigate
you,
know,
policy
languages
and
how
to
investigate
conflicts
between
policies.
You
know:
can
policy
should
policies
just
be
described
in
terms
of
gps
coordinates,
or
should
you
consider
pitching
the
yaw
of
the
drone?
All
of
these
things
are
questions
worth
investigating.
We
haven't
yet
looked
at
them,
so
I
don't
have
good
answers
for
you
right
now.
B
Well,
I
have
a
few
could:
could
you
go
back
to
maybe
the
slide
about
the
redirection,
the
topic
redirection,
so
I
glanced
at
a
bit
of
your
patches
a
while
ago,
and
it
went
one
of
your
modifications
that
you're
you'd,
like
you
stated
in
rclcbp,
is
that
you
had
to
account
for
this
this
switching
or
this
sort
of
indirection,
whereas
prior
you
had
the
camera
driver,
the
navigation
stack
communicating
over
this
camera
output
topic
and
you
sort
of
inject
your
filter
application
sort
of
seamlessly
in
in
between
as
a
sort
of
a
middleman,
to
provide
the
the
sensor
sanitization.
B
A
Yeah,
so
for
that
redirection
of
either
topic
you
need
to
relaunch
the
application.
Is
that
right.
B
If
so,
so
in
ross
you
you
can
like
swap
topics
but
yeah.
That
does
involve
a
you
know
like
a
decons
destruction
of
and
construction
of,
a
of
a
data
reader
and
data
writer.
As
far
as
I'm
aware,
but
it's
it'd
be
sort
of
unusual
to
I.
B
I
see
like
this
as
some
kind
of
merit
here
that
it
would,
it
would
be
very
seamless
for
the
user,
and
that,
like
you
know,
they
have
some
sensitive
data
flow
and
they
just
label
it
as
such,
but
being
a
little
bit
more
explicit
would
simplify
a
few
things
in
that
you
wouldn't
necessarily
have
to
modify
the
dds
layer
and
the
rcl
layer
with
this
in
direction.
B
The
the
other
thing
is
here:
you
describe
a
scenario
where
yeah
you're
correct
that
in
dds
you
could
use,
you
could
reuse
the
same
topic
name
and
it
could
be
po
and
over
that
topic
could
be
published.
Multiple
idl
types
or
different
topic
types,
so
you're,
correct.
There's
there's
nothing
that
like
enforces
you
what
the
topic
type
has
to
be
over
a
certain
topic
name,
but
that
would
be
considered
abnormal.
B
I
think
in
in
the
ross
like
you
would
you
would
you
would
start
getting
lots
of
logging
errors
and
a
developer
would
normally
try
to
avoid
ever
double
using
a
topic
like
that.
Because
of
this,
it's
not
a
thing
that
ross
normally
supports.
B
I
think
like
ross
speak,
because
it's
all
it's
all
distributed
now.
I
think
you
know
ross
kind
of
work,
but
I'm
not
sure
a
single
camera
process.
Node
could
publish
over
the
same
topic
of
two
different
types.
Imagine
it
it
might
issue
an
error,
but
the
subscribers
could
sort
of
work
it
out,
but
yeah.
That's
that's
just
something
that
maybe
maybe
a
remark
but
cool.
A
True
so,
basically
like
the
the
publisher
still
can
means
have
the
means,
some
multiple
publishers
with
the
same
topic
name,
but
the
application
won't
crash
in
ros2.
B
B
And
then
the
the
modifications
you
had
to
do
with
the
with
app
armor,
I
see
you
had
some
patches
to
that
and
the
linux
security
module.
So
that's
for
having
a
link
security,
module,
enforce
the
inter-process
communication
restrictions.
B
That
seems
pretty
novel
there.
Do
you
want
to
dive
a
little
deep
there.
A
So
yeah,
so
the
main
problem
in
a
vanilla,
app
armor
is
it's
not
means
expressive.
So
basically,
you
can
just
specify
whether
an
application
can
communicate
by
the
network
or
not
so
here
in
in
our
settings.
Since
we
are
dealing
with
stopping
the
communication
among
a
different
processes
so
and
a
ros
uses
a
socket-based
connection,
it
can
be
a
udp
or
tcp.
So
we've
wanted
a
method
in
which
we
can
specify
to
which
applications
current
process
can
communicate
to
even
by
the
network.
Sockets.
