DDS-Builder: Construction and Release of a Public Dataset for Cyber-Physical Systems based on Data Distribution Service (DDS)
Abstract
In this paper, we present the DDS-Builder, a tool designed to systematize the collection, categorization, and analysis of vulnerabilities in systems based on the Data Distribution Service (DDS), while also introducing a new public dataset. The DDS-Builder integrates with the Vulners database and utilizes Gemini 1.5 Pro to classify vulnerabilities according to the Common Weakness Enumeration (CWE) framework. We also conduct an analysis of the collected data, providing insights into the frequency, severity, and most common types of vulnerabilities.
Keywords:
DDS, Security, Vulnerability, Dataset, LLM, Comparative Analysis
References
Pardo-Castellote, G. OMG data-distribution service: Architectural overview. In: IEEE. 23RD International Conference on Distributed Computing Systems Workshops, 2003. Proceedings. 2003. P. 200–206.
(OMG), O. M. G. Data Distribution Service (DDS) Specification. 2015. [link]. Accessed: 01 oct. 2024.
Macenski, S. et al. Robot operating system 2: Design, architecture, and uses in the wild. Science robotics, American Association for the Advancement of Science, v. 7, n. 66, eabm6074, 2022.
Scordino, C.; Mariño, A. G.; Fons, F. Hardware acceleration of data distribution service (dds) for automotive communication and computing. IEEE Access, IEEE, v. 10, p. 109626–109651, 2022.
Du, J.; Gao, C.; Feng, T. Formal safety assessment and improvement of DDS protocol for industrial data distribution service. Future Internet, MDPI, v. 15, n. 1, p. 24, 2022.
Wagner, P. G.; Birnstill, P.; Beyerer, J. DDS Security+: Enhancing the Data Distribution Service With TPM-based Remote Attestation. In: PROCEEDINGS of the 19th International Conference on Availability, Reliability and Security. 2024. P. 1–11.
Maggi, F. et al. A Security Analysis of the Data Distribution Service (DDS) Protocol. In: TREND Micro Research, Inc., Japan. 2022. P. 15–20.
Kim, H.; Kim, D.-K.; Alaerjan, A. ABAC-based security model for DDS. IEEE Transactions on Dependable and Secure Computing, IEEE, v. 19, n. 5, p. 3113–3124, 2021.
Abdulghani, R. M. et al. Vulnerabilities and security issues in IoT protocols. In: IEEE. 2020 First international conference of smart systems and emerging technologies (SMARTTECH). 2020. P. 7–12.
Du, J.; Gao, C.; Feng, T. Formal Safety Assessment and Improvement of DDS Protocol for Industrial Data Distribution Service. Future Internet, v. 15, n. 1, p. 24, 2023. DOI: 10.3390/fi15010024.
Zhang, S.; Zhang, M.; Zhao, L. VIET: A Tool for Extracting Essential Information from Vulnerability Descriptions for CVSS Evaluation. In: DATA and Applications Security and Privacy XXXVII: 37th Annual IFIP WG 11.3 Conference, DBSec 2023, Sophia-Antipolis, France, July 19–21, 2023, Proceedings. Berlin, Heidelberg: Springer-Verlag, 2023. P. 386–403. ISBN 978-3-031-37585-9. DOI: 10.1007/978-3-031-37586-6_23.
Michaud, M. J.; Dean, T.; Leblanc, S. P. Attacking OMG data distribution service (DDS) based real-time mission critical distributed systems. In: PROCEEDINGS of the 13th International Conference on Malicious and Unwanted Software (MALWARE). Nantucket, MA, USA, out. 2018. P. 68–77.
White, R.; Caiazza, G.; Jiang, C. Network reconnaissance and vulnerability excavation of secure DDS systems. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EUROS&PW). Stockholm, Sweden, jun. 2019. P. 57–66. DOI: 10.1109/EuroSPW.2019.00013.
Wang, B.; Li, H.; Guan, J. A Formal Analysis of Data Distribution Service Security. In: ACM. ACM Asia Conference on Computer and Communications Security (ASIA CCS ’24). New York, NY, USA: ACM, jul. 2024. P. 12. DOI: 10.1145/3634737.3656288.
Bogaerts, F. C.; Ivaki, N.; Fonseca, J. A Taxonomy for Python Vulnerabilities. IEEE Open Journal of the Computer Society, IEEE Computer Society, n. 01, p. 1–12, 2024.
Vulners. API Documentation. 2024. Disponível em: [link]. Acesso em: 4 out. 2024.
NIST. National Vulnerability Database. 2024. Disponível em: [link]. Acesso em: 1 out. 2024.
MITRE CWE. Common Weakness Enumeration. 2024. Disponível em: [link]. Acesso em: 2 out. 2024.
Python Software Foundation. Python Language Reference. 2024. Disponível em: [link]. Acesso em: 2 out. 2024.
Google AI. Gemini API. 2024. Disponível em: [link]. Acesso em: 4 out. 2024.
Xiaowen, Z. et al. Design and Implementation of Robot Middleware Service Integration Framework Based on DDS. In: IEEE. 2022 IEEE International Conference on Real-time Computing and Robotics (RCAR). 2022. P. 588–593.
Jeong, S. et al. Behavior tree driven multi-mobile robots via data distribution service (DDS). In: IEEE. 2021 21st International Conference on Control, Automation and Systems (ICCAS). 2021. P. 1633–1638.
Lu, Q. et al.Modeling and Analysis of Data Flow-Oriented ROS2 Data Distribution Service. International Journal of Software & Informatics, v. 11, n. 4, 2021.
