Thursday, February 3, 2011

Please Secure Your Robot: Part 4 of 5

Accounting provides a log of the robot's operation. This is not only necessary as a debugging tool, but it also provides a way to audit the operation of the robot. While there may be some duplication of the information logged, these two tasks should be accomplished by separate subsystems.

Many of the newer robotics frameworks have an extensive logging support capable of recording huge amounts of sensor data at high speeds. While being able to record message bus traffic to disk is useful for debugging the majority of the data is of short term value. Furthermore as newer 3D sensors produce an ever increasing amount of data the storage requirements can quickly become formidable. This type of log is mostly useful for research and development, and for failure analysis of production systems where a rolling log of the previous hours data may be sufficient. Given the temporal nature of the data an operator may have control of this subsystem to enable or disable debugging, or to clear the debug logs entirely.

However, independent of the robotics framework, there is a need for an operational log that is only accessible with administrative access. This should be a long term log of the operation of the robot over the course of weeks and months.

It should contain a log of the robot's high level state, and at minimum the log should record if the robot is running autonomously or being teleoperated. Even on smaller robots it would not be difficult to have a microcontroller wake up at regular intervals to log the GPS position of the robot.

Linux based robots inherit a well tested systems for user login records, however this will bring it's own challenges as many robotics frameworks do not yet fully support multi-user installations. The most important things to log are the time a user logs in and where they are connecting from.

In an ideal world, the robot's log would be convincingly tamper resistant and robust enough that if the robot is damaged or destroyed that the operation logs will still exist and admissible as evidence in court. Even on the simplest robots it would be helpful to have an audit log of when the robot was operating in autonomous mode or being teleoperated.

A basic robot operation log should have minimal implementation costs and would greatly improve forensic analysis in the event of the robot being involve in an intentional or accidental injury or death. Basically, we need to start building flight data recorders for robots.

No comments: