Browse > Article
http://dx.doi.org/10.5392/JKCA.2010.10.8.111

Preventing Service Injection Attack on OSGi Platform  

Kim, In-Tae (인하대학교 정보공학과)
Chung, Kyung-Yong (상지대학교 컴퓨터정보공학부)
Rim, Kee-Wook (선문대학교 컴퓨터정보학부)
Lee, Jung-Hyun (인하대학교 정보공학과)
Publication Information
The Journal of the Korea Contents Association / v.10, no.8, 2010 , pp. 111-118 More about this Journal
Abstract
The OSGi platform is a Java-based component platform that is being widely used from environments for the application development to enterprise software. The OSGi platform provides dynamic and transparent installation for open environments. However, it open new attacks so that many researches try to solve OSGi vulnerability. Security flaws in OSGi platform are categorized two parts: the JVM and the OSGi platform itself. We focus on vulnerability by OSGi platform itself, particularly service injection. We identify the service injection attack and suggest secure mechanisms to prevent the attack. Those mechanisms are implemented, providing a few modification to the Knopflerfish OSGi implementation and are evaluated through comparing with existing mechanisms.
Keywords
OSGi; Service injection; Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 G. Czajkowski and L. Dayn'es. Multitasking without compromise: a virtual machine evolution. In Proceedings of the Object Oriented Programming, Systems, Languages, and Applications Conference, pages 125-138, Tampa Bay, USA, October 2001. ACM.   DOI
2 GEOFFRAY, N., THOMAS, G., MULLER, G., ET AL. I-JVM: a Java virtual machine for component isolation in OSGi. In DSN'09 (Estoril, Portugal), p.10, 2009(4).   DOI
3 Knopflerfish OSGi - Open Source OSGi service platform. http://knopflerfish.org/
4 Apache felix. http://felix.apache.org/site/ index.html
5 Spring Dynamic Modules for OSGi(tm) Service Platforms http://www.springsource.org /osgi
6 Howes T. The String Representation of LDAP Search Filters. IETF RFC, Network Working Group, Request for Comments: 2254, 1997
7 Sun Microsystems, Inc. JAR File Specification, Sun Java Specifications, 2003.
8 OSGi Alliance. OSGi service platform, core specification release 4.2. release 03 2010.
9 Y. Royon and S. Fr´enot. Multiservice home gateways: business model, execution environment, management infrastructure. IEEE Communications Magazine, Vol.45, No.10, pp.122-128, 2007(10).   DOI   ScienceOn
10 Equinox. http://www.eclipse.org/equinox.
11 P. Parrend and S. Fr'enot. Security benchmarks of OSGi platforms: toward hardened OSGi. Software: Practice and Experience, Vol.39, No.5, pp.471-499, 2009(4).   DOI   ScienceOn
12 P. Parrend, S. Frenot, Supporting the secure deployment of OSGi Bundles. First IEEE WoWMoM Workshop on Adaptive and DependAble Mission and bUsiness Critical Mobile Systems, Helsinki, Finland, 2007.   DOI