Security-by-Contract for the OSGi platform

IRIS

The natural business model of OSGi is dynamic loading and removal of bundles or services on an OSGi platform. If bundles can come from different stakeholders, how do we make sure that one's services will only be invoked by the authorized bundles? A simple solution is to interweave functional and security logic within each bundle, but this decreases the benefits of using a common platform for service deployment and is a well-known source of errors. Our solution is to use the Security-by-Contract methodology (SxC) for loading time security verification to separate the security from the business logic while controlling access to applications. The basic idea is that each bundle has a contract embedded into its manifest, that contains details on functional requirements and permissions for access by other bundles on the platform. During bundle installation the contract is matched with the platform security policy (aggregating the contracts of the installed bundles). We illustrate the SxC met...

Security-by-Contract for the OSGi platform

Gadyatskaya, Olga;Massacci, Fabio;Philippov, Anton

2012-01-01

Abstract

The natural business model of OSGi is dynamic loading and removal of bundles or services on an OSGi platform. If bundles can come from different stakeholders, how do we make sure that one's services will only be invoked by the authorized bundles? A simple solution is to interweave functional and security logic within each bundle, but this decreases the benefits of using a common platform for service deployment and is a well-known source of errors. Our solution is to use the Security-by-Contract methodology (SxC) for loading time security verification to separate the security from the business logic while controlling access to applications. The basic idea is that each bundle has a contract embedded into its manifest, that contains details on functional requirements and permissions for access by other bundles on the platform. During bundle installation the contract is matched with the platform security policy (aggregating the contracts of the installed bundles). We illustrate the SxC met...

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno di pubblicazione (Date of publication)
	
				2012
			
	Titolo del volume (Proceedings title)
	
				Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference
			
	Autore/i del libro (Book author/s)
	
				Dimitris Gritzalis, Steven Furnell, Marianthi Theoharidou
			
	Luogo di edizione (Place of publication)
	
				Boston
			
	Casa editrice (Publisher)
	
				Springer Boston
			
	ISBN
	
				9783642304354
			
	Codice Scopus (Scopus Identifier)
	
				2-s2.0-84863936536
			
	Codice WOS (WOS identifier)
	
				WOS:000364775300030
			
	Tutti gli autori
	
						Gadyatskaya, Olga; Massacci, Fabio; Philippov, Anton
					
	Appare nelle tipologie:
	
				04.1 Saggio in atti di convegno (Paper in Proceedings)

File in questo prodotto:

Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/96587

Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni

ND

6

2

ND

social impact