Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
ROS 2 / Security Working Group / 9 Feb 2021
ROS 2 / Security Working Group / 9 Feb 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: ROS 2 Security Working Group (2021-02-09)

Description

Meeting minutes: https://github.com/ros-security/community/tree/master/meetings

A

And record it um so first question uh uh just like to get approval on the working group meeting minutes for uh our last meeting, which was the demo by marco. Does anybody have any remaining comments or concerns about that.

A

And anybody to give me an approval on this.

A

I saw a nod.

B

From kyle.

A

As far.

B

As I'm concerned,.

A

All right, thank you. um Next thing we had on the agenda, uh ted was going to give us an update on the launch, secure features. I know he's been doing some work on that. So it's all yours, yeah.

C

So, instead of adding the launch secure functionality directly into ross launch, they decided that, rather than introduce the dependency on no dl and kind of you know clutch this whole uh new argument and s ross dependency and key generation code into the roster launch stack that they would create an extension system for us to launch where you could add arbitrary flags to it and with that inject code into the ros launch stack, I was expecting this to be a much longer term project, but uh jeff briggs banged it out got it done and uh currently has a pull request up for the extension system to launch ross, which is the package that implements frosty launch.

C

um Along with that there is the separate package. Roster launch, underscore security, uh that's the proof of concept! It's my original implementation of the secure flag as a standalone package that injects itself using their plug-in system.

C

And uh yeah, currently it's there's a pull request up on launch underscore ross for the extension system, we'd like to get that reviewed and merged in so that uh we can create this for us to launch security package on our own. Do you have links ted yeah? Let me gather them.

D

While he's doing that roger, I know I know that you've been working on on some designs for for roster launch itself. um I don't know if this slots into anything you're wanting to do, but it really does open up a whole slate of new possibilities.

E

Yeah, I actually, I definitely want to take a look at this and see where that is. I actually think I'm getting fairly close, I'm getting the stuff. I've done ready. um I've gotten through the hairiest bits, I'm just trying to tie up some use cases and got a couple of little things to add.

E

So, hopefully, that's going to be ready to go before too long here and it'll be interesting to see how much overlap there is with this and how much it's kind of independent, but in the same package.

D

Yeah very good.

C

Yeah, so the first one is uh this pull request from jeff briggs uh and once again, if we could get some reviews on this going, that would be very appreciated.

C

And the implementation, uh we probably are going to look at re-implementing here, just cleaning up the repo, since this was a proof of concept jeff banged out. But if you guys want to see the security extension.

B

Is at sorry.

C

Down the.

C

Tab is at this address.

B

So yeah.

C

That's it on the update to the uh launch ross, secure extension. I I.

D

Just I threw one more link in there to the original pull request that that you made ted um just just in case. People want to see the progression of things between the code that we actually modified in roster launch as opposed to what it looks like standalone.

C

Sure and uh yeah: that's it.

A

Thanks anybody have any more questions about launch secure where that stands.

A

All right, so, the other thing that I had on the uh on the agenda was just to follow up on the demos that we had uh last two meetings. We went through, uh move it and then uh the robotics middleware framework- um and you know all that- was uh just to look for a good use case or multiple use cases on uh implementing security on a real world system.

A

uh Two reasons, one just to get some good good proof of concept, some uh demo that we could show folks how it's done and another thing, uh if I understand it right, was for us to actually prove out and try out and experiment uh and do more work with the security options, uh get more granular with uh permissions and things like that, um and then for my part, as we were talking about both movement and rmf, we it hurt um uh opportunities.

A

I think, to explore some of the features that we really want to dig into a little bit more. um So my uh curiosity is where, where do we go from here um and one of the options that and one of the options is to look into this a little bit more into you know and to pick uh some work to do with movement or rmf? We could also look at uh just exploring some other uh frameworks.

A

um You know if there's something else, that's come up since then, uh but with that I'll, throw it out to the group. What do you think? Where do you want to go from.

D

Here.

D

I think if there are no further frameworks, these are both. These are both interesting candidates that we should be digging into further.

D

um The question is: should we just focus on one or should we continue kind of looking at both of them to tease out which one is really the best.

A

Candidate.

A

So a whole lot of silence, I'm wondering: does anybody have cycles that they plan to spend on doing this?

A

uh You know: is this something that we can actually get done within the next, uh not too distant future, and that would be actually working with um either the rmf folks with movement folks to just put together a tutorial and demonstrate how to actually implement security based on their goals.

B

Sorry, I'm just I've been digging through the links that you guys have put up so.

F

So on, on the rmf side, we we do we we are going to need security, so we do have cycles to to spare on this. um So from our side. Well, we we will be spending time on on having um secure cross running along with adam.

A

Marco, do you have any particular focus areas? I know one of the things that seemed very interesting to you was about certificate revocation. I don't know that. We've gotten a further on answering your questions on that, but is there any other particular areas you want to focus on.

F

um Okay, let me pull the list, I think the garden regarding ross, the the revocation is the the most important one right now, I would say.

A

Yeah I get the feeling that the whole um certificate chains and hierarchies also fits in with your concerns about hardware. um You know when introducing bogus hardware or some hardware goes missing, or you lose control of it. I understood that right.

B

Yeah great.

F

um Something that so regarding regarding third parties, hardware, um one of our concerns is uh if, if there's ways to somehow certify that certain levels of security on third party systems, um once once you get into uh multiple robot systems, it it becomes, and then we we're also talking about like multiple vendors, so it becomes, I feel like it. It becomes very tricky.

