SROS 2 Mikael Arguedas IROS 2018, Madrid SROS2 What is ROS 2 - - PowerPoint PPT Presentation

sros 2
SMART_READER_LITE
LIVE PREVIEW

SROS 2 Mikael Arguedas IROS 2018, Madrid SROS2 What is ROS 2 - - PowerPoint PPT Presentation

Dec 10, 2023 510 likes •876 views

SROS 2 Mikael Arguedas IROS 2018, Madrid SROS2 What is ROS 2 Interfacing DDS-Security to the ROS 2 stack Use the sros2 command line interface Run some basic examples ROS as we know it 3 Characteristics of systems

slide-1
SLIDE 1

SROS 2

Mikael Arguedas IROS 2018, Madrid

slide-2
SLIDE 2

SROS2

  • What is ROS 2
  • Interfacing DDS-Security to the ROS 2 stack
  • Use the sros2 command line interface
  • Run some basic examples
slide-3
SLIDE 3

ROS as we know it

3

slide-4
SLIDE 4
  • Research applications
  • High-volume sensors
  • Complex kinematics
  • Lots of computation power
  • Ideal network connectivity

Characteristics of systems initially targeted by ROS in 2007

4

slide-5
SLIDE 5
  • Multi-robot system
  • Distributed system
  • Small processors
  • Battery power
  • Unreliable network

connectivity

Characteristics of small robotic systems today

5

slide-6
SLIDE 6

Goals of ROS 2

6 http://design.ros2.org/articles/why_ros2.html

slide-7
SLIDE 7

ROS 2

7

slide-8
SLIDE 8

ROS 2

+ ROS usability less time spent here means more time to spend here

8

slide-9
SLIDE 9

ROS 2 Releases

December 2017 June 2018

9

slide-10
SLIDE 10

Architectural overview

User code ROS client library API

10

slide-11
SLIDE 11

Architectural overview

User code ROS client library API DDS implementation = discovery + serialization + transport

11

slide-12
SLIDE 12

Architectural overview

User code ROS client library API DDS impl A DDS impl B . . .

  • r
  • r

12

slide-13
SLIDE 13

Architectural overview

User code ROS client library API DDS impl A DDS impl B . . .

  • r
  • r

DDS agnostic ROS agnostic ROS middleware API

13

slide-14
SLIDE 14

Architectural overview

User code ROS client library API DDS agnostic ROS agnostic ROS middleware API . . .

  • r
  • r

DDS impl A DDS impl B

14

slide-15
SLIDE 15

Architectural overview

User code ROS client library API . . .

  • r
  • r

ROS middleware API DDS impl A DDS impl B RMW impl B RMW impl A . . . DDS agnostic ROS agnostic

15

slide-16
SLIDE 16

16

“Hour Glass” Pattern

{client libraries} rmw {DDS vendor}

API size LOC

{rmw impl} rcl impl rcl

slide-17
SLIDE 17

17

“Hour Glass” Pattern

rmw {DDS vendor} {rmw impl} rcl impl rcl rclpy rclcpp rclcs rcljava

slide-18
SLIDE 18

18

“Hour Glass” Pattern

rmw rcl impl rcl rclpy rclcpp rclcs rcljava eProsima Fast-RTPS RTI Connext rmw_fastrtps_cpp rmw_connext_cpp

slide-19
SLIDE 19

19

rmw rcl impl rcl rclpy rclcpp eProsima Fast-RTPS RTI Connext rmw_fastrtps_cpp rmw_connext_cpp Plugin instantiation User code should not change DDS-Security implementation

Where does SROS 2 live?

slide-20
SLIDE 20

20

rcl impl rcl rclpy rclcpp Environment variables checking

ROS_SECURITY_ENABLE Should we look for security artifacts ? ROS_SECURITY_STRATEGY ROS_SECURITY_ROOT_DIRECTORY Should we prevent unauthenticated nodes from being created ? Where to look for artifacts

Where does SROS 2 live?

slide-21
SLIDE 21

21

rcl impl rcl rclpy rclcpp Environment variables checking

ROS_SECURITY_ENABLE true/false ROS_SECURITY_STRATEGY ROS_SECURITY_ROOT_DIRECTORY Permissive/Enforce <path/to/keystore>

Where does SROS 2 live?

slide-22
SLIDE 22

22

rcl impl rcl rclpy rclcpp Environment variables checking + Keystore node structure checking Extract node security directory path

Where does SROS 2 live?

slide-23
SLIDE 23

23

Where does SROS 2 live?

rmw rcl impl rcl rclpy rclcpp eProsima Fast-RTPS RTI Connext rmw_fastrtps_cpp rmw_connext_cpp Retrieve security artifacts + Instantiate plugins accordingly

slide-24
SLIDE 24

24

Where does SROS 2 live?

rmw rmw_fastrtps_cpp rmw_connext_cpp Retrieve security artifacts

slide-25
SLIDE 25

25

Where does SROS 2 live?

rmw rmw_fastrtps_cpp rmw_connext_cpp Instantiate security plugins

slide-26
SLIDE 26

26

How to generate SROS 2 artifacts?

  • Setting up your environment:

○ $ source /opt/ros/bouncy/setup.bash

  • Create a keystore:

○ $ ros2 security create_keystore my_keystore

slide-27
SLIDE 27

27

How to generate SROS 2 artifacts?

  • Create key and wildcard permissions for a node:

○ $ ros2 security create_key my_keystore my_node

slide-28
SLIDE 28

28

How to generate SROS 2 artifacts?

  • Create policies files for a node:
slide-29
SLIDE 29

29

How to generate SROS 2 artifacts?

  • Create permission files for a nodes:

○ $ ros2 security create_permissions \ my_keystore my_node ./my_node_policies.yaml

slide-30
SLIDE 30

30

Let’s try it!

$ docker run -it --rm osrf/ros2:bouncy-desktop # source /opt/ros/bouncy/setup.bash # mkdir ~/my_ros2_ws && cd ~/my_ros2_ws # ros2 security create_keystore demo_keys # ros2 security create_key demo_keys talker # ros2 security create_key demo_keys listener Now let’s run our secure nodes: # export ROS_SECURITY_ROOT_DIRECTORY=~/my_ros2_ws/demo_keys # export ROS_SECURITY_ENABLE=true # export ROS_SECURITY_STRATEGY=Enforce # ros2 run demo_nodes_cpp talker & # ros2 run demo_nodes_py listener

slide-31
SLIDE 31

31

Let’s try it!

Access Control: Create ~/my_ros2_ws/pub_sub_policies.yaml with:

nodes: listener: topics: chatter: allow: s # can subscribe to chatter talker: topics: chatter: allow: p # can publish on chatter

slide-32
SLIDE 32

32

Let’s try it!

Create the permissions: # ros2 security create_permission demo_keys talker pub_sub_policies.yaml # ros2 security create_permission demo_keys listener pub_sub_policies.yaml # ros2 run demo_nodes_cpp talker & # ros2 run demo_nodes_py listener

slide-33
SLIDE 33

33

Let’s try it!

Let’s remap the topic on which talker publishes: # ros2 run demo_nodes_cpp talker chatter:=my_chatter

slide-34
SLIDE 34

34

Seeing in wireshark (clear text)

slide-35
SLIDE 35

35

Seeing in wireshark (encrypted)