►
From YouTube: ROS 2 Security Working Group (2019-12-11)
Description
Meeting notes: https://wiki.ros.org/ROS2/WorkingGroups/Security
A
Well
great
thanks
for
every
for
joining
us
today.
The
link
to
the
agenda
is
in
the
notes
here
on
the
side.
I'm
in
mean
boy,
I,
think
and
me
made
notice.
We'd
said
that
sort
of
keep
the
running
notes
out
of
the
agenda.
This
is
just
for
the
current
meeting
and
we
throw
it
up
onto
the
onto
the
Roz
wiki.
A
So
it's
sort
of
an
easy
to
find
place
so
with
that,
but
we
also
are
going
to
do
these
meetings
one
time
in
the
afternoon
like
this
for
us
and
one
time
earlier
in
the
day,
so
we
can
get
people
no
matter
what
time
zone
they're
in.
So
if
we
got
to
work
for
everybody,
so
I
think
I've
got
everybody
for
10
minutes
later.
A
So
the
first
thing
we
were
talking
about
was
from
Sid
who's,
a
security
robotics
person.
Here
it's
a
Michael,
but
he
he
unfortunately
had
that
head
out
right
now.
I'll
take
that
one.
B
All
right
so
so,
we've
been
talking
to
approxima
about
adding
a
logging
plugin
to
faster
TBS
and
I
mentioned
this
briefly
in
the
matrix
room
as
well
the
the
goal.
What
we're
trying
to
enable
is
is
getting
data
back
into
a
sim,
you
know,
and
actually
actually
being
able
to
monitor
security
events
on
a
robot
and
and
also
extract
security
events
for
other
purposes
like
like
training,
rough
and
right.
B
We
talked
about
that,
and
so
we've
been
looking
at
what
we
need
to
get
things
into
tools
like
like
Splunk
or
Nagios,
etc,
and-
and
we've
come
up
with
a
number
of
questions
that
we
wanted
to
present
to
to
to
the
group.
The
big
one
is,
if
you're,
using
Ross
to
obviously
and
security
events
are
being
exported
using
the
DDS
security
spec.
Well,
you
actually
end
up
seeing
are
are
things
that
are
happening
at
the
DDS
level,
which
we're
concerned.
Obviously,
things
get
mangled,
and
services
and
actions
look
different
right.
C
When,
when
we
were
scraping
the
discovery,
DDS
traffic
to
auto-generate
the
precise
DDS
permissions,
or
at
least
the
the
Ross
policies
that
then
we
liked,
we
went
up
and
down
up
again.
But
that
was
an
example
where
we
have
I.
Have
a
pull
request.
I
think
that's
in
the
draft
of
adding
the
script
to
convert
RTI,
SQLite,
recording
of
discovery
traffic
and
generate
the
Ross
abstractions
of
the
policy,
but
they
had
to
do
the
D
mangling,
and
that
was
all
using
XML
templates.
But
there's
an
example
there
of
how
the
D
mangled
okay.
B
C
Would
I
would
have
to
ask
what
what
additional
aspects
do
you
want
to
start
logging?
Aside
from
you,
know,
DDS
wire
event,
you
know,
like
you
tried
to
attempt
a
handshake
and
it
was.
It
was
failed
because
the
SSL
certificate
Ernie,
the
x.509
certificate,
was
behind.
There's
nothing
else.
What
what
other
higher
level
of
things
are
you
thinking
of
monitoring
well.
B
A
I
could
see
it
use
case
to
where
you'd
have.
Besides,
just
you
know,
the
the
handshake
didn't
work
things
they
okay,
well,
a
box
has
been
compromised
and
it's
sending
bad
data,
and
it
can't
understand
it
because
I
was
trying
to
you
know
use
that
as
a
vector
for
a
DDoS
against
another
robot
right.
So
that's
sort
of
what
we're
thinking
about
it.
B
D
D
D
B
D
B
D
D
D
B
D
In
the
case
of
that,
world
wing
was
roughing
on
the
security
side
because
we
wanted
it
to
be
embedded
in
the
template
logic.
