Loading…
Security benchmarks of OSGi platforms: toward Hardened OSGi
OSGi platforms are extensible component platforms, i.e. they support the dynamic and transparent installation of components that are provided by third party providers at runtime. This feature makes systems built using OSGi extensible and adaptable, but opens a dangerous attack vector that has not be...
Saved in:
| Published in: | Software, practice & experience practice & experience, 2009-04, Vol.39 (5), p.471-499 |
|---|---|
| Main Authors: | , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c3306-c0206a973e4f31e2721ca518b3d227d1b1aa90b3720080ec1c08cdcfeefac9233 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c3306-c0206a973e4f31e2721ca518b3d227d1b1aa90b3720080ec1c08cdcfeefac9233 |
| container_end_page | 499 |
| container_issue | 5 |
| container_start_page | 471 |
| container_title | Software, practice & experience |
| container_volume | 39 |
| creator | Parrend, P. Frenot, S. |
| description | OSGi platforms are extensible component platforms, i.e. they support the dynamic and transparent installation of components that are provided by third party providers at runtime. This feature makes systems built using OSGi extensible and adaptable, but opens a dangerous attack vector that has not been considered as such until recently. Performing a security benchmark of the OSGi platform is therefore necessary to gather knowledge related to the weaknesses it introduces as well as to propose enhancements. A suitable Vulnerability Pattern is defined. The attacks that can be performed through malicious OSGi components are identified. Quantitative analysis is then performed so as to characterize the origin of the vulnerabilities and the target and consequences of the attacks. The assessment of the security status of the various implementations of the OSGi platform and of existing security mechanisms is done through a metric we introduce, the Protection rate (PR). Based on these benchmarks, OSGi‐specific security enhancements are identified and evaluated. First recommendations are given. Then evaluation is performed through the PR metric and performance analysis. Lastly, further requirements for building secure OSGi platforms are identified. Copyright © 2008 John Wiley & Sons, Ltd. |
| doi_str_mv | 10.1002/spe.906 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_33892933</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>33892933</sourcerecordid><originalsourceid>FETCH-LOGICAL-c3306-c0206a973e4f31e2721ca518b3d227d1b1aa90b3720080ec1c08cdcfeefac9233</originalsourceid><addsrcrecordid>eNp10EFLwzAUwPEgCs4pfoWe9CCdL0mXtHqSMTfBOaWK4iWk6QtWu7UmHXPf3s6KNy95h_x48P6EHFMYUAB27mscJCB2SI9CIkNg0csu6QHwOAQRRfvkwPt3AEqHTPTIZYpm5YpmE2S4NG8L7T58UNlgnk6KoC51Yyu38BdBU621y4Np--AS85__Q7Jndenx6Hf2ydP1-HE0DW_nk5vR1W1oOAcRGmAgdCI5RpZTZJJRo4c0znjOmMxpRrVOIOOSAcSAhhqITW4sotUmYZz3yUm3t3bV5wp9oxaFN1iWeonVyivO44QlfAtPO2hc5b1Dq2pXtCdtFAW1jaPaOKqN08qzTq6LEjf_MZXejzsddrrwDX796baVEpLLoXq-m6jXmWAPMp2pKf8GYoRzYg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>33892933</pqid></control><display><type>article</type><title>Security benchmarks of OSGi platforms: toward Hardened OSGi</title><source>Wiley-Blackwell Read & Publish Collection</source><creator>Parrend, P. ; Frenot, S.</creator><creatorcontrib>Parrend, P. ; Frenot, S.</creatorcontrib><description>OSGi platforms are extensible component platforms, i.e. they support the dynamic and transparent installation of components that are provided by third party providers at runtime. This feature makes systems built using OSGi extensible and adaptable, but opens a dangerous attack vector that has not been considered as such until recently. Performing a security benchmark of the OSGi platform is therefore necessary to gather knowledge related to the weaknesses it introduces as well as to propose enhancements. A suitable Vulnerability Pattern is defined. The attacks that can be performed through malicious OSGi components are identified. Quantitative analysis is then performed so as