Secure OSGi Platform against Service Injection

Kim, Intae; Rim, Keewook; Lee, Junghyun

doi:10.1007/978-3-642-17610-4_9

Intae Kim⁷,
Keewook Rim⁸ &
Junghyun Lee⁷

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 122))

1249 Accesses

Abstract

OSGi platform provides Java-based open standard programming interface that enables communication and control among devices at home. Service-oriented, component based software systems built using OSGi are extensible and adaptable but they entail new types of security concerns. Security concerns in OSGi platforms can be divided into two basic categories: vulnerabilities in Java cross-platform (or multi-platform) technology and vulnerabilities in the OSGi framework. This paper identifies a new OSGi platform-specific security vulnerability called a service injection attack and proposes two mechanisms of protection against this newly identified security risk in the OSGi framework.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Royon, Y., Frénot, S.: Multiservice home gateways: business model, execution environment, management infrastructure. IEEE Communications Magazine 45(10), 122–128 (2007)
Article Google Scholar
OSGi Alliance. OSGi service platform, core specification release 4.2. release 03 (2010)
Google Scholar
Binder, W.: Secure and Reliable Java-Based Middleware Challenges and Solutions. In: 1st International Conference on Availability, Reliability and Security. ARES, pp. 662–669. IEEE Computer Society, Washington (2006)
Google Scholar
Parrend, P., Frenot, S.: Classification of component vulnerabilities in Java service oriented programming platforms. In: Chaudron, M.R.V., Ren, X.-M., Reussner, R. (eds.) CBSE 2008. LNCS, vol. 5282, pp. 80–96. Springer, Heidelberg (2008)
Chapter Google Scholar
Lowis, L., Accorsi, R.: On a classification approach for SOA vulnerabilities. In: Proc. IEEE Workshop on Security Aspects of Process and Services Eng (SAPSE). IEEE Computer Press, Los Alamitos (2009)
Google Scholar
Czajkowski, G., Daynès, L.: Multitasking without compromise: a virtual machine evolution. In: Proceedings of the Object Oriented Programming, Systems, Languages, and Applications Conference, Tampa Bay, USA, pp. 125–138. ACM, New York (2001)
Google Scholar
Geoffray, N., Thomas, G., Folliot, B., Clement, C.: Towards a new Isolation Abstraction for OSGi. In: Engeland, M., Spinczyk, O. (eds.) The 1st Workshop on Isolation and Integration in Embedded Systems, IIES 2008, pp. 41–45. ACM, New York (2008)
Google Scholar
Gama, K., Donsez, D.: Towards Dynamic Component Isolation in a Service Oriented Platform. In: Lewis, G.A., Poernomo, I., Hofmeister, C. (eds.) CBSE 2009. LNCS, vol. 5582, pp. 104–120. Springer, Heidelberg (2009)
Chapter Google Scholar
Geoffray, N., Thomas, G., Muller, G., Parrend, P., Frenot, S., Folliot, B.: I-JVM: a Java Virtual Machine for Component Isolation in OSGi. Research Report RR-6801, INRIA (2009)
Google Scholar
Parrend, P., Frénot, S.: Security benchmarks of OSGi platforms: toward hardened OSGi. Software: Practice and Experience 39(5), 471–499 (2009)
Google Scholar
Parrend, P., Frenot, S.: Supporting the secure deployment of OSGi Bundles. In: First IEEE WoWMoM Workshop on Adaptive and Dependable Mission and Business Critical Mobile Systems, Helsinki, Finland (2007)
Google Scholar
Knopflerfish OSGi - Open Source OSGi service platform, http://knopflerfish.org/
Equinox, http://www.eclipse.org/equinox
Apache felix, http://felix.apache.org/site/index.html
Howes, T.: The String Representation of LDAP Search Filters. IETF RFC, Network Working Group, Request for Comments: 2254 (1997)
Google Scholar
Sun Microsystems Inc., JAR file specification. Sun Java Specifications (2003), http://java.sun.com/j2se/1.5.0/docs/guide/jar/jar.html

Download references

Author information

Authors and Affiliations

Department of Computer Science and Information Technology, Inha University, 253 Yonghyun-dong, Nam-gu, Incheon, 402-751, Republic of Korea
Intae Kim & Junghyun Lee
Department of Computer and Information Science, Sunmoon University, Asan-si, Chungnam, 336-708, Republic of Korea
Keewook Rim

Authors

Intae Kim
View author publications
You can also search for this author in PubMed Google Scholar
Keewook Rim
View author publications
You can also search for this author in PubMed Google Scholar
Junghyun Lee
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Hannam University, Daejeon, South Korea
Tai-hoon Kim
National Chiao Tung University, Hsinchu, Taiwan
Wai-chi Fang
King Saud University, Riyadh, Saudi Arabia
Muhammad Khurram Khan
Mississippi State University, Mississippi State, MS, USA
Kirk P. Arnett
Dept. of Computer Engineering, Mokwon University, 800, Doan-dong, Seo-gu, 302-729, Daejeon, Korea
Heau-jo Kang
University of Warsaw & Infobright Inc., Poland
Dominik Ślęzak

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kim, I., Rim, K., Lee, J. (2010). Secure OSGi Platform against Service Injection. In: Kim, Th., Fang, Wc., Khan, M.K., Arnett, K.P., Kang, Hj., Ślęzak, D. (eds) Security Technology, Disaster Recovery and Business Continuity. Communications in Computer and Information Science, vol 122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17610-4_9

Download citation

DOI: https://doi.org/10.1007/978-3-642-17610-4_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17609-8
Online ISBN: 978-3-642-17610-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics