Friday, January 28, 2011

Please Secure Your Robot: Part 3 of 5

Authorization controls can be used to determine if the user is allowed to perform the requested task. This is more difficult to implement than simply asking for password but can be useful to prevent some types of problems. For example, it might be useful to provide your customers access to a tele-presence robot to tour your facility or attend meetings, but it you may want to restrict where a customer is authorized to operate the robot. If you owned a tele-presence robot, you could use authorization controls to prevent your mother-in-law from going into your messy bedroom or secret laboratory when she was using it to babysit you children.

The military may find these controls useful for UAVs by having trainees that can fly but may not have access to fire control or have throttle limits placed on their operation. More complex authorization controls will be useful as applications move from purely military to more public safety applications. There will need to be ways to restrict operators from operating equipment outside of their responsibilities, or capabilities.

There seem to be a few interesting categories where this could be useful for preventing abuse and improving safety for mobile robotics. Location based restrictions on operations could limit UAV purchased by a county police department to operation within the counties borders and at restricted altitude limits without administrative override. This could make UAVs much less useful in the event that they are stolen. Time based restrictions could be connected to an organization's time clock so that off-duty public safety officers would not be tempted to use the equipment for personal gain. Functionality based restrictions would be useful for preventing accidents by operators-in-training and may be useful for medical robots to control the dispensing of restricted medications.

Implementation of authorization systems will be challenging. Management of location based per user keep-out zones may create administrative issues and may be difficult to configure. Robots that use probabilistic based systems for determining their location may have issues when a robot sudden finds itself probably inside a restricted area. Can they leave or are they stuck there until someone intervenes? This is going to be difficult to do correctly.

An authorization control system can improve the safety and security of mobile robots, but it will probably be the most difficult part of robot security to implement in a way that it does what the users expect of it. Even a simple system could prove challenging to implement.

No comments: