• Corpus ID: 214612310

DevSecOps in Robotics

  title={DevSecOps in Robotics},
  author={V{\'i}ctor Mayoral Vilches and Nuria Garc'ia-Maestro and McKenna Towers and Endika Gil-Uriarte},
Quality in software is often understood as "execution according to design purpose" whereas security means that "software will not put data or computing systems at risk of unauthorized access." There seems to be a connection between these two aspects but, how do we integrate both of them in the robotics development cycle? In this article we introduce DevSecOps in Robotics, a set of best practices designed to help roboticists implant security deep in the heart of their development and operations… 

Figures from this paper

Alurity, a Toolbox for Robot Cybersecurity
This work tackles the current lack of offensive cybersecurity research in robotics by presenting a toolbox and the results obtained with it through several use cases conducted over a year period, and proposes a modular and composable toolbox for robot cybersecurity: alurity.
Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice
This book aims to stipulate the inclusion of security in robotics from the earliest design phases onward and with a special focus on the cost-benefit tradeoff that can otherwise be an inhibitor for the fast development of affordable systems.
SmartTS: A Component-Based and Model-Driven Approach to Software Testing in Robotic Software Ecosystem
The core contribution of SmartTS is support for test and validation suites derived from the model packages of components and systems that are tightly bound to an application domain’s data and service models as defined in the RobMoSys (EU H2020 project) compliant SmartMDSD toolchain.
Can ROS be used securely in industry? Red teaming ROS-Industrial
Results do not favour the secure use of ROS in industry today, however, it is confirmed that the security of certain robotic endpoints hold and the authors remain optimistic about securing ROS industrial deployments.
A Cryptography-Powered Infrastructure to Ensure the Integrity of Robot Workflows
This work presents a cryptography-powered distributed infrastructure for the preservation of robot workflows based on the abstraction of robot programs as workflows and provides an outlook on the integration of this work into the larger undertaking to provide a distributed ledger-based compliant robot application development environment.
Sichere und zuverlässige mobile Manipulation
Mobile Manipulatoren stellen dadurch allerdings komplexe Herausforderungen an deren industriellen Integration sowie physischer und cyberphysischer Sicherheit unter Einhaltung des gesetzlichen and normativen Grundgerusts.


Introducing the Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics
The Robot Security Framework (RSF), a methodology to perform systematic security assessments in robots, is presented and it is argued that modern robotics should regard as equally relevant internal and external communication security.
Introducing the Robot Vulnerability Database (RVD)
It is argued, that existing vulnerability databases are of insufficient information density and show some biased content with respect to vulnerabilities in robots and the Robot Vulnerability Database (RVD), a directory for responsible disclosure of bugs, weaknesses and vulnerabilities in Robots is presented.
Can I Depend on you? Mapping the Dependency and Quality Landscape of ROS Packages
Thousands of open-source ROS packages found on GitHub and Bitbucket are analyzed for their quality and their interdependencies to gain insights on how ROS is used in practice, how high the quality of the ROS packages and applications is, and where potential pitfalls in the use of ROS lie.
Towards an open standard for assessing the severity of robot security vulnerabilities, the Robot Vulnerability Scoring System (RVSS)
The present research work focuses upon creating an open and free to access Robot Vulnerability Scoring System (RVSS) that considers major relevant issues in robotics including a) robot safety aspects, b) assessment of downstream implications of a given vulnerability, c) library and third-party scoring assessments and d) environmental variables.
A software architecture framework for quality-aware DevOps
SQID, that stands for Specification Quality In DevOps, is a software architecture framework that supports the model-based documentation of software architectures and their quality properties in DevOps scenarios with the goal of providing DevOps-ready software architecture descriptions.
A Model-Driven Engineering Framework to Support the Functional Safety Process
This paper presents a modelling framework that supports DevOps principles of continuous testing and fast development iterations for the design of safety-critical systems and shows how modelling can help introducing DevOps in the context of functional safety analysis.
SecDevOps: Is It a Marketing Buzzword? - Mapping Research on Security in DevOps
  • V. Mohan, L. B. Othmane
  • Computer Science
    2016 11th International Conference on Availability, Reliability and Security (ARES)
  • 2016
The literature from academia and industry is surveyed to identify the main aspects of DevOps and SecDevOps and believe that the terms are not buzzwords, they imply important challenges that the security and software communities shall address to help organizations develop secure software while applying DevOps processes.
MISRA Standards for Automotive Software
This presentation will provide a review of the activities that MISRA is currently undertaking, including language subsets and safety analysis.
Towards DevOps in the Embedded Systems Domain: Why is It So Hard?
The contribution of this paper is to introduce the concept of DevOps adoption in the embedded systems domain and then to identify key challenges for the Dev Ops adoption.
Secure Coding: Building Security into the Software Development Life Cycle
To meet future needs, opportunities, and threats associated with information security, security needs to be “baked in” to the overall systems development life-cycle process.