We
actually
implemented
them
in
Excel,
but
it's
not
necessarily
a
good
idea
to
keep
going
or
implementing
route
if
we
actually
want
to
have
some
things.
That's
like
adds
a
level
of
LCL
or
on
the
balloon
and
say
well
and
how.
B
D
Yes,
that's
why
I
had
like
a
couple
questions
on
the
approach
just
to
know
if,
first,
if
you
IDs
only
following
security
events
or
shooting
about
like
looking
events
in
general
and
then
how
do
you
envision
that,
in
a
sense
of
like,
if,
if
we
need
to
change
how
implementations
actually
drugging,
that
means?
Basically,
it
assumes
that
we
have
enough
power
as
rows
to
security
people
to
push
changes
to
all
these
devious
implementations,
which
maybe
you're.
B
D
D
D
My
only
point
like
what
I
wanted
to
bring
every
like
it
may
be
tricky
for
some
of
them
and
and
so
relying
on
like
that
Spotify
CRM
debris
implementation
doesn't
try
to
deal
with
logging
with
like
DTS
logging
itself
and
tries
to
just
deal
with,
like
whatever
error
codes
they
return
or
just
like
pass
along
the
message
they
actually
through,
because
I
can
imagine
many
reasons
for
many
companies
to
not
allow
us
to
say
hey.
You
should
do
log
in
your
software
that
so
I
think
it
may
be
a
tricky
battle
to
win.
D
B
It's
an
excellent
point
to
say,
and-
and
we
haven't
talked
to
anyone
else-
either
it's
really
mostly
a
I
guess
it's
more
of
a
proof
of
concept
right
now,
a
seeing
if,
if
the
different
vendors
are
interested
and
and
this
one
was
at
least
and
then
also
seeing
what
sort
of
tools
we
can
enable
with
it,
and
then
we
can
potentially
take
what
we've
made
two
other
DDS
vendors
saying
you
know
people
are
using
this.
This
is
this
is
useful.
D
I
wouldn't
know
at
least
ulti
I
would
know
for
sure
if
there
is
any
plan
or
if
we
can
push
any
like
global
agenda
in
the
lurking
plug
in
description,
so
that
if
it
actually
makes
it
to
the
next
wave
of
the
spec,
was
an
exploration
of
the
specs
and
it's
much
easier
to
achieve
people
to
buy
him,
and
then
he's
actually
said
all
we
set
it
on
something
else.
If
we
could
be
aware
of
that,
before
suspect
comes
out,
that
makes
so
work
easy
on
outside
I'm,
not
a
member
for
every
so
I.
B
D
C
B
B
D
Usually
of
all
these
DDA
stuff,
Esther
tends
to
make
it
into
spec,
because
the
de
facto
standard,
not
things
that's
gonna,
be
in
case
was
the
lacking.
Just
that
in
general,
would
be
good
too.
We
could
let
just
shoot
anyway
Gerard
or
something
just
to
have
an
ID
if
it's
bearing
the
same
direction.
Yeah.
C
B
Okay,
well
I
think
it
sounds
like
we
all
agree
that
this
is
an
interesting
direction
and
the
mangling
is
important
and
we
have
some
good
directions
there.
Although
I
need
to
flesh
out
our
notes
here,
your
weakest
anything
does
anyone
else
have
anything
they
want
to
discuss
on
this
topic.
I
appreciate
all
the
pointers
you
gave
me
there,
especially
on
the
D
mingling.
C
The
distance
team
angling
me
Kyle
mentioned
that
there's
C++
functions
I
just
be
wearing
that
we
want
to
make
sure
that
we
can
keep
the
either
the
logging
or
the
transform
or
the
the
management
kind
of
infrastructure
independent
in
the
sense
that
maybe
you
don't
need.
Ross
installs,
either
monitor
this
traffic
or
two
to
generate
certificates.
That
kind
of
thing
you're,
like
it's
nice,
to
make
the
spec.
