Browse > Article

Security Architecture for OSGi Service Platform Environment  

박대하 (한국디지털대학교 디지털정보학과)
김영갑 (고려대학교 컴퓨터학과)
문창주 (고려대학교 컴퓨터학과)
백두권 (고려대학교 컴퓨터학과)
Publication Information
Journal of KIISE:Computing Practices and Letters / v.10, no.3, 2004 , pp. 259-272 More about this Journal
Abstract
This paper suggests a new security architecture for facilitating secure OSGi service platform environment. The security architecture includes 1) user authentication mechanism, 2) bundle authentication mechanism, 3) key sharing mechanism, and 4) authorization mechanism. The user authentication mechanism supplies SSO(single sign-on) functions which are useful for safe and easy user authentications. The bundle authentication mechanism utilizes both PKI-based and MAC-based digital signatures for efficiently authenticating service bundles. The key sharing mechanism, which is performed during bootstrapping phase of a service gateway, supplies a safe way for sharing secret keys that are required for authentication mechanisms. Finally, the authorization mechanism suggests distributed authorization among service providers and an operator by establishing their own security policies. The main contributions of the parer are twofold. First, we examine several security requirements of current OSGi specification when its security functions can be applied in real OSGi environments. Second, we describe the ways to resolve the problems by means of designing and implementing concrete security mechanisms.
Keywords
OSGi service platform; User authentication; Bundle authentication; Key sharing; Authorization; Security policy;
Citations & Related Records
연도 인용수 순위
  • Reference
1 OSGi, 'OSGi Service Platform - Release 3,' http://www.osgi.org, 2003.3
2 OSGi, 'RFC 36 - Secure Provisioning Data Transport using HTTP',http://www.osgi.org/, 2002
3 C. Neuman and T. Ts'o, 'Kerberos: An Authentication Service for Computer Network,' IEEE, Computer Magazine, 32(9), pp.33-38, 1994.9   DOI   ScienceOn
4 Sun Microsystems, 'The Java Tutorial - Signing JAR Files,' http://java.sun.com/docs/books/tutorial/jar/sign/signing.html, 2002
5 R. Merkle, 'Secrecy, Authentication, and Public Key Systems. Ph.D. Thesis,' Stanford University, 1979.6
6 J. Clark and J. Jacob, 'A Survey of Authentication Protocol Literature: Version 1.0,' University of York, Department of Computer Science, 1997.11
7 H. Krawczyk et al., 'IETF RFC 2104 - HMAC Keyed-Hashing for Message Authentication,' http://www.apps.ietf.org/rfc/rfc2104.html, 1997.2
8 W. Diffie and M. Hellman, 'New Directions in Cryptography,' Proc. of the AFIPS National Computer Conference, 1976.6   DOI
9 L. Kassab et al., 'Towards Formalizing the Java Security Architecture of JDK 1.2,' Proc. of the ERORICS'98, Leuven-la-Neuve, Belgium, 1998.9
10 R. Needham and M. Schroeder, 'Using Encryption for Authentication in Large Networks of Computers', Communications of the ACM, 1978.12   DOI   ScienceOn
11 S. Jajodia et al., 'A Logical Language for Expressing Authorization,' Proc. of the IEEE Symposium on Security and Privacy, Oakland, CA, 1997.5   DOI
12 M. Hauswirth et al., 'A Secure Execution Framework for Java', Proc. of the 7th ACM conference on computer and communications security (CCS 2000), pp. 43-52, Athens, Greece, 2000.11   DOI
13 P. Nikander et al., 'Distributed Policy Management for JDK 1.2,' Proc. of the 1999 Network and Distributed Systems Security Symposium, pp. 91-102, San Diego, CA, 1999.2
14 Security Technologies Inc., 'Java Cryptography Library - J/LOCK', http://www.stitec.com/product/ejlock.html
15 G. Karjoth et al., 'A Security Model for Aglets,' IEEE Internet Computing, 1(4), 1997.7   DOI   ScienceOn
16 C. Lai and L. Gong, 'User Authentication and Authorization in the Java Platform,' Proc. of the Computer Security Applications Conference, 1999.12
17 D. Harkins and D. Carrel, 'RFC 2409-The Internet Key Exchange (IKE),' 1998.11.http://www.faqs.org/rfcs/rfc2409.html
18 Sun Microsystems, 'Java Embedded Server 2.0,' http://wwws.sun.com/software/embeddedserver/index.html
19 Ericsson, 'Ericsson's E-box System - An Electronic Services Enabler', http://www.ericsson.com/about/publications/review/1999_01/files/1999015.pdf
20 M. Pistoia, et al., 'Java 2 Network Security,' Second edition, Prentice Hall, 1999
21 B. Galbraith, et al., 'Professional Web Services Security,' Wrox Press, 2002
22 R. Sandhu, et al., 'Role-Based Access Control Model,' IEEE Computer, 29(2), pp.38-47, 1996.2   DOI   ScienceOn