A
So
here
in
this
case,
if
you
specify
that
camera
cannot
talk
to
the
navigation
software
and
also
so
then
so
then
in
the
policy
we
won't
have
the
navigation
software.
A
E
A
If
it
is
there,
so
this
problem
comes
of
so
this
is
basically
will
be
an
information
flow
control
problem.
Then
so
here,
since
we
are
using
mandatory
access
control,
then
yes.
F
No,
so
so,
actually
let
me
answer
that
so
in
this
particular
platform,
which
is
a
mandatory
access
control
based
platform,
the
owners
of
I
of
rejecting
bad
flows,
falls
on
the
policy
developer.
So
you
know,
when
you
have
a
platform
like
this
you're
expected
to
have
written
down
these
these
policies,
almost
like
an
essay
linux
policy
and
look
for
bad
instances
of
flows,
so
in
some
sense
the
the
onus
of
of
ensuring
that
no
such
leaks
exist
comes
via
policy
analysis.
F
Now
we
are
working
on
an
extension
to
ross
that
allows
you
to
do
this
dynamically.
That's
what
rakesh
is
saying
which
allows
you
to
do
information
flow
control
by
tracking
labels
at
runtime,
but
that
system
is
not
yet
ready.
So
as
it
stands,
you
will
have
to
analyze
the
policy
ensure
that
there
are
no
such
applications
that
leak
data
like
this,
without
going
through
a
trusted
application,
but
you're
right
I
mean
if
there
was
a
node
between
the
camera
and
the
navigation
software
that
didn't
go
through
the
trusted
blood
filter.
B
When,
when
it's
inspecting
the
socket
connections,
supposedly
over
the
local
host
network
between
two
process,
co-located
on
the
same
host,.
B
I
think
that's
something
already
that
the
dds
access
control
plug-in
would
already
kind
of
inspect
it.
You
know
it
would
verify
the
credentials
and
permissions
of
the
other
node
and
decide
whether
it
wants
to
initiate
the
communication.
B
Is
there
another
advantage,
aside
from
of
of
having
this
this
discretion
in
the
blank
security
module
rather
than
just
the
dds
transport
is?
This
is
something
that
could
also
be
used
to
control,
whether.
B
A
So
I
just
do
again
just
to
be
a
clear
on
the
question.
A
dds
itself
is
just
not
like
enough
for
the
protection
right,
because
these
are,
I
means
at
the
end
processes
and
they
can,
let's
say
open
up
a
socket
connection,
and
if
they
are
written
in
such
a
way
that
they
can
directly
communicate
among
themselves,
then
they
can
still
use
the
network
sockets
to
communicate.
B
F
Right
so
one
of
the
main
contributions
of
this
work
was
to
ensure
that
protection
happens
both
at
the
ross
layer
as
well
as
the
sorry.
You
know,
this
access
control
happens
both
at
the
ross
layer
as
well
as
the
os
layer,
but
one
an
important
point.
F
Design
consideration
was
to
ensure
that
the
trusted
computing
base
is
the
os
alone,
so
that
you
know
the
only
functionality
that
we
leave
to
ross
is
actually,
you
know,
deny
any
flows
that
already
exist,
but
so
sorry,
the
the
os
can
deny
flows
even
if
they
are
allowed
in
draws.
So
ultimately,
the
os
says
no,
even
if
ross
allows
the
flow
that's
not
allowed.
F
So
that's
something
that
I
think
we
have.
We
have.
We
placed
a
little
bit
of
thought
on.
We
didn't
want
to
extend
that
to
the
application
layer.
B
Oh
the
flow
control
topic.
So
can
you
explain
what
was
the
role
every
every
node
has
to
subscribe
to
this
flow
control?
Topic
is
that's.
What's.
A
So,
at
the
end,
these
are
distributed
processes.
A
Right
so
moving
on
to
our
evaluation,
we
now
present
a
snippet
where
we
illustrate
the
performance
impact
of
redirecting
flows
through
a
trusted
application,
as
required,
for
instance,
to
enforce
blood
exported
policy.
Our
evaluation
platform
is
nvidia,
jetson
tx2,
which
is
equipped
with
arm
dress
zone.
A
A
A
This
is
inevitable
and
we
view
this
as
a
cost
of
privacy.
Enforcement
power
also
increases
by
a
small
amount
about
1.8
percent.
A
We
now
consider
a
blur
filter
application
that
performs
some
computation
on
the
input
image
stream.
