Integrated_ROS_Security.pdf (825.74 kB)
Download fileROS-Immunity: Integrated Approach for the Security of ROS-enabled Robotic Systems
preprint
posted on 2020-09-29, 22:26 authored by Sean RiveraSean Rivera, Antonio Ken IannilloAntonio Ken Iannillo, Radu StateThe Robotic Operating System (ROS) is the de-facto standard
for the development of modular robotic systems. However,
ROS is notorious for the absence of security mechanisms,
only partially covered by recent advancements. Indeed, an
attacker can easily break into ROS-enabled systems and hijacks
arbitrary messages. We propose an integrated solution,
ROS-Immunity, with small overhead that allows ROS users
to harden their systems against attackers. The solution consists
of three components: robustness assessment, automatic
rule generation, and distributed defense with a firewall. ROSImmunity
is also able to detect on-going attacks that exploit
new vulnerabilities in ROS systems. We evaluated our solution
against four use-cases: a self-driving car, a swarm robotic
system, a centralized assembly line, and a real-world decentralized
one. ROS-Immunity was found to have minimal overhead,
with only an additional 7-18% extra system power per
robot required to operate it. Furthermore, ROS-Immunity was
able to prevent a wide variety of ROS system attacks with a
worst-case false positive rate of only 17% and a typical false
positive rate of 8%. Finally, ROS-Immunity was found to be
able to react to and stop attackers after at most 2.4 seconds,
when confronted with unknown vulnerabilities.
for the development of modular robotic systems. However,
ROS is notorious for the absence of security mechanisms,
only partially covered by recent advancements. Indeed, an
attacker can easily break into ROS-enabled systems and hijacks
arbitrary messages. We propose an integrated solution,
ROS-Immunity, with small overhead that allows ROS users
to harden their systems against attackers. The solution consists
of three components: robustness assessment, automatic
rule generation, and distributed defense with a firewall. ROSImmunity
is also able to detect on-going attacks that exploit
new vulnerabilities in ROS systems. We evaluated our solution
against four use-cases: a self-driving car, a swarm robotic
system, a centralized assembly line, and a real-world decentralized
one. ROS-Immunity was found to have minimal overhead,
with only an additional 7-18% extra system power per
robot required to operate it. Furthermore, ROS-Immunity was
able to prevent a wide variety of ROS system attacks with a
worst-case false positive rate of only 17% and a typical false
positive rate of 8%. Finally, ROS-Immunity was found to be
able to react to and stop attackers after at most 2.4 seconds,
when confronted with unknown vulnerabilities.
Funding
History
Email Address of Submitting Author
sean.rivera@uni.luSubmitting Author's Institution
University of LuxembourgSubmitting Author's Country
- Luxembourg
