Poster: Towards Complete Computation Graph Generation for Security Assessment of ROS Applications

Abstract

Robot Operating System (ROS) is a popular middleware suite providing a set of libraries and tools to help with building robot applications. The ROS community makes it possible for developers to compose their own robot applications by simply integrating open-sourced software of different functionalities as standalone processes (ROS nodes) in their own application. These processes communicate with each other through the infrastructure provided by ROS, forming a graph of nodes called computation graph. However, adopting third-party software introduces the possibility of supply-chain attacks. By interacting with other nodes, the third-party ROS nodes seeming to be the most harmless can violate users' privacy, launch denial of service attacks, and even cause danger to human lives, due to the cyber-physical nature of robot applications. To allow effective security assessment of robot applications, we are the first to propose to explore a hybrid program analysis-based method to extract these interactions, i.e. the computation graph, from source code and identify the potentially malicious nodes within the graph.