As
a
result,
the
latency
further
increases
and
power
consumption
goes
up
by
8.1
percent
compared
to
the
base
case.
Note
that
this
is
highly
domain
specific,
depending
upon
the
nature
of
the
computation
that
happens
within
the
trusted
application.
B
B
For
the
impact
that
sanitizing
the
data
had,
this
was
done
over.
This
was
implemented
with
a
node
over
at
the
local
loopback
or
and
not
necessarily
compose
nodes
or
using
shared
memory.
Transport,
correct.
B
D
F
C
F
So
you
know
just
to
give
a
little
bit
more
context.
Right,
I
mean
one
of
the
pain
points
here
with
mac.
Was
that,
although
you
can
enforce
these
policies
of
this
of
this
kind,
the
onus
is
on
the
developer
to
ensure
that
the
policy
ensures
you
know,
secrecy
and
site-specific
security
goals.
F
So
so
that
motivated
us
to
work
on
this
dynamic
information,
flow
control,
based
approach
for
ros,
and
we
are
working
on
top
of
a
system
called
cam
query
for
that
which
provides
you
know
such
tracking
within
the
linux
kernel,
and
we
are
extending
it
into
the
ros
layer
also.
So
we
want
to
bring
the
notion
of
ros
topics
together
with
the
notion
of
information
flow
labels
at
the
os
level.
So
that's
the
project,
but
we
are
still
a
ways
off
from
completing
it.
F
Yes,
it's
called
cam
query
or
cam.
Query
is
the
one
that
we
are
using.
That
extends
another
system
called
cam
flow,
it's
from
the
university
of
british
columbia,
but
I
think
there
was
a
cambridge
connection.
Also,
that's
why
it's
called
cam
flow.
B
I'm
trying
to
remember:
do
you
know
what
type
of
of
label
operations
it
performs?
Is
it
just
sensitivity
or
is
it
also?
Does
it
have
sensitivity
and
privacy
labels.
F
So
you
know
the
the
the
base
system
is
just
a
label
propagation
system
right
and
your
labels
are
64-bit
values.
You
can
feel
free
to
assign
semantics
to
them.
So
it's
it's
going
to
propagate
labels
at
the
level
of
os
level,
artifacts
things
like
processes,
sockets
files
and
so
on.
So
that's
what
that
is.
B
One
thing
you
have,
though,
with
simple
labels
is
the
enable
an
inevitable
label
creep
where,
yes,
as
as
things
as
information
propagates
through
the
system,
it
achieves
a
level
of
sensitivity
that
is
almost
like
no
longer
usable
that
no
one
can
actually,
because
everyone's.
C
B
F
No,
no,
no,
no.
The
linux
project
is
just
basic
infrastructure
for
label
propagation.
Now
you
can
sort
of
bless
certain
applications
for
declassification
and
that's
what
we
are
doing
right
I
mean
we
want
to
bring
this
notion
of
trusted
applications
that
that
we
refer
to
in
this
talk
to
also
that
problem
there.
First
of
all,
we
want
to
understand
the
problem
of
label
creep
in
a
practical
raw
space
system.
You
know
maybe
like
a
real
robot.
You
know.
F
To
what
extent
is
their
label
creep
and
then
sort
of
figure
out
how
to
design
these
trusted
applications
where
to
place
them,
and
so
on,
so
that
you
know
we
can
declassify
the
the
data
flows.
So
all
of
those
will
be
part
of
the
empirical
evaluation
of
this
work
once
it's
ready,
but
that's
an
excellent
point.
Yes,.
C
D
Actually,
I
have
another
question
since
I
was
going
through
the
github
repo
and
I've
seen
a
lot
of
notification
on
the
kernel,
which
you
know
it's
it's
pretty
pretty
hard
if
you,
if
you
have
update
on
the
kernel-
and
you
need
to
bring
the
code
here
and
there
so
about
the
code,
how
much
of
it
is,
you
know
necessary
to
be
there
or
has
been
incorporated.
That
has
not
been
completely
written
by
you
with
you
guys.
D
Yeah,
because
I've
seen
that
a
lot
of
modifications
are
embedded
inside
the
kernel
and
I'm
always
concerned
about
those
kind
of
modification.
You
know
if
something
is
modified
at
the
kernel
level,
you
need
to
bring
everything
in
the
new
version
and
such
you
know,
you're
having
a
lot
of
code
base.
That
is,
you
know.
Hardcoded
is
usually
a
pain
in
he
has
to
manage.