So
there
isn't
like
a
single
implementation
that
defines
the
spec
and
it's
really
hard.
D
So
that's
something
we
we
noticed-
and
this
case
was
rough
in
a
little
bit
back
when
we
did
not
have
any
like
security,
focused,
get
a
org
unit
and
things
like
that
which
was
totally
fine
at
the
beginning,
because
we're
just
developing
everything
and
distress
to
repo.
Now
that
we
starting
having
like
more
tools,
more
ideas,
more
demos,
we're
thinking
of
maybe
creating
a
specific
argument
for
that
way.
Ahead
of
you
ready
here.
C
D
If
we
and
I
didn't
see
many
security
related,
we
wasn't
there
I
know
I
just
started
eating.
I,
wonder
which
made
me
wonder
like
is
like.
Is
this
and
Amazon
org
unit
that
is
mostly
used
for
synchronizing
Amazon
work
on
rose
two
related
things
in
general?
Oh,
is
this
gonna
be
the
end
place
where
all
the
non-security
thing
will
be
moved
out
and
well?
We
should
move
or
the
other
like
the
things
that
I
mean
the
other
organs
like
here
for
security
purposes.
So.
B
B
I
need
to
talk
to
Tomas
about
that
a
little
bit
more.
But
but
the
end
goal
of
this
is
is
exactly
what
you're
saying
and
we've
actually
started.
We've
got
it
draft
up
now.
Here's
that
here's
a
link
to
to
sort
of
how
the
working
group
takes
on
ownership
and
maintenance
of
new
projects
and,
and
that
thing
and
and
one
of
the
things
that
I
think
really
do
make
sense
to
have
there
is
s
trust.
Now,
I
don't
know
that
that
is
any
of
our
calls.
B
D
B
D
B
D
Well,
that's
perfect,
so
maybe
maybe
then
I
should
like
maybe
table
my
discussion
because
I'll
have
a
look.
Maybe
we're
gonna
be
duplicating
a
lot
of
discussion
and
so
I
just
want
you
to
bring
up
that
like
we
had
this
all
you
needs
right
now
and
that
also
it's
a
bit
unclear
who
approves
versus
who
rent
CIA
versus
who
merges
the
honest,
trust
and
I.
Guess
yes,
I
agree.
D
B
That's
a
good
idea:
go
go
through
the
poor
request
that
I
just
I
just
pasted.
We've
got
to
add
it
to
the
notes
now
as
well
and
and
leave
any
comments
you
have
there
I
think
it
outlines
the
approval,
the
the
review
process
fairly.
Well,
hopefully,
it'll
answer
those
questions
and
obviously,
if
you
have
any
others,
you
can
ask
him
there
or
we
can
talk
about
it
next
month
or.
A
D
Sounds
good
and
just
to
loop-de-loop
I
also
chatted
with
Jacob
an
issue
open
robotics
people
at
Ross
guns.
That
also
say
yes,
sure,
like
the
Astros,
like
no
one
had
open,
robotic
surgery
right
now,
maintaining
or
implementing
anything,
and
so
totally
families,
people
from
the
working
group
actually
taking
taking
over
and
but.
B
B
You
know
outlines
of
other
motivations
other
other
things
that
are
made
possible
by
having
such
an
idea
once
that
actually
lands.
We
will
also
propose
how
we
plan
to
use
this
from
a
security
aspect,
and
we've
been
drafting
these
things
in
Google,
Docs,
roughen,
Jacob,
Mikaela,
I,
don't
remember
if
you
have
access
but
I'm
happy
to
share
access
to.
Whoever
wants
to
to
work
on
these
we've
got
Google
Google
Docs
for
all
of
these.
We
can
work
on
them
together
and
then
proposin
once
we're
all
happy.
B
But
we
can
also
just
talk
about
it
on
the
pull
request
as
well.
I
just
wanted
to
mention
that
we
proposed
it
and
it's
out
there
for
review
whoever
wants
to
talk
about
it
and
if
you've
got
any
any
things
you
want
to
talk
about
now.
