Improve documentation for ROS 2 security #1662
Conversation
Include content currently in the sros2 github repository, a "concepts" page and add additional content as tutorials: - Update "Concepts" with a paragraph on ROS 2 Security - Add a new "About ROS 2 Security" page under "Concepts" to give a security overview, introduce security enclaves, summarize the size security files, and mention important security environment variables - Add a new "Tutorials" section titled "Security" and remove the current link to content in the sros2 github repository - Migrate existing content in the sros2 github repository the security tutorials "Introducing ROS 2 Security", "Security Across Two Machines" and "Security Access Controls"; combine Linux, MacOS and Windows content as tabs - Reference other tutorials where possible rather than including content here (e.g., ROS installation, changing middleware, etc.) - Add "Understanding the ROS 2 Security Keystore" tutorial discussing details about the security files - Add "Examine Network Traffic" security tutorial to demonstrate inspection of raw network traffic - Update "Security Access Controls" content to show manual editing of a policy file to restrict enclave permissions - Update "Security Across Two Machines" content to use security standard Alice and Bob names for clarity, rather than feather2 and oldschool - Add questions to "Introducing" and "Keystore" tutorials Signed-off-by: Sid Faber <[email protected]>
|
@ros-security-wg @ruffsl @mikaelarguedas any chance I can get some eyes on this? Thank you!! |
|
This pull request has been mentioned on ROS Discourse. There might be relevant details there: https://discourse.ros.org/t/ros-2-tsc-meeting-minutes-2021-06-17/21017/1 |
source/Concepts.rst
Outdated
| Security | ||
| ^^^^^^^^ | ||
|
|
||
| ROS 2 includes the ability to secure communications among nodes within the ROS 2 graph. |
There was a problem hiding this comment.
| ROS 2 includes the ability to secure communications among nodes within the ROS 2 graph. | |
| ROS 2 includes the ability to secure communications among nodes within the ROS 2 computational graph. |
Though in the remainder of the content we can just omit it, let's make a clear distinction first between the ROS 2 computational graph and the ROS 2 data layer graph.
There was a problem hiding this comment.
Updated with e80f5e1
source/Concepts.rst
Outdated
| ^^^^^^^^ | ||
|
|
||
| ROS 2 includes the ability to secure communications among nodes within the ROS 2 graph. | ||
| Similar to discovery, security happens through the underlying ROS 2 middleware. |
There was a problem hiding this comment.
| Similar to discovery, security happens through the underlying ROS 2 middleware. | |
| Similar to discovery, security happens through the underlying ROS 2 middleware (provided it has support for the corresponding security plugins). |
Newcomers won't know that there're different middleware implementations, with different levels of support for the plugins. We should specify.
Also, my feeling in here is that we should probably say a bit more about other middlewares (and not just assume DDS will be the only option, since there're already use cases were this changes depending on the application/domain).
There was a problem hiding this comment.
Updated with e80f5e1
| The identity and permissions certificates also have associate private key files. | ||
| Add new enclaves to the domain by signing their Certificate Signing Request (CSR) with the identity certificate's private key. | ||
| Similarly, grant permissions for a new enclave by signing a permissions XML document with the permission certificate's private key. | ||
|
|
There was a problem hiding this comment.
An example in here would be awesome.
There was a problem hiding this comment.
I tried to leave this really lightweight, and leave all the examples in the tutorials. If you feel this should link to something else in this PR, leave me a suggestion and I'll add it in.
|
|
||
| Take the Quiz! | ||
| -------------- | ||
|
|
| The ``sros2`` package provides the tools and instructions to use ROS2 on top of DDS-Security. | ||
| The security features have been tested across platforms (Linux, macOS, and Windows) as well as across different languages (C++ and Python). | ||
|
|
||
| Although we are designing SROS2 to work with any secure middleware, at the moment we are testing with RTI Connext Secure 5.3.1 and eProsima's Fast-RTPS 1.6.0. |
There was a problem hiding this comment.
We may need to update this. DDS implementation versions vary depending on the ROS 2 distro used, and I believe CycloneDDS is now tested at the same level as other implementations
There was a problem hiding this comment.
Changed this wording to be somewhat more generic & distribution independent with e80f5e1.
|
|
||
| If you don't have OpenSSL installed, please follow :ref:`these instructions <windows-install-binary-installing-prerequisites>` | ||
|
|
||
| Fast-RTPS requires an additional CMake flag to build the security plugins, so the colcon invocation needs to be modified to pass: |
There was a problem hiding this comment.
To be updated ? All active ROS 2 versions now use Fast-DDS
There was a problem hiding this comment.
Changed Fast-RTPS to Fast-DDS in e80f5e1. This was just a lift of the material from ths sros2 repo, is there more to be changed?
| Selecting an alternate middleware | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
|
|
||
| If you choose not to use the default middleware implementation, be sure to `change your DDS implementation <../../Installation/DDS-Implementations>` before proceeding. |
There was a problem hiding this comment.
do these need a :ref: or a trailing underscore to render properly ?
There was a problem hiding this comment.
