Security-by-Contract for the OSGi Platform

Abstract : The natural business model of OSGi is dynamic loading and removal of bundles or services on an OSGi platform. If bundles can come from different stakeholders, how do we make sure that one’s services will only be invoked by the authorized bundles? A simple solution is to interweave functional and security logic within each bundle, but this decreases the benefits of using a common platform for service deployment and is a well-known source of errors. Our solution is to use the Security-by-Contract methodology (SxC) for loading time security verification to separate the security from the business logic while controlling access to applications. The basic idea is that each bundle has a contract embedded into its manifest, that contains details on functional requirements and permissions for access by other bundles on the platform. During bundle installation the contract is matched with the platform security policy (aggregating the contracts of the installed bundles). We illustrate the SxC methodology on a concrete case study for home gateways and discuss how it can help to overcome the OSGi security management shortcomings.
Type de document :
Communication dans un congrès
Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.364-375, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_30〉
Liste complète des métadonnées

Littérature citée [11 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01518231
Contributeur : Hal Ifip <>
Soumis le : jeudi 4 mai 2017 - 13:45:26
Dernière modification le : jeudi 4 mai 2017 - 14:53:54
Document(s) archivé(s) le : samedi 5 août 2017 - 13:05:48

Fichier

978-3-642-30436-1_30_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Olga Gadyatskaya, Fabio Massacci, Anton Philippov. Security-by-Contract for the OSGi Platform. Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.364-375, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_30〉. 〈hal-01518231〉

Partager

Métriques

Consultations de la notice

87

Téléchargements de fichiers

25