Lienen, C.; Middeke, S. H.; Platzner, M. fpgaDDS: An Intra-FPGA Data Distribution Service for ROS 2 Robotics Applications. In: IEEE. 2023 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS). 2023. P. 6261–6266.
(OMG), O. M. G. Data Distribution Service (DDS) Specification. 2015. [link]. Accessed: 01 oct. 2024.
Macenski, S. et al. Robot operating system 2: Design, architecture, and uses in the wild. Science robotics, American Association for the Advancement of Science, v. 7, n. 66, eabm6074, 2022.
Scordino, C.; Mariño, A. G.; Fons, F. Hardware acceleration of data distribution service (dds) for automotive communication and computing. IEEE Access, IEEE, v. 10, p. 109626–109651, 2022.
Du, J.; Gao, C.; Feng, T. Formal safety assessment and improvement of DDS protocol for industrial data distribution service. Future Internet, MDPI, v. 15, n. 1, p. 24, 2022.
Wagner, P. G.; Birnstill, P.; Beyerer, J. DDS Security+: Enhancing the Data Distribution Service With TPM-based Remote Attestation. In: PROCEEDINGS of the 19th International Conference on Availability, Reliability and Security. 2024. P. 1–11.
Maggi, F. et al. A Security Analysis of the Data Distribution Service (DDS) Protocol. In: TREND Micro Research, Inc., Japan. 2022. P. 15–20.
Kim, H.; Kim, D.-K.; Alaerjan, A. ABAC-based security model for DDS. IEEE Transactions on Dependable and Secure Computing, IEEE, v. 19, n. 5, p. 3113–3124, 2021.
Abdulghani, R. M. et al. Vulnerabilities and security issues in IoT protocols. In: IEEE. 2020 First international conference of smart systems and emerging technologies (SMARTTECH). 2020. P. 7–12.
Du, J.; Gao, C.; Feng, T. Formal Safety Assessment and Improvement of DDS Protocol for Industrial Data Distribution Service. Future Internet, v. 15, n. 1, p. 24, 2023. DOI: 10.3390/fi15010024.
Zhang, S.; Zhang, M.; Zhao, L. VIET: A Tool for Extracting Essential Information from Vulnerability Descriptions for CVSS Evaluation. In: DATA and Applications Security and Privacy XXXVII: 37th Annual IFIP WG 11.3 Conference, DBSec 2023, Sophia-Antipolis, France, July 19–21, 2023, Proceedings. Berlin, Heidelberg: Springer-Verlag, 2023. P. 386–403. ISBN 978-3-031-37585-9. DOI: 10.1007/978-3-031-37586-6_23.
Michaud, M. J.; Dean, T.; Leblanc, S. P. Attacking OMG data distribution service (DDS) based real-time mission critical distributed systems. In: PROCEEDINGS of the 13th International Conference on Malicious and Unwanted Software (MALWARE). Nantucket, MA, USA, out. 2018. P. 68–77.
White, R.; Caiazza, G.; Jiang, C. Network reconnaissance and vulnerability excavation of secure DDS systems. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EUROS&PW). Stockholm, Sweden, jun. 2019. P. 57–66. DOI: 10.1109/EuroSPW.2019.00013.
Wang, B.; Li, H.; Guan, J. A Formal Analysis of Data Distribution Service Security. In: ACM. ACM Asia Conference on Computer and Communications Security (ASIA CCS ’24). New York, NY, USA: ACM, jul. 2024. P. 12. DOI: 10.1145/3634737.3656288.
Bogaerts, F. C.; Ivaki, N.; Fonseca, J. A Taxonomy for Python Vulnerabilities. IEEE Open Journal of the Computer Society, IEEE Computer Society, n. 01, p. 1–12, 2024.
Vulners. API Documentation. 2024. Disponível em: [link]. Acesso em: 4 out. 2024.
NIST. National Vulnerability Database. 2024. Disponível em: [link]. Acesso em: 1 out. 2024.
MITRE CWE. Common Weakness Enumeration. 2024. Disponível em: [link]. Acesso em: 2 out. 2024.
Python Software Foundation. Python Language Reference. 2024. Disponível em: [link]. Acesso em: 2 out. 2024.
Google AI. Gemini API. 2024. Disponível em: [link]. Acesso em: 4 out. 2024.
Xiaowen, Z. et al. Design and Implementation of Robot Middleware Service Integration Framework Based on DDS. In: IEEE. 2022 IEEE International Conference on Real-time Computing and Robotics (RCAR). 2022. P. 588–593.
Jeong, S. et al. Behavior tree driven multi-mobile robots via data distribution service (DDS). In: IEEE. 2021 21st International Conference on Control, Automation and Systems (ICCAS). 2021. P. 1633–1638.
Lu, Q. et al.Modeling and Analysis of Data Flow-Oriented ROS2 Data Distribution Service. International Journal of Software & Informatics, v. 11, n. 4, 2021.
Lienen, C.; Middeke, S. H.; Platzner, M. fpgaDDS: An Intra-FPGA Data Distribution Service for ROS 2 Robotics Applications. In: IEEE. 2023 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS). 2023. P. 6261–6266.
Published
2024-11-27
How to Cite
FIDELES, Douglas; KREUTZ, Diego; QUINCOZES, Silvio.
DDS-Builder: Construction and Release of a Public Dataset for Cyber-Physical Systems based on Data Distribution Service (DDS). In: REGIONAL SCHOOL OF COMPUTER NETWORKS (ERRC), 21. , 2024, Rio Grande/RS.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 148-153.
DOI: https://doi.org/10.5753/errc.2024.4678.
