Authorization
Definition
Implement role-based access control (RBAC) to ensure that only authorized personnel have access to critical
functionalities and data within the robotics systems
How it works
Role-Based Access Control (RBAC) assigns users to predefined roles with specific permissions based on job functions.
Users inherit role-associated permissions, simplifying access management. During authentication, the system grants
access according to the user's assigned roles. RBAC enhances security, scalability, and auditability, fostering a
least privilege approach. Administrators periodically review and adjust role assignments to align with
organizational changes
Authorization within ROS2
SROS2 implements Mandatory Access Control (MAC). each topic has an enclave, the enclave contains an Identity
Certificate Authority, which functions as a trust anchor (similar as to the authentication system). Each node
contains a permissions.xml file, in which is described what a node is allowed to do. Using this file a S/MIME signed
policy file can be made, the new file must use the Identity Certificate Authority private key for signing. When a
node wants to perform an action it now sends this signed file with any request, from which other nodes can derive
the access the node is supposed to have. This is described in the
SROS2 design document and
Access Control
documentation
Considerations
When implementing Role-Based Access Control (RBAC), several considerations are crucial:
- Regularly review and update roles based on organizational changes.
- Implement the principle of least privilege to restrict unnecessary access.
- Clearly define roles and associated permissions.
Related ATTACK Techniques
References
Secured
action authorization for industrial mobile robots