►
From YouTube: ROS 2 Security Working Group (2020-07-14)
Description
Meeting notes: https://wiki.ros.org/ROS2/WorkingGroups/Security
A
Okay,
so
it
is
one
minute
after
and
thanks
very
for
coming
to
the
security
working
group
meeting,
and
so
today
we've
got
three
topics.
The
first
topic
is
the
CIS
community
consensus
security
benchmark
for
a
Roz
melodic
on
18:04
being
open
for
public
comment.
That
was
SIDS
topic,
but
real
quick.
Does
everybody
know
what
the
CIS
benchmark
is?
A
It's
the
Center
for
internet
securities
public
there
is
a
not-for-profit.
Their
benchmarks
are
public,
so
after
this
happens
will
be
made
public
for
everybody.
People
tend
to
make
tooling
around
it,
but
what's
kind
of
neat
about
it
is
it
could
be
it's
very
popular
in
the
cloud
very
popular
in
the
edge
and
the
enterprise,
so
your
robot
could
have
all
your
robot
could
have
a
standard
security
benchmark
that
doesn't
need
us
to
go
in.
You
know
as
a
roboticist
to
tell
the
enterprise
why
it's
secure.
It's
understood.
A
B
Thanks
Joe,
hopefully
y'all
can
hear
me
so
just
a
little
bit
of
background
on
what
we've
got
going
on
here.
So
this
is
a
CIS
Ross
melodic
benchmark.
We
selected
melodic
because
it's
the
one
that's
most
widely
adopted,
I
think
it's
probably
the
most
used
version
in
the
field
and
the
benchmark
should
have
gone
public
this
morning
and
a
hard-times
Danica's
have
a
private
account,
but
you
should
be
able
to
access
and
what
I
mean
by
public
is
I
mean
it's
open
for
comment.
It's
not
actually
published.
B
I
won't
be
until
we
agree
to
publish
it
a
little
bit
of
background.
Just
to
add
to
what
Joe
said
on
the
CIS
benchmarks.
I
know,
I
can
say
if,
from
my
experiences
see
so
it's
like,
you
have
to
have
a
benchmark.
Well,
don't
have
to,
but
it
makes
so
much
easier
to
deploy
tech
onto
the
network.
So
the
huge
thing
that
this
does
is
it
answers
a
question
of.
Is
this
robot
secure?
Is
this
Raw's
build
secure?
Can
I
put
it
on
my
network,
so.
B
C
Yeah
I've
seen
the
agenda
doc,
Ruffin,
Syd
I,
don't
actually
see
what
I
guess
is
not
actually
public
right
or
is
not
it's
not
released.
So
it's
not
going
to
be
in
the
list
of
benchmarks
that
you
gave
in
the
agenda
how
to
to
other
folks
on
the
call.
How
would
they
actually
see
this
so
that
they
can
make
comments?
Yes,.
B
Oh
so
the
first
thing
to
do
is
to
register
for
the
workbench,
so
the
workbench
is
a
place
where
the
community
gets
together
to
haggle
over
the
actual
settings
and
the
workbench
is
self
register
for
an
account.
And
then
you
get
access
to
comment
actually
on
all
the
benchmarks,
and
you
have
to
find
the
Ross
benchmarks.
I
think
I'll
probably
walk
through
that
mix
up
with
a
another
account
just
to
see
what
it
looks
like
or
you
know,
Kyle
or
anybody
doesn't
have
an
account
and
begin
just
walk
through
it.
C
B
Yeah,
so
wolf
I
would
probably
need
to
take
that
offline
on,
like
we
want
to
solve
that
now.
But
before
you
know
it's
just
getting
the
template
set
up
with
CIS,
it
was
only
four.
It
wasn't
available
on
the
general
workbench
tool,
so
it
should
be
available
as
of
this
morning
and
then
yeah.
So
within
the
workbench,
you
set
up
all
the
settings
to
all
the
things
that
you
want
to
lock
down.
For
that
you
agree
is
standard
best
practice
for
a
raw
system.
B
B
Think
some
of
the
things
we'd
like
to
do
is,
you
know,
maybe
put
some
better
type
of
permissions
on
some
of
the
install
directories
or
the
config
directories
maybe
give
some
guidance
on
auditing
logging
and
things
like
that
in
general,
the
CIS
benchmarks
follow
a
tiered
structure,
so
benchmark
is
slave
to
a
parent.