@clalancette tagging you on this, more of a policy issue here. This link works on my local build, but to add a :ref: would mean a change to the DDS-Implementations page, even though it's not quite related to this PR.
Would you prefer adding the :ref:?
There was a problem hiding this comment.
I think this is far enough along that we can come through and amend these smaller issues in a subsequent small PR.
There was a problem hiding this comment.
I agree with @kscottz: amendments can be in smaller, future PRs.
| .. code-block:: bash | ||
|
|
||
| cd ~/sros2_demo | ||
| ros2 security create_keystore demo_keystore |
There was a problem hiding this comment.
not sure how the tab system works, but is there a way for this type of line working across all platforms to not be duplicated n times ?
There was a problem hiding this comment.
I believe there's a type of #include directive but figured it was overkill for what we're doing here?
| .. code-block:: bash | ||
|
|
||
| ros2 security create_enclave demo_keystore /talker_listener/talker | ||
| ros2 security create_enclave demo_keystore /talker_listener/listener |
There was a problem hiding this comment.
same here, do we need to duplicate all commands 3 times if they're identical ?
There was a problem hiding this comment.
Same comment as above.
| .. code-block:: bash | ||
|
|
||
| sudo apt update | ||
| sudo apt install tcpdump |
There was a problem hiding this comment.
Yes. Packet capture in Windows is a bit different, and the installation is quite different. If you feel this should be branded as a "Linux only" tutorial, just lmk.
There was a problem hiding this comment.
I think it would be good to explicitly say that this is a Linux-only tutorial at the top. The same for any other tutorials that this is true for. This can be done, however, in a smaller PR.
| .. code-block:: bash | ||
|
|
||
| # In terminal 1: | ||
| source ~/.bashrc_ros2 |
There was a problem hiding this comment.
what is the content of this file ?
There was a problem hiding this comment.
As above, leftover from RosDevDays. Removed in e80f5e1.
| ^^^^^^^^^^^^^^^^^ | ||
|
|
||
| Stop both the talker and the listener nodes. | ||
| Enable encryption for both by setting the security environment variables and launch them again. |
There was a problem hiding this comment.
same remark about the use of "launch"
There was a problem hiding this comment.
Updated in e80f5e1.
|
|
||
| source ~/.bashrc_ros2 | ||
|
|
||
| export ROS_SECURITY_KEYSTORE=~/sros2_demo/demo_keys |
There was a problem hiding this comment.
is there a way to share snippets between tutorials ? this environment setup would benefit from being referenced instead of explicitely written every time (getting the snippet with the tab for each platform would be awesome)
There was a problem hiding this comment.
Discussed above. It's doable, but I don't believe it's worth the effort.
Also if you're asking if we should have the reader do some sort of shortcut--I actually intentionally keep adding this in to drive home the idea of the environment variables that really matter.
| .. code-block:: bash | ||
|
|
||
| # In terminal 1: | ||
| export ROS_SECURITY_KEYSTORE=~/sros2_demo/demo_keys |
There was a problem hiding this comment.
is there a way to share snippets between tutorials ? this environment setup would benefit from being referenced instead of explicitely written every time (getting the snippet with the tab for each platform would be awesome)
|
@clalancette can we please get some help to move this forward? @SidFaber proposal is quite valuable (and needed) IMHO. Happy to rebase this and include all suggestions if @SidFaber or @clalancette can’t process reviews. |
Signed-off-by: Sid Faber <[email protected]>
|
@vmayoral @mikaelarguedas @clalancette thanks a bunch for moving this forward, sorry I've been out of pocket for the last few weeks. Really appreciate the great feedback, please let me know anything you'd like to iterate on. |
|
This pull request has been mentioned on ROS Discourse. There might be relevant details there: https://discourse.ros.org/t/ros-2-tsc-meeting-minutes-2021-07-15/21453/2 |
There was a problem hiding this comment.
This is great and we should get it merged pronto. I don't think the outstanding issues are necessarily Sid's responsibility and we can address them in subsequent small PRs.
I say we merge it in. @clalancette Is that okay with you?
|
Also, Thanks @SidFaber this is great and we really appreciate it. |
| .. code-block:: bash | ||
|
|
||
| sudo apt update | ||
| sudo apt install tcpdump |
There was a problem hiding this comment.
I think it would be good to explicitly say that this is a Linux-only tutorial at the top. The same for any other tutorials that this is true for. This can be done, however, in a smaller PR.
| Selecting an alternate middleware | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
|
|
||
| If you choose not to use the default middleware implementation, be sure to `change your DDS implementation <../../Installation/DDS-Implementations>` before proceeding. |
There was a problem hiding this comment.
I agree with @kscottz: amendments can be in smaller, future PRs.
|
|
||
| Take the Quiz! | ||
| -------------- | ||
|
|
Signed-off-by: Audrow Nash <[email protected]>
|
Thanks for the PR, @SidFaber - this was huge! |
Apologies for the length of this PR but I felt the first cut at a section of security tutorials should all go at once. This adds content currently in the
sros2github repository, adds a "concepts" page and some adds additional content as tutorials:sros2repo under the "Demos" sectionaliceandbobnames for clarity rather thanfeather2andoldschool