sros 2
play

SROS 2 Mikael Arguedas IROS 2018, Madrid SROS2 What is ROS 2 - PowerPoint PPT Presentation

SROS 2 Mikael Arguedas IROS 2018, Madrid SROS2 What is ROS 2 Interfacing DDS-Security to the ROS 2 stack Use the sros2 command line interface Run some basic examples ROS as we know it 3 Characteristics of systems


  1. SROS 2 Mikael Arguedas IROS 2018, Madrid

  2. SROS2 What is ROS 2 ● Interfacing DDS-Security to the ROS 2 stack ● Use the sros2 command line interface ● Run some basic examples ●

  3. ROS as we know it 3

  4. Characteristics of systems initially targeted by ROS in 2007 Research applications ● High-volume sensors ● Complex kinematics ● Lots of computation power ● Ideal network connectivity ● 4

  5. Characteristics of small robotic systems today Multi-robot system ● Distributed system ● Small processors ● Battery power ● Unreliable network ● connectivity 5

  6. Goals of ROS 2 http://design.ros2.org/articles/why_ros2.html 6

  7. ROS 2 7

  8. ROS 2 + ROS usability less time more time to means spent here spend here 8

  9. ROS 2 Releases December 2017 June 2018 9

  10. Architectural overview User code ROS client library API 10

  11. Architectural overview User code ROS client library API DDS implementation = discovery + serialization + transport 11

  12. Architectural overview User code ROS client library API DDS impl A DDS impl B . . . or or 12

  13. Architectural overview User code ROS client library API DDS agnostic ROS middleware API ROS DDS impl A DDS impl B . . . agnostic or or 13

  14. Architectural overview User code ROS client library API DDS agnostic ROS middleware API ROS agnostic DDS impl A DDS impl B . . . or or 14

  15. Architectural overview User code ROS client library API ROS middleware API DDS agnostic RMW impl A RMW impl B . . . ROS agnostic DDS impl A DDS impl B . . . or or 15

  16. “Hour Glass” Pattern API size {client libraries} rcl rcl impl LOC rmw {rmw impl} {DDS vendor} 16

  17. “Hour Glass” Pattern rclpy rclcpp rclcs rcljava rcl rcl impl rmw {rmw impl} {DDS vendor} 17

  18. “Hour Glass” Pattern rclpy rclcpp rclcs rcljava rcl rcl impl rmw rmw_fastrtps_cpp rmw_connext_cpp eProsima RTI Fast-RTPS Connext 18

  19. Where does SROS 2 live? rclpy rclcpp User code should not change rcl rcl impl rmw Plugin rmw_fastrtps_cpp rmw_connext_cpp instantiation eProsima RTI DDS-Security Fast-RTPS Connext implementation 19

  20. Where does SROS 2 live? rclpy rclcpp Environment rcl variables checking rcl impl ROS_SECURITY_ENABLE Should we look for security artifacts ? Should we prevent unauthenticated ROS_SECURITY_STRATEGY nodes from being created ? Where to look for artifacts ROS_SECURITY_ROOT_DIRECTORY 20

  21. Where does SROS 2 live? rclpy rclcpp Environment rcl variables checking rcl impl ROS_SECURITY_ENABLE true/false ROS_SECURITY_STRATEGY Permissive/Enforce <path/to/keystore> ROS_SECURITY_ROOT_DIRECTORY 21

  22. Where does SROS 2 live? rclpy rclcpp Environment rcl variables checking + rcl impl Keystore node structure checking Extract node security directory path 22

  23. Where does SROS 2 live? rclpy rclcpp rcl rcl impl rmw Retrieve security rmw_fastrtps_cpp artifacts rmw_connext_cpp + eProsima Instantiate plugins RTI Fast-RTPS Connext accordingly 23

  24. Where does SROS 2 live? rmw rmw_fastrtps_cpp rmw_connext_cpp Retrieve security artifacts 24

  25. Where does SROS 2 live? rmw rmw_fastrtps_cpp rmw_connext_cpp Instantiate security plugins 25

  26. How to generate SROS 2 artifacts? Setting up your environment: ● $ source /opt/ros/bouncy/setup.bash ○ Create a keystore: ● $ ros2 security create_keystore my_keystore ○ 26

  27. How to generate SROS 2 artifacts? Create key and wildcard permissions for a node: ● $ ros2 security create_key my_keystore my_node ○ 27

  28. How to generate SROS 2 artifacts? Create policies files for a node: ● 28

  29. How to generate SROS 2 artifacts? Create permission files for a nodes: ● $ ros2 security create_permissions \ ○ my_keystore my_node ./my_node_policies.yaml 29

  30. Let’s try it! $ docker run -it --rm osrf/ros2:bouncy-desktop # source /opt/ros/bouncy/setup.bash # mkdir ~/my_ros2_ws && cd ~/my_ros2_ws # ros2 security create_keystore demo_keys # ros2 security create_key demo_keys talker # ros2 security create_key demo_keys listener Now let’s run our secure nodes: # export ROS_SECURITY_ROOT_DIRECTORY=~/my_ros2_ws/demo_keys # export ROS_SECURITY_ENABLE=true # export ROS_SECURITY_STRATEGY=Enforce # ros2 run demo_nodes_cpp talker & # ros2 run demo_nodes_py listener 30

  31. Let’s try it! Access Control: Create ~/my_ros2_ws/pub_sub_policies.yaml with: nodes: listener: topics: chatter: allow: s # can subscribe to chatter talker: topics: chatter: allow: p # can publish on chatter 31

  32. Let’s try it! Create the permissions: # ros2 security create_permission demo_keys talker pub_sub_policies.yaml # ros2 security create_permission demo_keys listener pub_sub_policies.yaml # ros2 run demo_nodes_cpp talker & # ros2 run demo_nodes_py listener 32

  33. Let’s try it! Let’s remap the topic on which talker publishes: # ros2 run demo_nodes_cpp talker chatter:=my_chatter 33

  34. Seeing in wireshark (clear text) 34

  35. Seeing in wireshark (encrypted) 35

Recommend


More recommend