to characterize the origin of the vulnerabilities and the target and consequences of the attacks. The assessment of the security status of the various implementations of the OSGi platform and of existing security mechanisms is done through a metric we introduce, the Protection rate (PR). Based on these benchmarks, OSGi‐specific security enhancements are identified and evaluated. First recommendations are given. Then evaluation is performed through the PR metric and performance analysis. Lastly, further requirements for building secure OSGi platforms are identified. Copyright © 2008 John Wiley & Sons, Ltd.</description><identifier>ISSN: 0038-0644</identifier><identifier>EISSN: 1097-024X</identifier><identifier>DOI: 10.1002/spe.906</identifier><language>eng</language><publisher>Chichester, UK: John Wiley & Sons, Ltd</publisher><subject>component platform ; dependability ; OSGi component framework ; security benchmark ; software security assurance ; software vulnerabilities</subject><ispartof>Software, practice & experience, 2009-04, Vol.39 (5), p.471-499</ispartof><rights>Copyright © 2008 John Wiley & Sons, Ltd.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c3306-c0206a973e4f31e2721ca518b3d227d1b1aa90b3720080ec1c08cdcfeefac9233</citedby><cites>FETCH-LOGICAL-c3306-c0206a973e4f31e2721ca518b3d227d1b1aa90b3720080ec1c08cdcfeefac9233</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925</link.rule.ids></links><search><creatorcontrib>Parrend, P.</creatorcontrib><creatorcontrib>Frenot, S.</creatorcontrib><title>Security benchmarks of OSGi platforms: toward Hardened OSGi</title><title>Software, practice & experience</title><addtitle>Softw: Pract. Exper</addtitle><description>OSGi platforms are extensible component platforms, i.e. they support the dynamic and transparent installation of components that are provided by third party providers at runtime. This feature makes systems built using OSGi extensible and adaptable, but opens a dangerous attack vector that has not been considered as such until recently. Performing a security benchmark of the OSGi platform is therefore necessary to gather knowledge related to the weaknesses it introduces as well as to propose enhancements. A suitable Vulnerability Pattern is defined. The attacks that can be performed through malicious OSGi components are identified. Quantitative analysis is then performed so as to characterize the origin of the vulnerabilities and the target and consequences of the attacks. The assessment of the security status of the various implementations of the OSGi platform and of existing security mechanisms is done through a metric we introduce, the Protection rate (PR). Based on these benchmarks, OSGi‐specific security enhancements are identified and evaluated. First recommendations are given. Then evaluation is performed through the PR metric and performance analysis. Lastly, further requirements for building secure OSGi platforms are identified. Copyright © 2008 John Wiley & Sons, Ltd.</description><subject>component platform</subject><subject>dependability</subject><subject>OSGi component framework</subject><subject>security benchmark</subject><subject>software security assurance</subject><subject>software vulnerabilities</subject><issn>0038-0644</issn><issn>1097-024X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2009</creationdate><recordtype>article</recordtype><recordid>eNp10EFLwzAUwPEgCs4pfoWe9CCdL0mXtHqSMTfBOaWK4iWk6QtWu7UmHXPf3s6KNy95h_x48P6EHFMYUAB27mscJCB2SI9CIkNg0csu6QHwOAQRRfvkwPt3AEqHTPTIZYpm5YpmE2S4NG8L7T58UNlgnk6KoC51Yyu38BdBU621y4Np--AS85__Q7Jndenx6Hf2ydP1-HE0DW_nk5vR1W1oOAcRGmAgdCI5RpZTZJJRo4c0znjOmMxpRrVOIOOSAcSAhhqITW4sotUmYZz3yUm3t3bV5wp9oxaFN1iWeonVyivO44QlfAtPO2hc5b1Dq2pXtCdtFAW1jaPaOKqN08qzTq6LEjf_MZXejzsddrrwDX796baVEpLLoXq-m6jXmWAPMp2pKf8GYoRzYg</recordid><startdate>20090410</startdate><enddate>20090410</enddate><creator>Parrend, P.</creator><creator>Frenot, S.