Poster: Towards Complete Computation Graph Generation for Security Assessment of ROS Applications

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2022-11-07 DOI:10.1145/3548606.3563540

Y. Luo, Ziwen Wan, Qi Alfred Chen

{"title":"Poster: Towards Complete Computation Graph Generation for Security Assessment of ROS Applications","authors":"Y. Luo, Ziwen Wan, Qi Alfred Chen","doi":"10.1145/3548606.3563540","DOIUrl":null,"url":null,"abstract":"Robot Operating System (ROS) is a popular middleware suite providing a set of libraries and tools to help with building robot applications. The ROS community makes it possible for developers to compose their own robot applications by simply integrating open-sourced software of different functionalities as standalone processes (ROS nodes) in their own application. These processes communicate with each other through the infrastructure provided by ROS, forming a graph of nodes called computation graph. However, adopting third-party software introduces the possibility of supply-chain attacks. By interacting with other nodes, the third-party ROS nodes seeming to be the most harmless can violate users' privacy, launch denial of service attacks, and even cause danger to human lives, due to the cyber-physical nature of robot applications. To allow effective security assessment of robot applications, we are the first to propose to explore a hybrid program analysis-based method to extract these interactions, i.e. the computation graph, from source code and identify the potentially malicious nodes within the graph.","PeriodicalId":435197,"journal":{"name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3548606.3563540","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Robot Operating System (ROS) is a popular middleware suite providing a set of libraries and tools to help with building robot applications. The ROS community makes it possible for developers to compose their own robot applications by simply integrating open-sourced software of different functionalities as standalone processes (ROS nodes) in their own application. These processes communicate with each other through the infrastructure provided by ROS, forming a graph of nodes called computation graph. However, adopting third-party software introduces the possibility of supply-chain attacks. By interacting with other nodes, the third-party ROS nodes seeming to be the most harmless can violate users' privacy, launch denial of service attacks, and even cause danger to human lives, due to the cyber-physical nature of robot applications. To allow effective security assessment of robot applications, we are the first to propose to explore a hybrid program analysis-based method to extract these interactions, i.e. the computation graph, from source code and identify the potentially malicious nodes within the graph.

查看原文本刊更多论文

海报:面向ROS应用安全评估的完整计算图生成

机器人操作系统(ROS)是一种流行的中间件套件，提供了一组库和工具来帮助构建机器人应用程序。ROS社区使开发人员能够通过简单地将不同功能的开源软件作为独立进程(ROS节点)集成到自己的应用程序中，从而组成自己的机器人应用程序。这些进程通过ROS提供的基础设施相互通信，形成一个称为计算图的节点图。然而，采用第三方软件引入了供应链攻击的可能性。由于机器人应用的网络物理特性，看似最无害的第三方ROS节点通过与其他节点交互，可能会侵犯用户隐私，发起拒绝服务攻击，甚至对人类生命造成威胁。为了对机器人应用进行有效的安全评估，我们首先提出了一种基于混合程序分析的方法，从源代码中提取这些交互，即计算图，并识别图中潜在的恶意节点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

自引率

0.00%

发文量