DOI QR코드

DOI QR Code

Preventing Service Injection Attack on OSGi Platform

OSGi 플랫폼에서 서비스 인젝션 공격 및 대응책

  • 김인태 (인하대학교 정보공학과) ;
  • 정경용 (상지대학교 컴퓨터정보공학부) ;
  • 임기욱 (선문대학교 컴퓨터정보학부) ;
  • 이정현 (인하대학교 정보공학과)
  • Received : 2010.05.17
  • Accepted : 2010.07.13
  • Published : 2010.08.28

Abstract

The OSGi platform is a Java-based component platform that is being widely used from environments for the application development to enterprise software. The OSGi platform provides dynamic and transparent installation for open environments. However, it open new attacks so that many researches try to solve OSGi vulnerability. Security flaws in OSGi platform are categorized two parts: the JVM and the OSGi platform itself. We focus on vulnerability by OSGi platform itself, particularly service injection. We identify the service injection attack and suggest secure mechanisms to prevent the attack. Those mechanisms are implemented, providing a few modification to the Knopflerfish OSGi implementation and are evaluated through comparing with existing mechanisms.

Keywords

OSGi;Service injection;Security

Acknowledgement

Supported by : 정보통신산업진흥원

References

  1. OSGi Alliance. OSGi service platform, core specification release 4.2. release 03 2010.
  2. Y. Royon and S. Fr´enot. Multiservice home gateways: business model, execution environment, management infrastructure. IEEE Communications Magazine, Vol.45, No.10, pp.122-128, 2007(10). https://doi.org/10.1109/MCOM.2007.4342834
  3. Equinox. http://www.eclipse.org/equinox.
  4. P. Parrend and S. Fr'enot. Security benchmarks of OSGi platforms: toward hardened OSGi. Software: Practice and Experience, Vol.39, No.5, pp.471-499, 2009(4). https://doi.org/10.1002/spe.906
  5. P. Parrend, S. Frenot, Supporting the secure deployment of OSGi Bundles. First IEEE WoWMoM Workshop on Adaptive and DependAble Mission and bUsiness Critical Mobile Systems, Helsinki, Finland, 2007. https://doi.org/10.1109/WOWMOM.2007.4351681
  6. G. Czajkowski and L. Dayn'es. Multitasking without compromise: a virtual machine evolution. In Proceedings of the Object Oriented Programming, Systems, Languages, and Applications Conference, pages 125-138, Tampa Bay, USA, October 2001. ACM. https://doi.org/10.1145/504282.504292
  7. GEOFFRAY, N., THOMAS, G., MULLER, G., ET AL. I-JVM: a Java virtual machine for component isolation in OSGi. In DSN'09 (Estoril, Portugal), p.10, 2009(4). https://doi.org/10.1109/DSN.2009.5270296
  8. Knopflerfish OSGi - Open Source OSGi service platform. http://knopflerfish.org/
  9. Apache felix. http://felix.apache.org/site/ index.html
  10. Spring Dynamic Modules for OSGi(tm) Service Platforms http://www.springsource.org /osgi
  11. Howes T. The String Representation of LDAP Search Filters. IETF RFC, Network Working Group, Request for Comments: 2254, 1997
  12. Sun Microsystems, Inc. JAR File Specification, Sun Java Specifications, 2003.