ROS2

Definition

ROS2 (Robot Operating System 2) is an open-source middleware framework for robot software development. It provides communication, lifecycle management, and tooling primitives that allow robotics applications to compose distributed nodes across a robot or a fleet.

What it means

ROS2 is the successor to ROS1, redesigned around DDS (Data Distribution Service) as its communication layer instead of the custom ROS Master architecture used in ROS1. The change addresses ROS1's main limitations: real-time guarantees, multi-robot deployments, and built-in security primitives. ROS2 is the dominant robotics middleware in research and increasingly in commercial deployments, including service robotics, AGVs, drones, and autonomous mobile platforms.

The security model in ROS2 is provided by SROS2 (Secure ROS2), which uses DDS-Security to enforce authentication, encryption, and access control on the underlying RTPS (Real-Time Publish-Subscribe) traffic. Without SROS2 enabled, a ROS2 system is open by default — any node on the same DDS domain can publish to any topic, subscribe to any topic, or invoke any service. Many production deployments ship without SROS2, treating perimeter network controls as the security boundary, which fails the moment an attacker reaches the internal network.

For offensive-security assessment, ROS2 testing includes: domain enumeration (DDS multicast discovery), topic and service enumeration, action server discovery, parameter and configuration extraction, command injection through unauthenticated topics (especially `/cmd_vel` and motion-control topics), and SROS2 key-handling review when enabled.

Where it appears at Melina

Central to engagements under Robotics & Autonomous Systems Security. ROS2 testing scope is set during discovery; engagements vary widely in scope from "all topics" to "specific motion-control safety boundary".

Related terms

- SROS - RTPS - DDS

Authoritative sources

- ROS2 documentation - SROS2 documentation - DDS-Security 1.1 specification (OMG)

---