HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation

Secure Component Deployment in the OSGi(tm) Release 4 Platform

Pierre Parrend 1 Stéphane Frénot 1
1 ARES - Architectures of networks of services
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : Last years have seen a dramatic increase in the use of component platforms, not only in classical application servers, but also more and more in the domain of Embedded Systems. The OSGi(tm) platform is one of these platforms dedicated to lightweight execution environments, and one of the most prominent. However, new platforms also imply new security flaws, and a lack of both knowledge and tools for protecting the exposed systems. This technical report aims at fostering the understanding of security mechanisms in component deployment. It focuses on securing the deployment of components. It presents the cryptographic mechanisms necessary for signing OSGi(tm) bundles, as well as the detailed process of bundle signature and validation. We also present the SFelix platform, which is a secure extension to Felix OSGi(tm) framework implementation. It includes our implementation of the bundle signature process, as specified by OSGi(tm) Release 4 Security Layer. Moreover, a tool for signing and publishing bundles, SFelix JarSigner, has been developed to conveniently integrate bundle signature in the bundle deployment process.
Complete list of metadata

Contributor : Rapport de Recherche Inria Connect in order to contact the contributor
Submitted on : Tuesday, July 18, 2006 - 11:52:26 AM
Last modification on : Friday, February 4, 2022 - 3:14:53 AM
Long-term archiving on: : Monday, September 20, 2010 - 4:31:55 PM




Pierre Parrend, Stéphane Frénot. Secure Component Deployment in the OSGi(tm) Release 4 Platform. [Technical Report] RT-0323, INRIA. 2006, pp.46. ⟨inria-00084795v2⟩



Record views


Files downloads