Seminars

View all Seminars  |  Download ICal for this event

Decentralized Information Flow Control for the Robot Operating System

Series: M.Tech (Research) Thesis Defense

Speaker: Chinmay Gameti, M.Tech (Research) student Dept. of CSA

Date/Time: Feb 06 10:00:00

Location: CSA Conference Room, (Room No. 328, Second Floor)

Faculty Advisor: Prof. Vinod Ganapathy

Abstract:
The Robot Operating System (ROS) is a popular open-source middleware widely used in the

robotics community. While ROS provides extensive support for robotic application development,

it lacks certain fundamental security features, making ROS-based systems vulnerable to

attacks that can compromise the application and user security. To address these challenges,

ROS incorporates security plugins and libraries to protect against unauthorized access and ensure

secure communication between ROS applications. However, these user-level security tools

do not protect end-to-end information flow against operating system (OS)-level attacks.

This research introduces FlowROS, a decentralized information flow control (DIFC) system

for ROS. FlowROS empowers ROS applications with fine-grained control over their sensitive

information, providing a programmable interface and supporting explicit label propagation for

modified ROS applications. FlowROS also leverages implicit label propagation for backward

compatibility with unmodified ROS applications while guaranteeing end-to-end information

flow control, including secrecy and integrity requirements. The implementation of FlowROS

includes a kernel-level enforcement engine based on Linux security modules (LSM) to intercept

sensitive communications within the system.


The contributions of this research include identifying the limitations of mandatory access

control (MAC)-based policy frameworks in ROS, motivating the need for DIFC systems in

robotics platforms, presenting FlowROS as a practical DIFC solution for ROS applications,

addressing the inherent DIFC challenge in ROS, and demonstrating the robustness, security,

and performance of FlowROS through case studies, evaluations, and practical policies.

Overall, FlowROS enhances the security of ROS-based systems by providing ROS applications

explicit control over the flow of their sensitive information, mitigating vulnerabilities, and

protecting against accidental data disclosure.