Volatile memory forensics for the Robot Operating System

The increasing impact of robotics on industry and on society will unavoidably lead to the involvement of robots in incidents and mishaps. In such cases, forensic analyses are key techniques to provide useful evidence on what happened, and try to prevent future incidents. This article discusses volatile memory forensics for the Robot Operating System (ROS). The authors start by providing a general overview of forensic techniques in robotics and then present a robotics-specific Volatility plugin named linux_rosnode, packaged within the ros_volatility project and aimed to extract evidence from robot's volatile memory. They demonstrate how this plugin can be used to detect a specific attack pattern on ROS, where a publisher node is unregistered externally, leading to denial of service and disruption of robotic behaviors. Step-by-step, common practices are introduced for performing forensic analysis and several techniques to capture memory are described. The authors finalize by introducing some future remarks while providing references to reproduce their work.

[1]  Erik Tews,et al.  Introducing the Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics , 2018, ArXiv.

[2]  James Butler,et al.  Physical Memory Forensics for Files and Cache , 2011 .

[3]  Morgan Quigley,et al.  ROS: an open-source Robot Operating System , 2009, ICRA 2009.

[4]  Aaron Walters,et al.  The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory , 2014 .

[5]  Renxi Qiu,et al.  A Forensic Investigation of the Robot Operating System , 2017, 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[6]  Timothy Grance,et al.  Computer Security Incident Handling Guide | NIST , 2004 .

[7]  Kevin Mandia,et al.  Incident Response & Computer Forensics , 2003 .

[8]  Peter Schartner,et al.  Security for the Robot Operating System , 2017, Robotics Auton. Syst..

[9]  Eldad Eilam,et al.  Reversing: Secrets of Reverse Engineering , 2005 .

[10]  Gorka Olalde Mendia,et al.  Robotics CTF (RCTF), a playground for robot hacking , 2018, ArXiv.

[11]  Golden G. Richard,et al.  Acquisition and analysis of volatile memory from android devices , 2012, Digit. Investig..

[12]  Stefanie Tellex,et al.  Scanning the Internet for ROS: A View of Security in Robotics Research , 2018, 2019 International Conference on Robotics and Automation (ICRA).

[13]  Peter Schartner,et al.  Secure Data Recording and Bio-Inspired Functional Integrity for Intelligent Robots , 2018, 2018 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS).

[14]  Gorka Olalde Mendia,et al.  Towards an open standard for assessing the severity of robot security vulnerabilities, the Robot Vulnerability Scoring System (RVSS) , 2018, ArXiv.