Security Benchmarks of OSGi Platforms: Toward Hardened OSGi
Pierre Parrend and Stephane Frenot
Software - Practice and Experience
Abstract:
OSGi Platforms are Extensible Component Platforms, ie they support the dynamic and transparent installation of components that are provided by third party providers at runtime.
This feature makes systems built using OSGi extensible and adaptable but opens a dangerous attack vector that has not been considered as such until recently.
Performing a security benchmark of the OSGi platform is therefore necessary to gather knowledge related to the weaknesses it introduces as well as to propose enhancements.
A suitable Vulnerability Pattern is defined.
The attacks that can be performed through malicious OSGi components are identified.
Quantitative analysis is then performed so as to characterize the origin of the vulnerabilities and the target and consequences of attacks.
The assessment of the security status of the various implementations of the OSGi Platform and of existing security mechanisms is done through a metric we introduce, the Protection Rate.
Based on these benchmarks, OSGi-specific security enhancements are identified and evaluated.
First recommendations are given.
Then evaluation is performed through the Protection Rate metric and performance analysis.
Lastly, further requirements for building secure OSGi Platforms are identified.
Keywords :
Software Security Assurance, Software Vulnerabilities, Security Benchmark, OSGi Component Framework, Component Platform, Dependability
Bibtex :
@ARTICLE{parrend2008hardenedOSGi,
author = {Pierre Parrend and St\'{e}phane Fr\'{e}not},
title = {Security Benchmarks of OSGi Platforms: Toward Hardened OSGi},
journal = {Software: Practice \& Experience},
note = {Accepted for publication},
owner = {pparrend},
timestamp = {2008.09.17}
}