MARA Threat Model #228
MARA Threat Model #228
Conversation
|
Maybe it's worth sharing that Acutronic Robotics has been funding this work for the last few months and encouraged a release aligned with @thomas-moulard's (and the rest of his colleagues). I will go through the PR |
|
Awesome! 👍 I'll start reviewing this but before that, would you mind making sure that the new files are passing the Markdown linter:
I had to ignore the MD033 forbidding inline HTML but everything else seems like things which can be fixed. |
|
Thanks @thomas-moulard! Sure, we'll get on it ASAP! |
| @@ -45,19 +52,78 @@ th { | |||
|
|
|||
| </div> | |||
|
|
|||
| ## Table of Contents | |||
|
|
|||
| - [{{ page.title }}](#pagetitle) | |||
There was a problem hiding this comment.
The toc should appear automatically with that tag when running it with jekyll?
There was a problem hiding this comment.
I realized that I had this tag and it's not doing what I expect it to do. I guess it's fine to keep that manual for this PR but we should probably try to automate this somehow.
There was a problem hiding this comment.
We found out that putting a "* TOC" just above {:toc} generates a visible table of contents. See example below. You could just try! Visually it generates the toc on the right side of the page (using Jekyll)
| - [{{ page.title }}](#pagetitle) | |
| * TOC | |
| {:toc} | |
| - [{{ page.title }}](#pagetitle) |
There was a problem hiding this comment.
@olaldiko will you accept this? If so, maybe we should remove the TOC generated manually below?
| @@ -186,6 +252,10 @@ attack). | |||
| <td>Physical Safety</td> | |||
| <td>The robotic system must not harm its users or environment.</td> | |||
| </tr> | |||
| <tr> | |||
| <td>Robot Integrity</td> | |||
| <td>The robotic system must not damage itself.</td> | |||
There was a problem hiding this comment.
I don't have a strong opinion there, but compared to expanding the scope of Physical Safety, do you see cases where those two columns values won't be identical?
|
|
||
| [Diagram Source (draw.io)](ros2_threat_model/attack_tree_physical.xml) | ||
|
|
||
| The next diagram shows the infrastructure affected on a possible attack based on a compromise of a physical communication port. |
There was a problem hiding this comment.
To me it sounds better "the affected infrastructure". Opinions?
|
@olaldiko this is great, thanks for sending this! Do you think we should align and use RVSS for all of the doc instead of DREAD? |
Good catch from @thomas-moulard! I don't think it needs further discussion ;)
Just reorder references alphabetically.
Update reference order
Correct "atempt" typo
Typos: Just correct Maximun and Minimun
Correct maximun/minimun
While it would be nice, in this case RVSS is not meant for measuring risks, but actual vulnerabilities. It would be the equivalent of the CVSS for robotics. |
Just reorder references alphabetically.
Add linter fixes
Fix link spacing
|
@olaldiko That SGTM, not sure if we will be able to follow-up on that for TB3 right now but it seems better to have only on standard and make it evolve as/if needed. We can explain that in another section "How to add your robot to this threat model? You should evaluate your threats using RSF, etc.". If you would like to add this section in this PR that'd be great, otherwise it can done later by either you or us. |
|
Sure @thomas-moulard, that SGTM too. I will start working on the new section! |
|
@olaldiko Let's rebase this and we can merge the doc 🚢 |
|
Good! @thomas-moulard, @tfoote, what would be the procedure here? Shall we rewrite history on the PR itself or the rebase is performed when merging into gh-pages branch? |
Co-Authored-By: olaldiko <gorka.olalde@gmail.com>
|
I'll let @tfoote answer this one. I did rebase and pushed with |
|
@tfoote and @thomas-moulard can we merge this please? We are preparing a few additional contributions that should ship soon after this one. |
|
@olaldiko are you guys fine with it? |
|
Sure! All clear from our side!
El vie., 26 abr. 2019 13:42, Víctor Mayoral Vilches <
notifications@github.com> escribió:
… @olaldiko <https://github.com/olaldiko> are you guys fine with it?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#228 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AANBZKDXXMXAHN6TA6H6F63PSLTBDANCNFSM4HEGXKIQ>
.
|
|
@olaldiko Can you rebase the doc? I will merge it once it's done. |
|
Thanks a lot for reacting @thomas-moulard, great! @olaldiko, happy let me know if you need help rebasing the file. |
Co-Authored-By: olaldiko <gorka.olalde@gmail.com>
…ics/design into mara_threatmodel_pull
|
@thomas-moulard, I think that we have successfully rebased the commits now. Please, check and let me know if any changes need to be done! |
|
@olaldiko Could you check again? I can't merge because there are still conflicts in this PR:
|
|
@thomas-moulard , I have been doing several tests on my own fork, and I think that the best strategy here would be to squash and merge into the base branch instead of rebasing. This way the changes will show up as a single commit on the gh-pages branch. I think that this was done in #218 and others as well, as each PR shows up as a single commit on base. No conflicts arise following this strategy. Could you please check and tell me your thoughts? |
|
@thomas-moulard This document doesn't follow the style guide for markdown (https://index.ros.org/doc/ros2/Contributing/Developer-Guide/#markdown-restructured-text-docblocks). Please update the doc to follow the one-sentence-per-line rule. See https://github.com/ros2/design/pull/236/files#diff-60aa2b3022e7728b236f31c650141eceL3544 for a case why the current state is not desired. |
|
Thanks Dirk for checking, I assigned to myself #237 and I'll do that by EOW. |
|
#238 should fix style issues. |
This adds an extension to the original Threat Model proposed by @thomas-moulard started on #218 .
Based on the work done by the Amazon Robotics team, we have developed a threat model for an industrial cobot, the MARA by Acutronics Robotics.
We also have some additions on attack vectors and assets in the main threat table.
The objective of this threat model extension is to create a replicable base for creating threat models for different robots on industrial environments.
Work done by @o-olalde, @XabierPB and @borkenerice and myself (@olaldiko) as part of Alias Robotics.