That's
that's
a
question.
If
it's
all
necessary
or
it's
something
that
you
included,
then
you
learn
some
somewhere
else
or
something
yeah.
C
Yeah,
absolutely
I
understand
that
concern
I
mean
that's
why
we
tried
our
level
best
to
make
all
our
modifications
within
the
security
module
itself.
So
I
mean
you
know
the
the
lsm
infrastructure
allows
you
to
create
modules
right,
I
mean
in
the
sense
it's
not
we're,
not
touching
the
core
kernel
components
like
you
know
the
memory
of
the
sec,
the
networking
subsystem,
but
we
had
to
make
a
slight
exception
for
the
networking
component
because
it
was
necessary
to
you
know,
propagate
the
pid
of
processes
through
the
network
stack.
C
So,
for
example,
we
tried
doing
this
via
net
filter
hooks,
but
to
our
understanding
the
net
filter
hooks
aren't
in
process
context
in
the
sense
that
at
the
let's
say,
the
ip
4
output
hook,
you
don't
know
which
process
actually
sent
that
packet.
So
we
had
to
you
know,
sort
of
create
a
workaround
which
involved
modifying
the
network
stack,
and
that
was
very
little.
Actually
it
was
just
about.
C
You
know,
I
think,
not
more
than
30
or
40
lines
of
code,
but
apart
from
that,
most
of
our
changes
are
to
you
know
the
security
module
apartments,
security
module
exclusively.
B
Are
other
patches
you'd
be
willing
to
maybe
push
upstream,
because
I
think
those
are
fairly
valuable.
B
I'm
saying
to
maybe
submit
a
pull
request
to
the
code
base
and
maintain
yourself.
C
Yeah
yeah,
so
that
is
something
which
will
require
a
lot
more
work.
We
haven't
thought
about
that,
but
certainly
that
is
something
we
could
explore.
Yeah.
Thank
you.
We
will.
We
will
definitely
look
at
that.
B
B
One
thing
we
have
in
the
works
with
s
ross
is
this
concept
of
node
idl,
where
you
have
a
description
manifest
describing
what
interfaces
the
node
itself
and
the
on
the
more
abstract
level
and
the
terms
of
its
interactions
with
the
computation
graph,
what
it
requires
for
what
it
minimally
requires
for
a
basic
operation,
and
then
that
is
something
that
we
would
use
and
the
sros
tooling
to
auto
generate
the
access
control
permissions.
B
And
so
we
have
something
a
prototype
where
you
can
have
an
existing
running
system
and
then
audit
that
system
by
taking
a
snapshot
of
the
connectivity,
topic
connectivity
and
then
translating
that
into
a
yep.
So
jeremy,
let's
put
up
the
node.idl
docket
and
then
that's
something
that
that
srs
would
would
consume,
generate
the
minimum
spanning
policy
that
they
would
translate
to
the
dds
security
artifacts.
B
But,
like
you
said,
it
would
take
a
little
bit
more
analysis
on
the
data
flow
to
verify
that
you
know
you
aren't
leaking
sensitive
information
through
a
side
channel
or
that
you
left
a
loophole.
B
We
we
have
the
policy
generation,
the
idl
is
still,
I
think
they
have
canonical's
been
working
heavily
on,
that
they
have
a
a
prototype
and
a
design
dock.
You
can
read
right
now,
so
I
think
that's
something
that
could
probably
be
incorporated
into
this
larger
scheme
of
validation.
F
So
I'm
just
curious,
so
this
is
at
the
manifest
level
for
each
application
right.
What
you
just
mentioned.
B
Yeah
it's
this
sort
of
additional
manifest
we've
that
is
is
authored.
On
aside
from
the
so
aside
from
the
there
could
be
the
you
know
there
could
be.
I
think
it
might
be
pretty
hard
some
code
analysis
and
maybe
where
you
could
acquire.
B
This
manifests
either
through
static
analysis
of
the
code
to
figure
out
what
topics
it's
using
or
again
through
runtime
measurements,
but
that
might
be
a
more
advanced
topic.
I
think
right
now
we're
just
thinking
about
where
library
maintainers,
who
are
domain
experts
for
the
sub
application,
that
they're
that
they're
designing,
would
then
provide
sort
of
default,
sane,
idl
files
or
node.edl
files.
That
would
then
be
appropriate
for
end
users
to
incorporate
when
generating
their
unique
security.
