Skip to main content
SpringerLink
Log in

Flexible authorization in home network environments

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

In home network environments, OSGi platform plays a major role as the service gateway to access into home appliances. It is important to provide appropriate services as well as security mechanisms to protect confidential or sensitive information and devices. Authorization is especially important when controlling the access of different users. OSGi platform supports the role based access control but it does not support various facilities in the RBAC model. To address such shortcomings, several works have proposed the enhanced access control mechanisms for the OSGi service platform. However, these are still limited to applying the traditional RBAC conventions to OSGi platform. This paper extends the existing authorization mechanism of OSGi platform to address its limitations for dynamic deployments. By adding the relative role concept and activating the access control using the delegation model, proposed mechanism enables a diverse and outstanding access control. We implement the proposed mechanism using aspectJ and illustrate how to develop a bundle including access control logic.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. OSGi Alliance, OSGi service platform, core specification release 4.2, September 2009. [Online] Available: http://www.osgi.org/

  2. Equinox homepage. http://www.eclipse.org/equinox

  3. Ferraiolo, D.F., Kuhn, D.R.: Role based access control. In: 15th National Computer Security Conference (1992), pp. 554–563

  4. Cho, E.-A., Moon, C.-J., Park, D.-H., Baik, D.-K.: Access control policy management framework based on RBAC in OSGi service platform. In: Proc. 6th IEEE Int. Conf. Comput. Inf. Technol. (CIT 2006), pp. 161–166. IEEE Computer Society, Washington (2006)

    Google Scholar 

  5. Cho, E.-A., Moon, C.-J., Park, D.-H., Baik, D.-K.: An effective policy management framework using RBAC model for service platform based on components. In: Proc. 4th Int. Conf. Softw. Eng. Res., Manage. Appl. (SERA 2006), pp. 281–288. IEEE Computer Society, Washington (2006)

    Google Scholar 

  6. Lim, H.-Y., Kim, Y.-G., Moon, C.-J., Baik, D.-K.: Bundle authentication and authorization using XML security in the OSGi service platform. In: Proc. 4th Annu. ACIS Int. Conf. Comput. Inf. Sci. (ICIS 2005), pp. 502–507. IEEE Computer Society, Washington (2005)

    Google Scholar 

  7. Ahn, G.-J., Hu, H., Jin, J.: Security-enhanced OSGi service environments. IEEE Trans. Syst. Man Cybern., Part C Appl. Rev. 39(5) (2009)

  8. Kiczales, G., Lamping, J., Menhdhekar, A., Maeda, C., Lopes, C., Loingtier, J.-M., Irwin, J.: Aspect-oriented programming. In: Akşit, M., Matsuoka, S. (eds.) Proceedings European Conf. on Object-Oriented Programming, pp. 220–242. New York (1997)

    Google Scholar 

  9. Howes, T.: The string representation of LDAP search filters. IETF RFC, Network Working Group, Request for Comments: 2254 (1997)

  10. Dehlinger, J., Subramanian, N.V.: Architecting secure software systems using an aspect-oriented approach: a survey of current research. Technical report, Iowa State University (2006)

  11. Phung, P.H., Sands, D.: Security policy enforcement in the OSGi framework using aspect-oriented programming. In: Proceedings of the 32nd Annual International 120 BIBLIOGRAPHY COMPSAC 2008, Turku, Finland, Jul. 28–Aug. 1 2008, pp. 1076–1082. IEEE Computer Society, Washington (2008)

    Google Scholar 

  12. Mourad, A., Laverdiere, M.A., Debbabi, M.: An aspect-oriented approach for the systematic security hardening of code. Comput. Secur. 27(3–4), 101–114 (2008)

    Article  Google Scholar 

  13. Keuler, T., Kornev, Y.: A light-weight load-time weaving approach for OSGi. In: Proceedings of the 2008 Workshop on Next Generation Aspect Oriented Middleware, Brussels, 2008, pp. 6–10

  14. Irmert, F., Lauterwald, F., Bott, M., Fischer, T., Meyer-Wegener, K.: Integration of dynamic AOP into the OSGi service platform. In: Proceedings of the 2nd Workshop on Middleware-Application Interaction, Oslo, 2008, pp. 25–30

  15. Frei, A., Alonso, G.: A dynamic lightweight platform for ad-hoc infrastructures. In: PERCOM ’05: Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications, Washington, DC, pp. 373–382

  16. Royon, Y., Frénot, S.: Multiservice home gateways: business model, execution environment, management infrastructure. IEEE Commun. Mag. 45(10), 122–128 (2007)

    Article  Google Scholar 

  17. Sun Microsystems. Java 1.5 documentation, 2007. http://java.sun.com/j2se/1.5.0

  18. AspectJ Home page. http://www.eclipse.org/aspectj

  19. Laddad, R.: AspectJ in Action: Enterprise AOP with Spring Applications, 2nd edn. Manning Publications, Greenwich (2009)

    Google Scholar 

  20. Apache felix homepage. http://felix.apache.org/site/index.html

  21. Knopflerfish. Knopflerfish open source OSGi. (2006). [Online] Available: http://www.knopflerfish.org

  22. Parrend, P., Frénot, S.: Security benchmarks of OSGi platforms: toward hardened OSGi. Softw. Pract. Exp. 39(5), 471–499 (2009)

    Article  Google Scholar 

  23. Parrend, P., Frenot, S.: Supporting the secure deployment of OSGi bundles. In: First IEEE WoWMoM Workshop on Adaptive and DependAble Mission and bUsiness Critical Mobile Systems, Helsinki, Finland, 2007

  24. Geoffray, N., Geel, T., Muller, G., et al.: I-JVM: a Java virtual machine for component isolation in OSGi. In: DSN’09 (Estoril, Portugal, April 2009), p. 10

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Information Technology, Inha University, 253 Yonghyun-dong, Nam-gu, Incheon, 402-751, Republic of Korea

    Intae Kim & Junghyun Lee

  2. Department of Industrial Security, Kyonggi University, 94-6 Yiui-dong, Yeongtong-gu, Suwon, Kyonggi-do, 443-760, Republic of Korea

    Daesung Lee & Kuinam J. Kim

Authors
  1. Intae Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daesung Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kuinam J. Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Junghyun Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Intae Kim.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kim, I., Lee, D., Kim, K.J. et al. Flexible authorization in home network environments. Cluster Comput 15, 3–15 (2012). https://doi.org/10.1007/s10586-010-0142-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-010-0142-7

Keywords

Search

Navigation