Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems

White, Ruffin; Caiazza, Gianluca; Jiang, Chenxu; Ou, Xinyue; Yang, Zhiyue; Cortesi, Agostino; Christensen, Henrik I.

doi:10.1109/eurospw.2019.00013

Cited by 12 publications

(5 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figure 4 shows the overall architecture of Picaros, which builds on the ROS2 software stack. Practically, Picaros enforces DIFC policies at the granularity of SROS2 enclaves [46,[71][72][73], which are collections of ROS2 applications that share the same security policy. However, for ease of exposition, it suffices to think of each ROS2 application as an OS-level process, and Picaros as enforcing DIFC policies at the granularity of individual processes.…”

Section: Implementation Of Picarosmentioning

confidence: 99%

“…ROS by itself does not provide security, the community has proposed several techniques to add security mechanisms. These efforts include adding mandatory access control (MAC) policy enforcement to ROS [5,10], improving messaging secrecy and integrity [14,28,56,66], techniques to secure the underlying DDS layer (specific to ROS2) [45,73], and other methods to improve ROS application security [25,26,37,72]. SROS2 [27,46,62,71] represents an effort to upstream some of these methods to the ROS2 stack, and is built primarily atop the API of DDS, with patches to the ROS2 as well.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Decentralized Information-Flow Control for ROS2

Pandya,

Kumar,

Pillai

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

ROS2 is a popular publish/subscribe based middleware that allows developers to build and deploy a widevariety of distributed robotics applications. Unfortunately, ROS2 offers applications poor control over how their data is consumed downstream by other applications. Although decentralized information-flow control (DIFC) offers a solution to this problem, the decentralized and distributed architecture of ROS2 poses new challenges to building a practical DIFC system for ROS2.We present Picaros, a DIFC system tailored for ROS2. Picaros adopts a novel approach to DIFC that casts and solves DIFC's access control problem in the framework of attribute-based encryption (ABE). Picaros's design embraces the unique nature of the ROS2 platform and carefully avoids any centralized elements. This paper presents the design and implementation of Picaros and reports results from our experiments that use Picaros's ABEbased approach for DIFC with ROS2 applications.* Picaros is Information-flow Control via ABE for ROS2.

show abstract

Section: Implementation Of Picarosmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Decentralized Information-Flow Control for ROS2

Pandya,

Kumar,

Pillai

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Are they wired or wireless? These all are affecting the scanning results which in turn affect the security reconnaissance aspects [45].…”

Section: The Different Perspectives Of Network Security Reconnaissancementioning

confidence: 99%

Lightweight Cryptographic Techniques and Cybersecurity Approaches

2022

View full text Add to dashboard Cite

show abstract

“…[18] proposes an ABAC-based DDS security model authorization improvement method, and incorporates the ABAC entity into the security model that defines ABAC behavior across RTPS and DCPS, and implements the model in XACML; Ref. [38] proposes an attacker model that leverages network reconnaissance provided by leaky context, combined with formal verification and model checking to arbitrarily infer the underlying topology and reachability of information flows, enabling targeted attacks, such as selective denial of service, adversarial partitioning of the data bus, or exploiting of vendor-implemented vulnerabilities. Through the comparative analysis in Table 8, the scheme proposed in this paper can not only provide an intuitive and accurate graphical description and verify the correctness of protocol functions, but also discover the attack types of the protocol.…”

Section: Safety Assessmentmentioning

confidence: 99%

Formal Safety Assessment and Improvement of DDS Protocol for Industrial Data Distribution Service

Gao

Feng

2022

Future Internet

View full text Add to dashboard Cite

The Data Distribution Service (DDS) for real-time systems is an industrial Internet communication protocol. Due to its distributed high reliability and the ability to transmit device data communication in real-time, it has been widely used in industry, medical care, transportation, and national defense. With the wide application of various protocols, protocol security has become a top priority. There are many studies on protocol security, but these studies lack a formal security assessment of protocols. Based on the above status, this paper evaluates and improves the security of the DDS protocol using a model detection method combining the Dolev–Yao attack model and the Coloring Petri Net (CPN) theory. Because of the security loopholes in the original protocol, a timestamp was introduced into the original protocol, and the shared key establishment process in the original protocol lacked fairness and consistency. We adopted a new establishment method to establish the shared secret and re-verified its security. The results show that the overall security of the protocol has been improved by 16.7% while effectively preventing current replay attack.

show abstract

Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems

Cited by 12 publications

References 9 publications

Decentralized Information-Flow Control for ROS2

Decentralized Information-Flow Control for ROS2

Lightweight Cryptographic Techniques and Cybersecurity Approaches

Formal Safety Assessment and Improvement of DDS Protocol for Industrial Data Distribution Service

Contact Info

Product

Resources

About