Abstract
OSGi platform provides Java-based open standard programming interface that enables communication and control among devices at home. Service-oriented, component based software systems built using OSGi are extensible and adaptable but they entail new types of security concerns. Security concerns in OSGi platforms can be divided into two basic categories: vulnerabilities in Java cross-platform (or multi-platform) technology and vulnerabilities in the OSGi framework. This paper identifies a new OSGi platform-specific security vulnerability called a service injection attack and proposes two mechanisms of protection against this newly identified security risk in the OSGi framework.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Royon, Y., Frénot, S.: Multiservice home gateways: business model, execution environment, management infrastructure. IEEE Communications Magazine 45(10), 122–128 (2007)
OSGi Alliance. OSGi service platform, core specification release 4.2. release 03 (2010)
Binder, W.: Secure and Reliable Java-Based Middleware Challenges and Solutions. In: 1st International Conference on Availability, Reliability and Security. ARES, pp. 662–669. IEEE Computer Society, Washington (2006)
Parrend, P., Frenot, S.: Classification of component vulnerabilities in Java service oriented programming platforms. In: Chaudron, M.R.V., Ren, X.-M., Reussner, R. (eds.) CBSE 2008. LNCS, vol. 5282, pp. 80–96. Springer, Heidelberg (2008)
Lowis, L., Accorsi, R.: On a classification approach for SOA vulnerabilities. In: Proc. IEEE Workshop on Security Aspects of Process and Services Eng (SAPSE). IEEE Computer Press, Los Alamitos (2009)
Czajkowski, G., Daynès, L.: Multitasking without compromise: a virtual machine evolution. In: Proceedings of the Object Oriented Programming, Systems, Languages, and Applications Conference, Tampa Bay, USA, pp. 125–138. ACM, New York (2001)
Geoffray, N., Thomas, G., Folliot, B., Clement, C.: Towards a new Isolation Abstraction for OSGi. In: Engeland, M., Spinczyk, O. (eds.) The 1st Workshop on Isolation and Integration in Embedded Systems, IIES 2008, pp. 41–45. ACM, New York (2008)
Gama, K., Donsez, D.: Towards Dynamic Component Isolation in a Service Oriented Platform. In: Lewis, G.A., Poernomo, I., Hofmeister, C. (eds.) CBSE 2009. LNCS, vol. 5582, pp. 104–120. Springer, Heidelberg (2009)
Geoffray, N., Thomas, G., Muller, G., Parrend, P., Frenot, S., Folliot, B.: I-JVM: a Java Virtual Machine for Component Isolation in OSGi. Research Report RR-6801, INRIA (2009)
Parrend, P., Frénot, S.: Security benchmarks of OSGi platforms: toward hardened OSGi. Software: Practice and Experience 39(5), 471–499 (2009)
Parrend, P., Frenot, S.: Supporting the secure deployment of OSGi Bundles. In: First IEEE WoWMoM Workshop on Adaptive and Dependable Mission and Business Critical Mobile Systems, Helsinki, Finland (2007)
Knopflerfish OSGi - Open Source OSGi service platform, http://knopflerfish.org/
Equinox, http://www.eclipse.org/equinox
Apache felix, http://felix.apache.org/site/index.html
Howes, T.: The String Representation of LDAP Search Filters. IETF RFC, Network Working Group, Request for Comments: 2254 (1997)
Sun Microsystems Inc., JAR file specification. Sun Java Specifications (2003), http://java.sun.com/j2se/1.5.0/docs/guide/jar/jar.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, I., Rim, K., Lee, J. (2010). Secure OSGi Platform against Service Injection. In: Kim, Th., Fang, Wc., Khan, M.K., Arnett, K.P., Kang, Hj., Ślęzak, D. (eds) Security Technology, Disaster Recovery and Business Continuity. Communications in Computer and Information Science, vol 122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17610-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-17610-4_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17609-8
Online ISBN: 978-3-642-17610-4
eBook Packages: Computer ScienceComputer Science (R0)