Add methods to running OPC UA Server dynamically by OPC UA Clients|OPC UA Implementation: Stacks, Tools, and Samples|Forum|OPC Foundation

Avatar
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
Add methods to running OPC UA Server dynamically by OPC UA Clients
Avatar
Alexander Artyomenko
Member
Members
Forum Posts: 5
Member Since:
07/31/2023
sp_UserOfflineSmall Offline
1
12/18/2023 - 01:17
sp_Permalink sp_Print

Hello everyones!!!

I have proposition, how add scpirt code for OPC UA Methods created by OPC UAClients.

Please look my pyblication:

https://www.linkedin.com/posts…..er_desktop

I would like to hear opinions on the feasibility and ways of introducing this feature.

With best regards,

Alexander.

Avatar
Randy Armstrong
Admin
Forum Posts: 1579
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
2
12/18/2023 - 16:24
sp_Permalink sp_Print

This kind of feature can only be implemented by servers that are built with an SDK that can support it.

Many cannot.

This feature is also a huge security risk because servers would execute code that may be supplied by a malicious client.

It is not clear what problem this feature would solve.

Avatar
Alexander Artyomenko
Member
Members
Forum Posts: 5
Member Since:
07/31/2023
sp_UserOfflineSmall Offline
3
12/18/2023 - 22:13
sp_Permalink sp_Print

Thank You, Randy!

The idea is that you can take control of the interpretation of the script and limit dangerous operations, for example, prohibit writing and allow only reading, allow the allocation of only a certain amount of resources, limit execution time, etc., while returning the failure reason code to the client

Avatar
Randy Armstrong
Admin
Forum Posts: 1579
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
4
12/18/2023 - 23:36
sp_Permalink sp_Print

Hackers are very good at finding ways to exploit zero days in scripting engines. It is not just about resource consumption, the risk comes from information leaks or privilege elevation.

It is not possible to prove that such a feature would be safe which means many servers would refuse to support it even if they had the capability. There would need to be a very strong business case to overcome this concern.

Can you articulate what problems this would solve and why the problems cannot be solved in another way or can be solved more cheaply with this solution? “Wouldn’t this be cool” is not a business case. 

Avatar
Alexander Artyomenko
Member
Members
Forum Posts: 5
Member Since:
07/31/2023
sp_UserOfflineSmall Offline
5
12/19/2023 - 00:30
sp_Permalink sp_Print

Hi, Randy!!

I was study open62541 (and QUAServer too) and it is possible to create methods by UA_node managment..

And I had a question: is it possible to implement and ensure code security in methods? This is where the idea of an interpreter came up, although I tried several ways to do it (shellcode, dynamic translation, loadable libraries). It seemed to me that if we control interpretation, we can control everything…
I decided to ask if the developers of the standard think about this?

Maybe you would advise us to consider some kind of SDK that supports this possibility?

Avatar
Randy Armstrong
Admin
Forum Posts: 1579
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
6
12/20/2023 - 13:14
sp_Permalink sp_Print

As I said: what is the business case?

i.e. what problem does this feature solve that cannot be solved in a way that is less exposed to security problems?

It is simply not possible to guarantee safety of a scripting engine because coding errors can create vulnerabilities.

The only safe option is never execute code provided from a source that is not trusted.

Avatar
Alexander Artyomenko
Member
Members
Forum Posts: 5
Member Since:
07/31/2023
sp_UserOfflineSmall Offline
7
12/20/2023 - 22:41
sp_Permalink sp_Print

Thank you, Randy!!

The business case can be different, for example, there was a need to change the algorithm or formula for calculating a certain value using the method from variables in the server, but you would not want to stop the server…
By the way, I have two thoughts
1. Perhaps misunderstanding arises due to the meaning that is attached to the concept. I don’t mean a bash-type interpreter. which runs any programs, etc. We are talking about a script interpreter that is specially developed, and we can add the commands we need to it, for example, only read variables, if this is enough for us, when implementing potentially dangerous commands, we can install the necessary checks and limit the area of influence to ensure safety…
2. If it is possible for a client to add objects to the server, then what prevents him from adding them in too large a quantity so that the server crashes…?

Merry Christmas, Randy!!

Avatar
Randy Armstrong
Admin
Forum Posts: 1579
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
8
12/21/2023 - 04:52
sp_Permalink sp_Print

there was a need to change the algorithm or formula for calculating a certain value using the method from variables in the server, but you would not want to stop the server

You could do this today with ChangeForumla Method or allowing writes to the Definition property.

for this use case, I could see developing a formal syntax for the Definition

https://reference.opcfoundatio…..docs/5.3.1

We could use MathML: https://en.wikipedia.org/wiki/MathML
or OpenMath: https://openmath.org/technical/

to define the formula where the variables are NodeIds using string syntax in Part 6: 
https://reference.opcfoundatio…..ocs/5.1.12

Avatar
Alexander Artyomenko
Member
Members
Forum Posts: 5
Member Since:
07/31/2023
sp_UserOfflineSmall Offline
9
12/21/2023 - 06:22
sp_Permalink sp_Print

Thank you, Randy!

Forum Timezone: America/Phoenix
Most Users Ever Online: 510
Currently Online:
Guest(s) 33
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1446
Posts: 4890