Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CORBA design patterns
Inside Java 2 platform security architecture, API design, and implementation
Inside Java 2 platform security architecture, API design, and implementation
Effective Java programming language guide
Effective Java programming language guide
Java Virtual Machine Specification
Java Virtual Machine Specification
Security and Dynamic Class Loading in Java: A Formalization
ICCL '98 Proceedings of the 1998 International Conference on Computer Languages
Java Security: From HotJava to Netscape and Beyond
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
How to Systematically Classify Computer Security Intrusions
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
Java Puzzlers: Traps, Pitfalls, and Corner Cases
Java Puzzlers: Traps, Pitfalls, and Corner Cases
Computer Security in the 21st Century
Computer Security in the 21st Century
Failure classification and analysis of the Java Virtual Machine
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Programming Mobile Devices: An Introduction for Practitioners
Programming Mobile Devices: An Introduction for Practitioners
ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 02
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
The Concept of Coverage and Its Effect on the Reliability Model of a Repairable System
IEEE Transactions on Computers
A resource management interface for the Java™ platform
A resource management interface for the Java™ platform
A survey on approaches for addressing dependability attributes in the OSGi service platform
ACM SIGSOFT Software Engineering Notes
Liability in software engineering: overview of the LISE approach and illustration on a case study
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Liability issues in software engineering: the use of formal methods to reduce legal uncertainties
Communications of the ACM
Flexible authorization in home network environments
Cluster Computing
Benchmarking cloud security level agreements using quantitative policy trees
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Various Extensions for the Ambient OSGi Framework
International Journal of Adaptive, Resilient and Autonomic Systems
| Hi-index | 0.02 |
OSGi platforms are extensible component platforms, i.e. they support the dynamic and transparent installation of components that are provided by third party providers at runtime. This feature makes systems built using OSGi extensible and adaptable, but opens a dangerous attack vector that has not been considered as such until recently. Performing a security benchmark of the OSGi platform is therefore necessary to gather knowledge related to the weaknesses it introduces as well as to propose enhancements. A suitable Vulnerability Pattern is defined. The attacks that can be performed through malicious OSGi components are identified. Quantitative analysis is then performed so as to characterize the origin of the vulnerabilities and the target and consequences of the attacks. The assessment of the security status of the various implementations of the OSGi platform and of existing security mechanisms is done through a metric we introduce, the Protection rate (PR). Based on these benchmarks, OSGi-specific security enhancements are identified and evaluated. First recommendations are given. Then evaluation is performed through the PR metric and performance analysis. Lastly, further requirements for building secure OSGi platforms are identified. Copyright © 2008 John Wiley & Sons, Ltd.