It's
like
to
a
parent,
it's
like
to
a
root:
Saudia
Blinn
to
benchmark
is
actually
a
slave
to
debian.
B
Well,
I
should
say
its
parent
is
Debian,
and
then
that
means
parent
is
Linux
in
general.
So
what
that
means
is
that
as
the
ubuntu
or
the
debian
or
the
linux
benchmarks
change,
the
settings
can
be
rolled
down
to
the
Raw's
benchmark.
It's
not
the
Roz
to
choose
whether
or
not
they
want
to
accept
any
of
those
changes,
but
will
be
aware
of
this
if
any
of
the
parents
change.
The
other
interesting
thing
is
that
benchmarks
have
different
profiles.
B
The
ablative
benchmark
in
particular
has
two
different
levels:
it
has
a
level
one
which
is
a
standard
security
profile
and
then
the
level
two
which
is
a
hardened
profile
that
might
go
in
special.
You
know
high-risk
environments,
there's
also
a
profile
for
a
workstation
and
profile
for
server,
so
that
you
can
see
how
you
know
your
your
settings
will
be
very
different
for
it.
I
went
to
workstation
versus
something
wrong
in
a
data
center,
so.
C
D
D
D
C
B
Right,
yeah,
yeah
and
the
other
thing
is
I
want
to
get
you
CIS
will
help
us
work
through
getting
kick-started
as
well,
so
yeah
and
I
know
yeah.
There's
there's
lots
that
we
can
do
with
this,
but
I
just
want
to
like
kind
of
get
it
started.
Get
a
community
start
talking
about
what
the
security
settings
should
be
and
I'll
just
depend
it
by
saying
this
is
this
is
really
targeting
operational
robots
in
the
field
so
that
they
can
be
dropped
on
an
enterprise
network?
B
And
you
don't
get
you
know
your
standard
security
team
is
able
to
assess
and
tell
whether
or
not
they're
configured
in
in
what
the
community
says
is
secure.
So
there's
any
other
comments
on
that.
I
think
we
gotta
kind
of
get
this
I'll
see
what
I
can
do
to
ease
the
kind
of
onboarding
and
I
was
gonna,
announce
this
on
discourse
as
well,
but
yeah.
C
A
A
C
It
once
you
wants
me
to
we
do
all
get
access
will
notice
that
the
benchmark
like
like
Sid
mentioned,
is,
is
primarily
made
up
of
different
components
of
the
abou
team
benchmark
from
which
it
inherits
there
isn't
a
lot
of
raw
specific
stuff
there.
Even
though
I
think
there
there
will
be
some,
we
wanted
to
make
sure
we
had
more
people
than
just
us
to
review
those
before
we
start
adding
them.
A
Yet,
in
the
end,
we
should
have
a
more
secure
robot
within
the
bench.
The
benchmarks
are
interesting:
if
you're
not
familiar,
it's
not
like.
Like
most
words,
you
know
it's
it's
not
a
0
or
1.
It's
not
binary,
it's
a
score!
So
you
you
get
a
score.
How
close
are
you
to
meeting
the
suspense
mark
so
it'll
help
us
make
a
robot?
That's
less
hackable.
A
You
know
change
it
from
that
time
that
if
we
think
about
robots
of
your
where
they
were
on
dedicated
networks,
they're
isolated
from
everything
else,
but
now
they're
on
the
same
Wi-Fi
as
the
person
who
brings
in
their
own
so
and
it
gets
on
the
corporate
network
right.
So
we
want
to
do
things
to
make
our
robots
less
likely
to
to
damage
things
and
also
further
enterprise
adoption
of
roz,
because
corporations
are
really
into
benchmarks.
B
Sorry
I
just
added
a
link
to
it.
Just
want
to
remind
everybody
that
that's
out
there
I
haven't
received
any
comments
on
it.
This
is
the
internal
version
of
the
external
vulnerability
disclosure
process
that
we
went
through.
This
defines
the
roles
of
reporter
owner
somebody
who
owns
a
ball,
that's
reported
and
then
the
maintainer,
and
what
they're
supposed
to
do
and
an
owner
supposed
to
do
when
they
receive
a
ball
and
and
take
it
to
maintainer
to
fix
and
I
know
how
to
do
some
CBE's.
B
You
know
reports
see
bees
in
and
proposed,
or
some
questions
out
there
there's
also
I
know.
