Abstract:
In recent years we observed a grown of cybersecurity threats, especially thanks to the ubiquitous of connected and autonomous devices. A list of these devices, commonly defined as Internet of Things, includes industrial automation, autonomous vehicles, robot-assisted surgery, surveillance platforms, home service automation and many more robotics domains; considering the sensitive information that are processed by these devices, the possibility of attacks should be considered as a serious security matter. This thesis focuses on the Robot Operating System (ROS), a widely adopted standard robotic middle-ware. We will analyse its possible vulnerabilities and the resulting threats that could be posed by attackers. More in details, the present work will provide an in-depth analysis of ROS and SROS - a proposed addition to the ROS API ecosystem to support modern cryptography and security measures - in addition to the development of a static analyser upon SROS for the automatic creation of software-enforcement security profiles. In order to do so, we performed the following tasks: (1) standardize the security logging format; (2) standardize the profile syntax for the policy; (3) provide new tooling to introspect recorded security logs. Lastly, we discussed some enhancements for SROS following the standard proposed by oneM2M.
