Multi-Master Security

[piyushk]

Discussion continued from https://github.com/robotics-in-concert/rocon_multimaster/issues/237

In this thread, I want to understand Yujin's security requirements. In general, both ROS and redis were not designed for security in mind, and were supposed to be used on trusted networks only.

Here's how we plan on handling things at UTexas (currently not implemented):

1. The internal CS network is assumed to be trusted, and most machines inside this network that we'll use for the multi-master system are firewalled. We still have the problem where a ROS master running on a non-firewalled machine exposes data publicly. We'll handle this on a case to case basis.
2. Our robots are not a part of the CS network, but will use a bridged VPN to this network.
3. Other devices, such as laptops/mobile phones, only connect to the network using RobotWebTools, and access to certain portions of the web interface is controlled with something as simple as htaccess.
4. The only other thing I'm not sure about are camera feeds. The university may require them to be controlled even within the CS network.

[stonier]

Our use cases for now are fairly simple - assume to be on a trusted network. This may change in about six-twelve months when we start exploring real use cases/field tests with our new development line.

[piyushk]

That answers my question. I'll close this issue for now.