</creator><general>John Wiley & Sons, Ltd</general><scope>BSCLL</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>F28</scope><scope>FR3</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20090410</creationdate><title>Security benchmarks of OSGi platforms: toward Hardened OSGi</title><author>Parrend, P. ; Frenot, S.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c3306-c0206a973e4f31e2721ca518b3d227d1b1aa90b3720080ec1c08cdcfeefac9233</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2009</creationdate><topic>component platform</topic><topic>dependability</topic><topic>OSGi component framework</topic><topic>security benchmark</topic><topic>software security assurance</topic><topic>software vulnerabilities</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Parrend, P.</creatorcontrib><creatorcontrib>Frenot, S.</creatorcontrib><collection>Istex</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ANTE: Abstracts in New Technology & Engineering</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Software, practice & experience</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Parrend, P.</au><au>Frenot, S.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Security benchmarks of OSGi platforms: toward Hardened OSGi</atitle><jtitle>Software, practice & experience</jtitle><addtitle>Softw: Pract. Exper</addtitle><date>2009-04-10</date><risdate>2009</risdate><volume>39</volume><issue>5</issue><spage>471</spage><epage>499</epage><pages>471-499</pages><issn>0038-0644</issn><eissn>1097-024X</eissn><abstract>OSGi platforms are extensible component platforms, i.e. they support the dynamic and transparent installation of components that are provided by third party providers at runtime. This feature makes systems built using OSGi extensible and adaptable, but opens a dangerous attack vector that has not been considered as such until recently. Performing a security benchmark of the OSGi platform is therefore necessary to gather knowledge related to the weaknesses it introduces as well as to propose enhancements. A suitable Vulnerability Pattern is defined. The attacks that can be performed through malicious OSGi components are identified. Quantitative analysis is then performed so as to characterize the origin of the vulnerabilities and the target and consequences of the attacks. The assessment of the security status of the various implementations of the OSGi platform and of existing security mechanisms is done through a metric we introduce, the Protection rate (PR). Based on these benchmarks, OSGi‐specific security enhancements are identified and evaluated. First recommendations are given. Then evaluation is performed through the PR metric and performance analysis. Lastly, further requirements for building secure OSGi platforms are identified. Copyright © 2008 John Wiley & Sons, Ltd.</abstract><cop>Chichester, UK</cop><pub>John Wiley & Sons, Ltd</pub><doi>10.1002/spe.906</doi><tpages>29</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0038-0644 |
| ispartof | Software, practice & experience, 2009-04, Vol.39 (5), p.471-499 |
| issn | 0038-0644 1097-024X |
| language | eng |
| recordid | cdi_proquest_miscellaneous_33892933 |
| source | Wiley-Blackwell Read & Publish Collection |
| subjects | component platform dependability OSGi component framework security benchmark software security assurance software vulnerabilities |
| title | Security benchmarks of OSGi platforms: toward Hardened OSGi |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-28T12%3A57%3A43IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Security%20benchmarks%20of%20OSGi%20platforms:%20toward%20Hardened%20OSGi&rft.jtitle=Software,%20practice%20&%20experience&rft.au=Parrend,%20P.&rft.date=2009-04-10&rft.volume=39&rft.issue=5&rft.spage=471&rft.epage=499&rft.pages=471-499&rft.issn=0038-0644&rft.eissn=1097-024X&rft_id=info:doi/10.1002/spe.906&rft_dat=%3Cproquest_cross%3E33892933%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c3306-c0206a973e4f31e2721ca518b3d227d1b1aa90b3720080ec1c08cdcfeefac9233%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=33892933&rft_id=info:pmid/&rfr_iscdi=true |