Procedurally Provisioned Access Control for Robotic Systems

White, Ruffin; Christensen, Henrik I.; Caiazza, Gianluca; Cortesi, Agostino

doi:10.1109/iros.2018.8594462

Cited by 18 publications

(16 citation statements)

References 16 publications

(19 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This leads to situations where a malicious application can publish a video feed under the same topic as a genuine application, and confuse downstream applications that consume the video feed. The community has therefore developed Secure ROS (SROS) to overcome these shortcomings [85,86,84]. In SROS, TLS is used to secure the communication between applications.…”

Section: Background On Ros2mentioning

confidence: 99%

Privadome: Protecting Citizen Privacy from Delivery Drones

Pillai¹,

Gupta²,

Suresh³

et al. 2022

Preprint

View full text Add to dashboard Cite

As e-commerce companies begin to consider using delivery drones for customer fulfillment, there are growing concerns around citizen privacy. Drones are equipped with cameras, and the video feed from these cameras is often required as part of routine navigation, be it for semiautonomous or fully-autonomous drones. Footage of ground-based citizens may be captured in this video feed, thereby leading to privacy concerns.This paper presents Privadome, a system that implements the vision of a virtual privacy dome centered around the citizen. Privadome is designed to be integrated with city-scale regulatory authorities that oversee delivery drone operations and realizes this vision through two components, PD-MPC and PD-ROS. PD-MPC allows citizens equipped with a mobile device to identify drones that have captured their footage. It uses secure two-party computation to achieve this goal without compromising the privacy of the citizen's location. PD-ROS allows the citizen to communicate with such drones and obtain an audit trail showing how the drone uses their footage and determine if privacy-preserving steps are taken to sanitize the footage. An experimental evaluation of Privadome using our prototype implementations of PD-MPC and PD-ROS shows that the system scales to near-term city-scale delivery drone deployments (hundreds of drones). We show that with PD-MPC the mobile data usage on the citizen's mobile device is comparable to that of routine activities on the device, such as streaming videos. We also show that the workflow of PD-ROS consumes a modest amount of additional CPU resources and power on our experimental platform.

show abstract

Section: Background On Ros2mentioning

confidence: 99%

Privadome: Protecting Citizen Privacy from Delivery Drones

Pillai¹,

Gupta²,

Suresh³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…To address these concerns, the community has developed the Secure ROS extension (SROS) [70,71]. SROS requires each node in the communication graph to be associated with an identity backed by a X.509 certificate, signed by a trusted third-party.…”

Section: Existing Security Mechanisms In Rosmentioning

confidence: 99%

“…There have been proposals to use encrypted communication between applications [52], and to integrate TLS with the core libraries of ROS [17,18]. SROS [69,71,70], which is under active development, incorporates many of these ideas. As already discussed, Privaros builds upon the basic security features of Privaros but enhances it with the ability to enforce privacy policies.…”

Section: Related Workmentioning

confidence: 99%

Privaros: A Framework for Privacy-Compliant Delivery Drones

Beck,

Vijeev,

Ganapathy

2020

Preprint

View full text Add to dashboard Cite

We present Privaros, a framework to enforce privacy policies on drones. Privaros is designed for commercial delivery drones, such as the ones that will likely be used by Amazon Prime Air. Such drones visit a number of host airspaces, each of which may have different privacy requirements. Privaros provides an information flow control framework to enforce the policies of these hosts on the guest delivery drones. The mechanisms in Privaros are built on top of ROS, a middleware popular in many drone platforms. This paper presents the design and implementation of these mechanisms, describes how policies are specified, and shows that Privaros's policy specification can be integrated with India's Digital Sky portal. Our evaluation shows that a drone running Privaros can robustly enforce various privacy policies specified by hosts, and that its core mechanisms only marginally increase communication latency and power consumption.

show abstract

“…White et al [10] present a framework that procedurally provisions access control policies for distributed middleware. Our work extends this by adding more reachability verification on fnmatch expression to ensure that no covert channels exist in candidate policies.…”

Section: Ddsmentioning

confidence: 99%

Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems

White

Caiazza

Jiang

et al. 2019

2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Self Cite

View full text Add to dashboard Cite

Data Distribution Service (DDS) is a realtime peerto-peer protocol that serves as a scalable middleware between distributed networked systems found in many Industrial IoT domains such as automotive, medical, energy, and defense. Since the initial ratification of the standard, specifications have introduced a Security Model and Service Plugin Interface (SPI) architecture, facilitating authenticated encryption and data centric access control while preserving interoperable data exchange. However, as Secure DDS v1.1, the default plugin specifications presently exchanges digitally signed capability lists of both participants in the clear during the crypto handshake for permission attestation; thus breaching confidentiality of the context of the connection. In this work, we present an attacker model that makes use of network reconnaissance afforded by this leaked context in conjunction with formal verification and model checking to arbitrarily reason about the underlying topology and reachability of information flow, enabling targeted attacks such as selective denial of service, adversarial partitioning of the data bus, or vulnerability excavation of vendor implementations.

show abstract

Procedurally Provisioned Access Control for Robotic Systems

Cited by 18 publications

References 16 publications

Privadome: Protecting Citizen Privacy from Delivery Drones

Privadome: Protecting Citizen Privacy from Delivery Drones

Privaros: A Framework for Privacy-Compliant Delivery Drones

Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems

Contact Info

Product

Resources

About