- Volume 10 Issue 8
DOI QR Code
Preventing Service Injection Attack on OSGi Platform
OSGi 플랫폼에서 서비스 인젝션 공격 및 대응책
- Received : 2010.05.17
- Accepted : 2010.07.13
- Published : 2010.08.28
The OSGi platform is a Java-based component platform that is being widely used from environments for the application development to enterprise software. The OSGi platform provides dynamic and transparent installation for open environments. However, it open new attacks so that many researches try to solve OSGi vulnerability. Security flaws in OSGi platform are categorized two parts: the JVM and the OSGi platform itself. We focus on vulnerability by OSGi platform itself, particularly service injection. We identify the service injection attack and suggest secure mechanisms to prevent the attack. Those mechanisms are implemented, providing a few modification to the Knopflerfish OSGi implementation and are evaluated through comparing with existing mechanisms.
Supported by : 정보통신산업진흥원
- OSGi Alliance. OSGi service platform, core specification release 4.2. release 03 2010.
- Y. Royon and S. Fr´enot. Multiservice home gateways: business model, execution environment, management infrastructure. IEEE Communications Magazine, Vol.45, No.10, pp.122-128, 2007(10). https://doi.org/10.1109/MCOM.2007.4342834
- Equinox. http://www.eclipse.org/equinox.
- P. Parrend and S. Fr'enot. Security benchmarks of OSGi platforms: toward hardened OSGi. Software: Practice and Experience, Vol.39, No.5, pp.471-499, 2009(4). https://doi.org/10.1002/spe.906
- P. Parrend, S. Frenot, Supporting the secure deployment of OSGi Bundles. First IEEE WoWMoM Workshop on Adaptive and DependAble Mission and bUsiness Critical Mobile Systems, Helsinki, Finland, 2007. https://doi.org/10.1109/WOWMOM.2007.4351681
- G. Czajkowski and L. Dayn'es. Multitasking without compromise: a virtual machine evolution. In Proceedings of the Object Oriented Programming, Systems, Languages, and Applications Conference, pages 125-138, Tampa Bay, USA, October 2001. ACM. https://doi.org/10.1145/504282.504292
- GEOFFRAY, N., THOMAS, G., MULLER, G., ET AL. I-JVM: a Java virtual machine for component isolation in OSGi. In DSN'09 (Estoril, Portugal), p.10, 2009(4). https://doi.org/10.1109/DSN.2009.5270296
- Knopflerfish OSGi - Open Source OSGi service platform. http://knopflerfish.org/
- Apache felix. http://felix.apache.org/site/ index.html
- Spring Dynamic Modules for OSGi(tm) Service Platforms http://www.springsource.org /osgi
- Howes T. The String Representation of LDAP Search Filters. IETF RFC, Network Working Group, Request for Comments: 2254, 1997
- Sun Microsystems, Inc. JAR File Specification, Sun Java Specifications, 2003.