Victor
was
concerned
about
how
to
gain
access
to
the
security
and
open
robotics
alias,
which
is
where
the
reports
are
in
all
that's
intended
to
be
covered
in
this
document,
and
then
it's
got
to
go
somewhere
about
just
still
looking
for
feedback
on
that.
B
A
A
I
just
had
to
reset
it
actually.
C
A
But
I
think
that's
the
shareable
link
communities,
flash
1:08
after
you
reset
your
password,
but
none
of
us
have
ever
made
a
mistake
with
our
with
our
coding
right
I'm
sure
they
implement
something.
New
Ted
tell
us
about
the
no
DL
design.
E
On
top
of
that,
the
export
method
was
documented.
Originally
it
had
mentioned
something
about
using
the
export
field
and
packaged
that
XML,
but
turns
out
that
the
appropriate
way
to
handle
exporting
plug-in
related
things
is
to
use
the
a
meant
index.
So
I
documented
how
you
use
the
a
meant,
no
DL
package
to
get
the
C
make
macro.
That
is
it
for
you
or
otherwise,
where
to
put
files
with
setup
now
PI.
Hopefully
that
can
be
automated
at
some
point
in
the
future
and
we
gutted
the
QoS
attribute
it's
something
we're.
E
E
E
E
E
So
when
we
proposed
was
change
that
from
two
boolean's
in
each
field
to
one
enum,
typed
attribute
called
role
and
the
role
would
either
be
the
ones
that
are
named
server,
client,
server,
client
or
both
and
for
topics
publisher
subscription
or
both.
That
way,
all
the
valid
cases
are
numerated
and
it
shortens
the
Declaration
of
interfaces
very.
C
D
But
it's
good
that
xst
is
versioned
because
probably
one
the
ratchet
when
we
find
you
know
like
maybe
more
elegant
means
of
specifying
or
coding
or
being
future
proofing
or,
like
you
said,
the
QoS
seems
to
be
a
non-trivial
permutation
because,
like
you
know,
services
need
reliable
transport,
but
the
feedback
for
actions
can
be
best.
Effort
and
yeah.
C
D
Like
people
have,
you
know
they
want
to
push
more
exposure
to
the
various
QoS
options
that
are
needed
for
industry,
and
you
know
there's
people
like
you
know
what
about
the
rmw
implementations.
There
are
dps,
you
know
how
are
they
going
to
implement?
They
gonna
have
to
implement
these
QoS
and
I'd
really
like
to
see
that
kind
of
resolved.
Because
a
there's,
someone
didn't
have
a
point
in
pointing
out
every
time
we
have
to
add
a
new
QoS
option,
the
rmw
kind
of
explodes
and
a
refactor
there's.
D
There's
I
mean,
like
one
thing
personally
for
me,
is
like
I
wanted
to
have
a
switch
between
reliable
or
best-effort
qs4
image
transport,
but
image
transport
relies
on
message,
filters
and
message.
Filters
was
not
using
any
of
the
API
to
expose
the
additional
QoS
options,
and
so
it
was
I
had
to
do
it.
It's
not
even
done
yet,
but.
C
D
D
C
Definitely
yeah
that
another
another
point:
Dona
I
guess
maybe
I'm
just
sort
of
repeating
everything
that
Ted
said,
but
it
was
really
interesting
when
we,
some
of
these
changes
are,
are
as
a
result
of
the
demo
that
Ted
gave
I
guess
it
was
about
a
month
ago
now
doing
the
secure
launch
where
it
was
really
like
the
executable
thing.
We
realized
that
we
had
this
whole
IDL
and
they
were
mapped
to
nodes,
but
there
was
no
actual
way
to
pull
out
what
node
was
being
run
at
all
and
I'm
really
high
it
just
yeah.
C
E
D
D
F
Really
think
this
is
going
to
become
relevant,
but
there's
actually
a
issue
I've
been
trying
to
work
on
I'm
gonna
pop
a
link
over
here
right
now.
This
is
actually
trying
to
come
up
with
a
way
of
redesigning
some
of
the
stuff.
That's
actually
happening
within
Ross
launch
to
do
a
bad
job
of
splitting
out
the
concepts
of
nodes
and
executables,
and
things
like
that,
and
if
we
can
actually
get
that
thing
pushed
through
I,
don't
know
how
much
overlap
there
is
with
what
you
guys
are
trying
to
do
here,
but
there
might
be.
E
F
C
F
A
D
Has
anyone
heard
about
the
middleware
working
group
on
whether
that's
they
got
a
set
is
William
ever
they
yeah
I.