Loading [MathJax]/extensions/MathMenu.js
ROSec: Intra-Process Isolation for ROS Composition With Memory Protection Keys | IEEE Journals & Magazine | IEEE Xplore
Subscribe
ADVANCED SEARCH
Journals & Magazines >IEEE Transactions on Automati... >Volume: 22

ROSec: Intra-Process Isolation for ROS Composition With Memory Protection Keys

PDF
Jiwon Seo; Martin Kayondo; Jeonghwan Kang; Kyeongryong Lee; Donghyun Kwon; Yunheung Paek
All Authors

Abstract:

Robot Operating System (ROS) is a software framework for robotic systems that includes various packages for developing robotic applications. Composition is a package that...Show More

Metadata

Abstract:

Robot Operating System (ROS) is a software framework for robotic systems that includes various packages for developing robotic applications. Composition is a package that combines multiple applications, namely, nodes, to be loaded and executed in a single process. However, permitting multiple nodes to share the address space could expand the attack surface such that vulnerabilities in a node are more likely to be exploited to subvert nodes running in the same space. We propose ROSec, an in-process isolation solution for ROS composition that utilizes Intel Memory Protection Keys. ROSec aims to enforce memory isolation between nodes within a process by preventing unauthorized access from one node to another. Unlike previous works that assume the number and sizes of nodes are statically defined and partitioned by developers, ROSec is designed to handle the dynamic nature of nodes that can be loaded and executed in a process at any time during execution. To achieve this, ROSec adopts a unique scheduling mechanism that utilizes the executor-centric execution model of ROS to perform two main operations for MPK-based isolation: protection key assignment and reassignment. Our evaluation shows that ROSec effectively enforces in-process isolation while incurring a 6.4% performance overhead on a real-world application. Note to Practitioners—Cyber-Physical Systems are the core of modern applications, particularly robotics, as they integrate computing and physical processes. ROS necessitates real-time and security guarantees, which, unfortunately, trade-off with each other. While traditional ROS architecture relies on process isolation to separate various nodes, ROS2 introduces a feature called composition, which allows multiple nodes to run inside a single process, thus exposing various nodes to potential malicious compromises from others. This paper proposes a technique that utilizes Intel memory protection keys (MPK) to provide intraprocess isolation for ROS composition. Give...
Published in: IEEE Transactions on Automation Science and Engineering ( Volume: 22)
Page(s): 10546 - 10559
Date of Publication: 10 January 2025

ISSN Information:

DOI: 10.1109/TASE.2024.3525050

Funding Agency:

Contents

I. Introduction

In recent years, Cyber-Physical Systems (CPS) have referred to integrated systems of computing and physical processes that are the foundation of modern applications such as robotics [1], [2], [3], [4], [5], [6]. These robotic systems have significantly improved the quality of our lives and have been widely deployed in various fields to enhance work efficiency. The Robot Operating System (ROS) is a software framework, first released in 2007, designed to facilitate the development of robotic systems and component applications [7], [8]. ROS comprises essential packages known as the client library, allowing developers the flexibility to extend ROS with specific functionalities through the addition of extra packages tailored to their requirements [9], [10], [11]. Since ROS consists of various elements such as robotic arms and autonomous robots, it requires real-time and security guarantees [12], but unfortunately, these two trade off each other. For example, a robotic system in ROS is formed from multiple parts or tasks, called nodes, each normally runs as a separate process. The ROS design that maps each node to one process has pros and cons. This design would be advantageous as OS-supported process isolation mechanisms protect nodes from each other by running them in separate address spaces. In other words, through process isolation, ROS can isolate faulty nodes from each other in the system by precluding the possibility that one fault in the memory of a node affects other nodes. However, it also has a downside that would adversely affect the performance of collaborating nodes because they always have to explicitly transfer data between them via message passing that usually relies on the OS-level expensive inter-process communication (IPC) mechanism. Evidently, such an adverse performance effect would be exacerbated when nodes communicate more frequently for closer interaction.

Contact IEEE to Subscribe
More Like This
Croth: Effective Process Protection and Monitoring with Hardware Virtualization

2009 Fourth International Conference on Frontier of Computer Science and Technology

Published: 2009

Hypernel: A Hardware-Assisted Framework for Kernel Protection without Nested Paging

2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC)

Published: 2018

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.