That's
that's
fine
to
roughen.
Did
you
want
to
talk
about
this?
Oh
yeah.
C
This
is
something
that
really
hoping
we
get
around
to
and
it's
going
to
be
part
of
one
working
when
I
get
back
in
January
is
incorporating
information
for
control
into
this.
So
where
we
add
security
labels
to
topics
and
then
we
can
sort
of
static,
the
validate
IFC
on
the
computation
graph
I
wanted
to
ask
and
how
far
you
think
we
could.
We
could
potentially
take
this
and
if
there
avenues
that
we
can
take
to
lighten
their
load,
to
like
you,
so
what
a
particular
example
is
I
see.
This
is
advantageous
for
quality
of
service.
C
Where
we
can
you
G,
have
you
know
we
can
annotate
a
topic
by
type
and
that
helps
like
a
sanity
check
that
you
know
two
topics
of
a
different
type
and
it
can
connect
and
then
there's
one
step
forward
it
like.
Oh
look.
You
OS
settings
match,
there's,
there's
already
literature
out
there
in
terms
in
its
physically
in
DDS,
trying
to
statically
analyze,
whether
Q
s
terms,
match
and
also
dynamic
terms
were
like.
If
you
have
nodes
that
are
changing
their
QoS
settings
dynamically,
whether
two
participants
will
continue
to
retain
a
connection
and
match.
C
Do
you
think,
there's
ways
of
where
we
could
have
our
IDL
just
more
or
less
do
a
reference
to
an
external
QoS
document?
In
that
way,
the
QF
that
Q
s
document
could
be
used
at
runtime?
For
you
know
configuring,
but
it
would
also
be
used
for
the
IDL
description
would
be
like
what
this
particular
topic
requires.
So
taking
these
kind
of
Avenue
of
breaking
out
the
description
and
components
that
are
used,
that
at
runtime,
so
that
you
know
not,
everything
is
just
loosey-goosey
in
terms
of
where
things
could
have
a
chance
of
getting
out.
D
B
So
so
let
me,
let
me
make
sure
I
understand
what
you're
saying
so.
We've
we've
got,
as
you
mentioned,
QoS
is
part
of
whether
or
not
topics
match
up
and
so
I
think
they
obviously
make
sense
to
be
in
the
IDL
in
some
form.
Right
and
we've
got
that
included
in
what
we've
designed
so
far.
But
what
what
you're
asking
is
is
is,
instead
of
requiring
that
to
be
specified
in
the
interface
filed
as
we've
defined
it.
B
C
It's
not
like,
like
currently
I,
think
a
lot
of
the
DDS
vendors
have
their
own
proprietary.
Well,
I.
Think,
there's
also
a
OMG
effort
to
kind
of
make
the
configuration
for
QoS
settings
in
XML
sort
of
unified.
You
know
RTI
as
their
one
format.
That
starts
you
guess,
if,
if
they
were
all
the
same,
I
think
that'd
make
it
a
lot
easier
for
us.
A
C
Before
that
occurs,
maybe
maybe
we
should
think
of.
Do
we
duplicate
the
QoS
kind
of
description,
their
own
idea,
or
do
we
have
some
kind
of
tool
that
infers
what
the
configuration
is?
And
so
maybe
you
can
only
do
static
analysis
if
all
the
Q
of
s
XML
files
are
referencing
in
your
idea,
are
all
the
same:
RM
w
or
DDS
vendor,
but
yeah?
This
is
the
QoS
option.
In
GDS
we
usually
like
external
documents.
C
B
Interesting
I'm,
so
I
haven't
dealt
with
QoS
a
lot
so
you're
way
more
up
to
speed
on
this
than
I
am
but
but
when
I
have
seen,
are
they
off
the
objects
you
create
in
Python
or
C++
I've,
not
actually
seen
an
XML
file,
so
I
I'm
a
little
out
of
my
depth.
