Abstract
In home network environments, OSGi platform plays a major role as the service gateway to access into home appliances. It is important to provide appropriate services as well as security mechanisms to protect confidential or sensitive information and devices. Authorization is especially important when controlling the access of different users. OSGi platform supports the role based access control but it does not support various facilities in the RBAC model. To address such shortcomings, several works have proposed the enhanced access control mechanisms for the OSGi service platform. However, these are still limited to applying the traditional RBAC conventions to OSGi platform. This paper extends the existing authorization mechanism of OSGi platform to address its limitations for dynamic deployments. By adding the relative role concept and activating the access control using the delegation model, proposed mechanism enables a diverse and outstanding access control. We implement the proposed mechanism using aspectJ and illustrate how to develop a bundle including access control logic.
Similar content being viewed by others
References
OSGi Alliance, OSGi service platform, core specification release 4.2, September 2009. [Online] Available: http://www.osgi.org/
Equinox homepage. http://www.eclipse.org/equinox
Ferraiolo, D.F., Kuhn, D.R.: Role based access control. In: 15th National Computer Security Conference (1992), pp. 554–563
Cho, E.-A., Moon, C.-J., Park, D.-H., Baik, D.-K.: Access control policy management framework based on RBAC in OSGi service platform. In: Proc. 6th IEEE Int. Conf. Comput. Inf. Technol. (CIT 2006), pp. 161–166. IEEE Computer Society, Washington (2006)
Cho, E.-A., Moon, C.-J., Park, D.-H., Baik, D.-K.: An effective policy management framework using RBAC model for service platform based on components. In: Proc. 4th Int. Conf. Softw. Eng. Res., Manage. Appl. (SERA 2006), pp. 281–288. IEEE Computer Society, Washington (2006)
Lim, H.-Y., Kim, Y.-G., Moon, C.-J., Baik, D.-K.: Bundle authentication and authorization using XML security in the OSGi service platform. In: Proc. 4th Annu. ACIS Int. Conf. Comput. Inf. Sci. (ICIS 2005), pp. 502–507. IEEE Computer Society, Washington (2005)
Ahn, G.-J., Hu, H., Jin, J.: Security-enhanced OSGi service environments. IEEE Trans. Syst. Man Cybern., Part C Appl. Rev. 39(5) (2009)
Kiczales, G., Lamping, J., Menhdhekar, A., Maeda, C., Lopes, C., Loingtier, J.-M., Irwin, J.: Aspect-oriented programming. In: Akşit, M., Matsuoka, S. (eds.) Proceedings European Conf. on Object-Oriented Programming, pp. 220–242. New York (1997)
Howes, T.: The string representation of LDAP search filters. IETF RFC, Network Working Group, Request for Comments: 2254 (1997)
Dehlinger, J., Subramanian, N.V.: Architecting secure software systems using an aspect-oriented approach: a survey of current research. Technical report, Iowa State University (2006)
Phung, P.H., Sands, D.: Security policy enforcement in the OSGi framework using aspect-oriented programming. In: Proceedings of the 32nd Annual International 120 BIBLIOGRAPHY COMPSAC 2008, Turku, Finland, Jul. 28–Aug. 1 2008, pp. 1076–1082. IEEE Computer Society, Washington (2008)
Mourad, A., Laverdiere, M.A., Debbabi, M.: An aspect-oriented approach for the systematic security hardening of code. Comput. Secur. 27(3–4), 101–114 (2008)
Keuler, T., Kornev, Y.: A light-weight load-time weaving approach for OSGi. In: Proceedings of the 2008 Workshop on Next Generation Aspect Oriented Middleware, Brussels, 2008, pp. 6–10
Irmert, F., Lauterwald, F., Bott, M., Fischer, T., Meyer-Wegener, K.: Integration of dynamic AOP into the OSGi service platform. In: Proceedings of the 2nd Workshop on Middleware-Application Interaction, Oslo, 2008, pp. 25–30
Frei, A., Alonso, G.: A dynamic lightweight platform for ad-hoc infrastructures. In: PERCOM ’05: Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications, Washington, DC, pp. 373–382
Royon, Y., Frénot, S.: Multiservice home gateways: business model, execution environment, management infrastructure. IEEE Commun. Mag. 45(10), 122–128 (2007)
Sun Microsystems. Java 1.5 documentation, 2007. http://java.sun.com/j2se/1.5.0
AspectJ Home page. http://www.eclipse.org/aspectj
Laddad, R.: AspectJ in Action: Enterprise AOP with Spring Applications, 2nd edn. Manning Publications, Greenwich (2009)
Apache felix homepage. http://felix.apache.org/site/index.html
Knopflerfish. Knopflerfish open source OSGi. (2006). [Online] Available: http://www.knopflerfish.org
Parrend, P., Frénot, S.: Security benchmarks of OSGi platforms: toward hardened OSGi. Softw. Pract. Exp. 39(5), 471–499 (2009)
Parrend, P., Frenot, S.: Supporting the secure deployment of OSGi bundles. In: First IEEE WoWMoM Workshop on Adaptive and DependAble Mission and bUsiness Critical Mobile Systems, Helsinki, Finland, 2007
Geoffray, N., Geel, T., Muller, G., et al.: I-JVM: a Java virtual machine for component isolation in OSGi. In: DSN’09 (Estoril, Portugal, April 2009), p. 10
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kim, I., Lee, D., Kim, K.J. et al. Flexible authorization in home network environments. Cluster Comput 15, 3–15 (2012). https://doi.org/10.1007/s10586-010-0142-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-010-0142-7