Reference : Securing Robots: An Integrated Approach for Security Challenges adn Monitoring for th...
Dissertations and theses : Doctoral thesis
Engineering, computing & technology : Computer science
Security, Reliability and Trust
Securing Robots: An Integrated Approach for Security Challenges adn Monitoring for the Robotic Operating System
Rivera, Sean mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN >]
University of Luxembourg, ​​Luxembourg
Docteur en Informatique
State, Radu mailto
Lenzini, Gabriele mailto
Nita-Rotaru, Cristina mailto
Becker, Sheila mailto
Gurbani, Vijay mailto
[en] Robotics ; Security ; ROS
[en] Robotic systems are proliferating in our society due to their capacity to carry out physical
tasks on behalf of human beings, with current applications in the military, industrial, agricultural,
and domestic fields. The Robotic Operating System (ROS) is the de-facto standard for
the development of modular robotic systems. Manufacturing and other industries use ROS
for their robots, while larger companies such as Windows and Amazon have shown interest
in supporting it, with ROS systems projected to make up most robotic systems within the
next five years. However, a focus on security is needed as ROS is notorious for the absence
of security mechanisms, placing people in danger both physically and digitally.
This dissertation presents the security shortcomings in ROS and addresses them by
developing a modular, secure framework for ROS. The research focuses on three features:
internal system defense, external system verification, and automated vulnerability detection.
This dissertation provides an integrated approach for the security of ROS-enabled robotic
systems to set a baseline for the continual development of ROS security.
Internal system defense focuses on defending ROS nodes from attacks and ensuring
system safety in compromise. ROS-Defender, a firewall for ROS leveraging Software Defined
Networking (SDN), and ROS-FM, an extension to ROS-Defender that uses the extended
Berkely Packet Filter(eBPF), are discussed. External system verification centers on
when data becomes the enemy, encompassing sensor attacks, network infrastructure attacks,
and inter-system attacks. In this section, the use of machine learning to address
sensor attacks is demonstrated, eBPF is utilized to address network infrastructure attacks,
and consensus algorithms are leveraged to mitigate inter-system attacks. Automated vulnerability
detection is perhaps the most important, focusing on detecting vulnerabilities and providing
immediate mitigating solutions to avoid downtime or system failure. Here, ROSploit,
an automated vulnerability scanner for ROS, and DiscoFuzzer, a fuzzing system designed
for robots, are discussed. ROS-Immunity combines all the components for an integrated tool
that, in conjunction with Secure-ROS, provides a suite of defenses for ROS systems against
malicious attackers.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Services and Data management research group (SEDAN)

File(s) associated to this reference

Fulltext file(s):

Open access
Sean_Rivera_PhD_Thesis_Final_Correct_Cover.pdfAuthor postprint5.69 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.