search

ros2 / sros2

tools to generate and distribute keys for SROS 2
Apache License 2.0
88 stars 43 forks source link

Add introspection and monitor verbs #277

Open vmayoral opened 2 years ago

vmayoral commented 2 years ago

This PR adds two new capabilities to the SROS 2 tools: 1️⃣introspection (of RTPS) for modeling purposes and 2️⃣ monitoring capabilities to detect security vulnerable endpoints in the computational graph. The two verbs build on top of prior work creating a dissector for RTPS (https://github.com/secdev/scapy/pull/3403).

⚠️ both of these capabilities require privileges to run since they sniff networking traffic ⚠️

1️⃣ introspection (of RTPS) for modeling purposes

introspection sniffs traffic and detects unique endpoints, reporting them in the stdout:

ros2 security introspection lo 10
introspecting lo for 10 seconds ...
DDS endpoint detected (hostId=17776813, appId=1014856696, instanceId=16777216)
    - RTPS version: 2.3
    - vendorId: eProsima - Fast-RTPS
    - transport: UDP
DDS endpoint detected (hostId=1696862209, appId=2184387115, instanceId=4263454804)
    - RTPS version: 2.1
    - vendorId: ADLINK - Cyclone DDS
    - transport: UDP

2️⃣ monitoring capabilities to detect security vulnerable endpoints

monitoring continuously sniffs traffic in search for RTPS packages. When found, unique endpoints are identified and dissected. From the information dissected 1) RTPS vendorId and 2) the RTPS protocol version are used to determine DDS version candidates and map these to publicly disclosed vulnerabilities.

(tested

ros2 security monitor
sniffing the DDS network...
Vulnerable DDS endpoint found (hostId=17776813, appId=1014856696, instanceId=16777216)
    - vendorId: eProsima - Fast-RTPS
    - DDS implementation version candidates: ['1.6.0', '1.7.0', '1.7.2', '1.7.2', '1.8.0', '1.8.1', '1.8.2', '1.8.4', '1.9.0', '1.9.2', '1.9.3', '2.0.0', '2.0.1', '2.0.2', '2.1.1', '2.3.1', '2.3.4']
    - CVE IDs:
        * CVE-2021-38425 (eProsima - Fast-RTPS version 1.6.0)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 1.7.0)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 1.7.2)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 1.8.0)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 1.8.1)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 1.8.2)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 1.8.4)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 1.9.0)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 1.9.2)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 1.9.3)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 2.0.0)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 2.0.1)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 2.0.2)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 2.1.1)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 2.3.1)
        * CVE-2021-38425 (eProsima - Fast-RTPS version 2.3.4)
Vulnerable DDS endpoint found (hostId=1696862209, appId=2184387115, instanceId=4263454804)
    - vendorId: ADLINK - Cyclone DDS
    - DDS implementation version candidates: ['0.1.0', '0.5.1', '0.7.0', '0.1.0', '0.5.1', '0.7.0', '0.6.0', '0.7.0', '0.8.0']
    - CVE IDs:
        * CVE-2021-38441 (ADLINK - Cyclone DDS version 0.1.0)
        * CVE-2021-38441 (ADLINK - Cyclone DDS version 0.5.1)
        * CVE-2021-38441 (ADLINK - Cyclone DDS version 0.7.0)
        * CVE-2021-38441 (ADLINK - Cyclone DDS version 0.6.0)
        * CVE-2021-38443 (ADLINK - Cyclone DDS version 0.1.0)
        * CVE-2021-38443 (ADLINK - Cyclone DDS version 0.5.1)
        * CVE-2021-38443 (ADLINK - Cyclone DDS version 0.7.0)
        * CVE-2021-38443 (ADLINK - Cyclone DDS version 0.6.0)

Signed-off-by: Víctor Mayoral Vilches v.mayoralv@gmail.com

artivis commented 2 years ago

Hi @vmayoral, thanks for this contrib!

I haven't reviewed the code per se and I'm still going through the paper (mind adding a link once available?) but here are my 2 cents:

My understanding is that both verbs introduce a dependency on secdev/scapy. Since sros2 is part of REP 2005, I'm wondering if it is appropriate to introduce this dependency to ROS 2 as a whole. It might be preferable to create a satellite package.

Concerning the verbs themselves, purely from a lexical perspective, I'm not a fan of introspection and especially not monitor. While I don't really have a better suggestion than scan to replace introspection, and thus no strong feeling, I definitely see a discrepancy between monitor, what one may expect from that and what it actually does. Imho a more explicit keyword would be better suited (cve / check-cve or such). Futur proofing, a more generic approach could look like ros2doctor which runs a bunch of heterogeneous checks and is expandable.

Edit:

Not to mention that this would require some tests and documentation to be merged.

vmayoral commented 2 years ago

Thanks for the comments @artivis, I'm open to those changes. Feel free to contribute on top proposing the modifications that are appropriate to fit with community guidelines and policies.

For completeness, this was announced at https://discourse.ros.org/t/sros2-usable-cyber-security-tools-for-ros-2/24719. All material's now public.