There
is
what
we
were
designing
was
mostly
corresponding
to
the
objects
that
that
are
in
code,
but
if
I
didn't
I
didn't
actually
realize
that
you
could
specify
them
outside
in
a
standalone
document.
B
But
but
honestly
we
have
that
problem.
The
duplication
right
outside
of
QoS
and
so
I'd
like
to
figure
out
a
way
to
to
only
have
the
interface
written
in
one
place,
long-term
right,
I,
don't
know
that
we'll
be
able
to
swing
that
yeah
I
obviously
need
to
read
this.
Thank
you
so
I'm
wondering
if,
instead
of
trying
to
come
up
with
a
way
to
not
duplicate
QoS
settings,
we
come.
We
try
to
design
a
way
to
not
duplicate
the
entire
interface.
Does
that
does
that
make
sense,
or
is
that
way
too
way
too
ambitious?.
B
D
D
And
also,
how
do
you
actually
propose
to
me
like
over
writes
because
it
seems
that
are
curious
or
things
like
that
already,
like
integrator
application
dependence,
and
so
if
someone
provides
me
QA
Cinzia
know
TL
of
the
unload.
If
these
bakes
in
hewers
it
gets
more
complex
to
reuse,
because
I
mean
yeah.
D
C
D
D
Well,
in
that
case,
it's
not
very
high
bandwidth
and
the
hate
II
don't
want
to
miss
message.
So
there
are
many
applications
were
like
qs4
sense
of
all.
The
data
types
like
would
need
to
be
tweaked
based
on
how
you
want
to
use
them,
and
that's
where
being
able
to
configure
them
at
runtime
is
very
important,
and
it's
it's
a
bit
hard
how
to
specially
to
decide.
Like
anywhere
else,
specify
it,
except
at
the
end
user
configuration
time
well,.
B
D
D
And
that's
exactly
what,
in
the
case
of
DTS,
which
is
another
dimension,
I
would
like
to
like
in
the
case
of
did
years.
She
has
this
XML
like
specification
that
you
can
actually
give
which
allow
you
to
specify
and
that
will
override
QoS
data
for
party
of
creating
participants
which
allow
you
add,
without
changing
colors
that
recompiling
to
actually
like
configure
the
system
at
lunchtime.
D
B
B
D
Everything
everything
I'm
developing
a
tool
which
is
not
like
a
very
specific,
well-defined
layer
in
the
stack,
the
abstraction
question,
babies,
and
that
was
for
Adam
angle
as
well,
all
right.
Okay,
we
need
s
truster
to
be
aware
of
de
mangling,
without
knowing
exactly
where
it's
happened
in
the
stack
and
so
just
been
implicated
information
and
separate
thoughts
yeah.
So
it's
a
hot
question
because
I
hate
duplication,
but
on
the
other
hand,
sometimes
you
don't
want
to
introduce
capping,
and
so
it's
always
a
tricky
question.
It.
B
Gets
a
good
point,
the
I
think
with
while
I
say
that
the
idea
is
is
specific
to
you.
Yes,
really.
What
I'm
saying
is
when
we
wrote
it,
we
were
all
we
were
thinking
about
was
DDS,
but
if
I
actually
think
about
it,
the
only
things
that
are
in
there
are
at
a
ross
level
of
abstraction,
because
ross
exposes
the
QoS
settings
as
well,
and
so
I
think,
if
we
can
stick
to
the
abilities
that
are
exposed
in
the
ross
api's
we're
fairly
safe.
Would
you
agree
with
that
statement.
B
D
Scenario,
if
it
specified
for
systems
and
doesn't
provide
them
or
does
a
museum
well,
he
would
just
not
use
them
and
I
think
that's
like
great,
and
so
for
the
specific
case
of
curious
I
think
it's
gonna.
It
can
work
out
pretty
well
with
the
current
state
of
the
roads,
API
and
and
I
just
wanted
this
to
be
like
in
our
mind
when
we
start
thinking
about
over
all
other
rights
and
overall
configuration
space
from
these
yeah.