Abstract:
Robot Operating System (ROS) is a software framework for robotic systems that includes various packages for developing robotic applications. Composition is a package that...Show MoreMetadata
Abstract:
Robot Operating System (ROS) is a software framework for robotic systems that includes various packages for developing robotic applications. Composition is a package that combines multiple applications, namely, nodes, to be loaded and executed in a single process. However, permitting multiple nodes to share the address space could expand the attack surface such that vulnerabilities in a node are more likely to be exploited to subvert nodes running in the same space. We propose ROSec, an in-process isolation solution for ROS composition that utilizes Intel Memory Protection Keys. ROSecaims to enforce memory isolation between nodes within a process by preventing unauthorized access from one node to another. Unlike previous works that assume the number and sizes of nodes are statically defined and partitioned by developers, ROSecis designed to handle the dynamic nature of nodes that can be loaded and executed in a process at any time during execution. To achieve this, ROSecadopts a unique scheduling mechanism that utilizes the executor-centric execution model of ROS to perform two main operations for MPK-based isolation: protection key assignment and reassignment. Our evaluation shows that ROSeceffectively enforces in-process isolation while incurring a 6.4% performance overhead on a real-world application. Note to Practitioners—Cyber-Physical Systems are the core of modern applications, particularly robotics, as they integrate computing and physical processes. ROS necessitates real-time and security guarantees, which, unfortunately, trade-off with each other. While traditional ROS architecture relies on process isolation to separate various nodes, ROS2 introduces a feature called composition, which allows multiple nodes to run inside a single process, thus exposing various nodes to potential malicious compromises from others. This paper proposes a technique that utilizes Intel memory protection keys (MPK) to provide intraprocess isolation for ROS composition. Given th...
Published in: IEEE Transactions on Automation Science and Engineering ( Early Access )