Artifacts.
F
B
Yeah
yeah,
so
I
mean
that
sort
of
inherent
difficulty
in,
like
you
know,
secure
dds
and
that
the
permissions
are
sort
of
static
once
you've
once
you've
loaded
the
dds
participant
and
it's
acquired
its
credentials.
B
The
default
plugin
at
least
doesn't
have
like
a
means
of
like
changing
that
dynamically,
which
makes
it
easy
for
like
this
centralized
like
governance,
but
that
rigidity
yeah.
It's
not
quite
as
flexible
there's,
been
discussion
with
some
dds
vendors
on.
B
How
we
may
be
able
to
update
so
if,
if,
if
a
say
a
ross
node
finds
that
needs
to
dynamically
subscribe
to
a
new
topic,
it
could
self-update
its
own
credentials
if
it
had
a
key
server
request
mechanism
of
like
contacting
a
ca
for
new
credentials.
But
that's
that's
a
bit
far
in
the
future.
B
Yeah,
I
think
I
think
the
the
patches,
though,
like
this
indirection,
seems
pretty
tough
to
like
I'm,
not
sure
if
we
would
be
able
to
upstream
that
into
like
rcl
cpp
is,
would
would
it
be
more
sane
to
take
like
eventually
take
the
approach
where
you
would
be
explicit
on
these
redirections
for
sanitizing
the
data
in
the
launch
file,
as
opposed
to
having
the
flow
controller.
F
Yeah,
so
you
know
this
is
so
one
of
the
things
that
we
were
trying
to
work,
one
of
the
constraints
that
we
were
trying
to
work
within
was
you
know
if
you
had
a
commodity
or
off
the
shelf,
sros
application
with
a
with
a
manifest
that
was
baked
in
then
you
know:
how
do
we
get
everything
to
still
work?
If
you
had
the
ability
to,
let's
say,
tailor
the
manifest
files
to
a
particular.
F
You
know
communication
graph
or
to
a
particular
scenario.
You
don't
need
to
go
through
all
of
these
things
right
where
you
have
these
additional
topics
and
so
on.
F
So
all
of
these
things
arise
only
because
we
were
working
within
the
constraints
of
existing
applications
and
baked
in,
in
some
sense
manifest
files
where
we
can't
really
change
the
manifest
files
without
having
to,
without
issuing
a
fresh
certificate
for
the
application.
B
Yeah,
because
the
entire
stack
is
cryptographically
signed
exactly
on
the
disk
and
you
still
need
a
way
of
of
modifying
it.
Okay,.
F
So
so
that
was
a
design
consideration
as
well.
That
went
into
the
system.
I
mean
clean
slate
right
yeah,
you
can
just
say
look,
this
is
the
communication
graph
I
want
and
then
go
top
down
generate
all
the
manifest
files
and
that's
all,
and
then
you
know
you
issue
the
certificates
for
the
applications.
It
all
works
within
the
sros
framework.
F
But
of
course
you
know
you
still
have
to
do
os
level
enforcement
in
case
there
are
any
malicious
applications
that
try
to
communicate
outside
of
the
the
dds
and
ros
framework,
but
that's
the
app
armor
stuff
so
ross
alone.
If
you
had
the
ability
to
go
top
down,
that's
what
we
would
have
done,
but
we
also
wanted
to
have
the
ability
to
support
existing
ros
applications,
while
only
probably
minimally
requiring
this
additional
topic.
B
So
you
guys
were
using
arm
trust
zone
and
the
the
jetsons.
What's
what's
your
experience
with
that.
A
Stories,
I
guess
yeah,
so
you
mean
to
know
about
the
documentation
regarding
the
zoom.
B
It's
it's
it's
something
that
the
working
group
has
been
interested
in
with
like
having
a
dds
plug
like
I,
I
think
arm
was
working
on
a
little
project
for
a
while
and
implementing
the
dds
security
plug-in
with
arm
trust
zone.
B
F
So
one
thing
I
must
clarify
is
that
our
use
of
the
trust
zone
was.
It
was
only
for
the
purposes
of
attestation
in
the
sense
of
testing
the
normal
world.
Where
you
know
ross
and
everything
runs,
we
didn't
build
anything.
We
didn't
incorporate
any
ros
components
inside
the
secure
world.
If
that's
what
you
are
you're
you're
asking.