A

So this is this is interesting, I'll, throw this I'll, throw the same question out to the group in a very different way here. um It feels, like uh the rmf use case, has a lot to do with implementing a solid certificate hierarchy, so the idea of having a ca or multiple cas intermediate cas that are trusted trying to revoke them. um The idea of, maybe even uh you, know, uh seating, some of that to a vendor or middlewares, and so on.

A

So there's a lot to explore there I'll contrast that a lot with what I, what seems to be the issue with move it um where they are looking to do a lot more of the granularity of allowing certain nodes to do certain things have read, only um have permissions for debugging certain nodes without you know other. So it's a lot more in uh writing the actual policy files.

A

um So I think you know if we want to just thinking this this through, it seems like it makes sense to actually potentially uh work, both use cases with uh just a different focus on two different areas that I think we want to spend more time on. So any reaction to that.

B

uh Roger, do you happen to know where we are currently with this sort of stuff.

E

No at the top of my head, no.

B

Yeah last I checked we were in a sort of a state of flux.

B

So.

A

So does anybody have any suggestions on that? You know again going back to where we want to go from here. um Do we need to table this until our next meeting uh do we, you know, have some cycles to spend on um you know working on rmf or I'm working on move. It.

A

Sounds like everybody's pretty booked right now.

A

So I know from for for myself, uh you know I'm digging a bit into movement, move it's pretty easy. It ended up pretty easy to set up so now I want to start um digging into applying some of the security features there um and I actually do have uh uh meaning uh potential meetings set up with henning, uh it's probably later on next week. So.

D

Given that marco, you said you had some cycles to work on this on at least not on on your side, is there is there a way we can? Would it be helpful to set up an out-of-band meeting where we can help bootstrap this a little bit more or.

D

How can we, how can we support you.

F

um I was thinking, maybe I can uh try to come up with like a walk like a concrete list of issues and then maybe we can. We can discuss either on a separate meeting or maybe a next meeting. Yeah.

D

That would be really helpful.

F

Okay, yeah I'll do.

A

That so so that actually, okay, thanks kyle, that that helps so so, let's proceed this way, then, uh marco, if I can uh ask you to tease out some more of the use cases and then we'll put that on the agenda for our next meeting to actually look at what things uh you need help with uh any problems you've encountered or where you want to go from there, and maybe we can prioritize there, yeah we'll be able to prioritize I'm going to do the same with uh henning I'll, move it um and see he.

A

He actually, after our meeting he reached out and said he had thought of some more specific things. um They wanted to do so I'll reach back out to him uh and and gather that and bring that to the next meeting as well.

A

So we'll call that the way forward, unless anybody has any comments, I'm sorry, marco.

F

Yeah that sounds good thanks. Okay,.

A

All right, so moving on the only other thing that I had on the agenda uh is, we did have our uh open quality issues. This is a discussion we've had uh and uh towards the last half of last year um there uh I I did capture them in a kind of rough summary form uh in our meeting minutes and I'm just gonna leave them there. um Just to you know, keep them in front of us. We wanted to keep them in front of us to uh see if we could continue making some progress.

A

I don't know a lot of them were related to documentation, if you recall, um so I don't know if anybody's had a chance to review them or if you have any comments or anything has changed since the last time we looked at them.

D

uh

A

Does anyone.

B

Know it.

D

Does anyone know if rco pi is is trying to move to a higher quality level.

D

All right never mind this is relevant, but but not particularly into the to the documentation.

B

But I don't think I've ever heard of that before so sorry,.

A

Yeah we had an issue with uh before we could declare a higher quality level. We needed our dependencies, which includes rco pi, which I think was uh high.

B

Sorry yeah, I I mis, I misheard it as axial pi and I'm like that. Does sound robotics.

D

Really.

B

Today, I'm like this real wheel package.

A

All right, so, let's just keep that in mind. uh If you have an opportunity to work on that, that'd be great as well, um and then we only had two action items uh uh that were still left on the list. One was uh had to do with our test failures, uh and one of them was uh was actually on. Mine was to draft guidance for vendors on creating a vulnerability disclosure policy simply haven't worked on that because I haven't seen a lot of um I'll have a need for it.

A

So I was kind of waiting for.

B

Wait wait.

D

So I make more sense: it's a way to be approached yeah.

A

So so that's all I had on the agenda. Does anybody have any other new business or any new things to talk about that? They want to cover.

B

Is this vulnerability disclosure policy somewhat similar to what minor is.

A

So it is it's it's based on um mitre and related documents, but basically the the original document was written so that uh the public anyone pen, testing against raws or anything like that would actually have a place where they could find a little bit of information about how to submit a vulnerability. So it's written for the non-braz community, the external community, um to uh just give guidance on how to report a vulnerability, yeah and kyle linked to that the rep, and that was we had worked on that before you joined the group. I.

A

Believe.

A

All right does anybody else have anything or often you join just in time for us to close.

B

Oh well.

D

Hurry add them to the attendee list.

B

Yeah, okay,.

A

All right, so, if nobody has anything else, then I'll go ahead and call it, um and uh we will see you next time and uh and marco and I will try to gather some more detailed requirements about movement and rmf um and go from there. If you have anything, of course, you know always drop it in matrix at any time.

A

All right, thank you very much appreciate it and I'll see you in two weeks thanks, everybody.

B

Thank you very much. Thank thank you guys, bye, take.

B

Care you.