SF-JarSigner, a tool for checking, signing and publishing OSGi bundles.
SF-JarSigner is compatible with the OBR 2 standard for bundle metadata description.
Secure Execution of OSGi Bundles
Security Benchmarking
The Vulnerability Catalog
All known vulnerabilities of the OSGi Platform, that originate both in the OSGi specification and in the underlying Java Virtual Machine.
Most of them therefore also exist in other Java-based platforms.
Benchmarking of Open-Source OSGi Platforms.
An evaluation of the current security state of widespread OSGi Platforms.
Hardened OSGi
Some Good Practices for implementing secured OSGi Platforms.
Security through Advanced Access Control: CBAC (Component-based Access Control).
An efficient and powerfull alternative to Java Permissions.
CBAC checks at install time wether sufficient execution rights are granted.
Benefits are: no runtime overhead; no programm abortion; declarative approach that allows to prevent the access to any method (in the Platform and the bundles) that is identified as dangerous.