C
A
Yeah
the
main
problem
with
nvidia's
adjacent
tx2
is
lack
of
the
documentation
and
also
the
forms
of
form
support
is
not
that
good.
A
B
To
what
extent
is
the
is
the
other
station?
It's
it's
verifying
that
this
is
my
file
system.
This
is
the
processes
that
have
been
launched
from
the
executables
on
this
file
system.
Is
there
any
is
there?
What
else
do
you
end
up
having
to
verify
or
do.
F
F
Anything
static
is
what
we
are
doing
right
now,
which
is
you
know
in
some
sense
it's
an
overkill
for
transom
I
mean
we
are
doing
standard
tpm
like
attestation
right
now,
but
we
want
to
make
richer
use
of
the
truss
zone.
F
So,
if
you're
familiar
with
samsung
knox
the
technology
they
use
to
protect
the
normal
world
at
runtime
by
shepherding
sensitive
operations
through
the
secure
world,
we
were
trying
to
mimic
that
for
a
while
outside
of
this
project,
of
course,
but
you
know
that's
not
described
in
this
paper
this
paper,
it
was
mostly
just
the
priveros
side
on
the
normal
world
with
bare
bones
attestation,
just
to
show
that
you
know
without
I
mean
in
the
sense
that,
without
a
root
of
trust,
a
hardware
root
of
trust,
you
can't
really
trust
anything
on
the
drone.
F
So
we
took
the
bare
minimum
route
of
trust
and
date,
attestations
which
are
tpm-like.
Of
course,
you
know
that
has
known
problems.
Also,
time
of
check
to
time
of
use,
you
might
measure
everything
and
then
the
adversary
may
replace
the
software
stack
of
the
drone.
So
as
it
stands
as
described
in
the
paper,
we
are
vulnerable
to
that,
but
samsung
knocks
like
enhancements,
which
is
basically
a
bunch
of
current
enhancements,
would
allow
you
to
prevent
that,
to
a
larger
extent
that
we
currently
do
so
even
samsung
knox
is
not
perfect,
though.
F
Yeah,
so
I
don't
know
if
that,
if
that
explanation
made
sense,
but
the
nox
technology
is
also
described
in
another
paper
from
2014,
it's
called
hypervision
across
worlds,
so
they
describe
how
kernel
modifications
can
extend
to
beyond
just
spot
checks
that
are
obtained
from
attestations.
You
can
extend
it
to
kernel
lifetime
integrity,
module
or
certain
characters.
F
It
was
called
hypervision
across
worlds
that
describes
the
basic
technology
that
goes
into
samsung
knox,
which
is
what
is
found
in
all
our
phones
now,
so
it's
called
hypervision
across
words,
and
then
there
was
something
else
in
the
title.
I
think
real-time
kernel
integrity,
protection
or
something
like
that,
but
it
was
from
a
team
from
samsung
at
ccs
2014.
B
Anyone
else
have
any
general
questions
or
topics
they
want
to.
B
B
Well,
it's
a
little
past
the
hour,
so
I
don't
want
to
keep
people
for
too
long
but
feel
free
to
contact
the
speakers.
If
you
have
follow-up
questions,
I
wanna
thanks
the
speakers
for
coming
and
giving
this
awesome
talk
and
then
you
guys
are
also
presenting
so
thursday
or
friday
at
the
cyber
security
robotics
conference.
F
No
no,
no.
This
was
that
our
work
was
presented
at
ccs
in
november.
B
The
original
publication,
I'm
thinking
of
the
announcement
that
I
think
dieber
put
out
on
this
course,
I'm
sorry.
Let
me
go
get
that.
B
All
right-
hey-
maybe
I
missed
this-
remembering
you
know,
drop
the
link
you
will.
Certainly
everyone
here
is
attending
will
probably
be
interested
in
this
as
well.
It's
happening
later
this
week.
F
C
Thanks
thanks,
I
appreciate
roughly
for
setting
this
up
and
and
thanks
to
the
members
for
presenting
again
like
ruffin
said.
I
think
it
was
really
interesting
and
valuable
as
well
for
us
are
you
able
to
share
the
slides
that
you
presented,
so
I
can
upload
them
for
the
group.
F
Yeah,
let
me
just
share
a
link
to
the
paper
and
to
this,
to
a
shorter
version
of
the
slides.
Rakesh
can
post
everything,
so
we
also
have
like
a
demo
video
and
all
that
they're
all
at
this
link
right
here.
I
just
posted
it
on
the
chat
window.