Premium
Security benchmarks of OSGi platforms: toward Hardened OSGi
Author(s) -
Parrend P.,
Frenot S.
Publication year - 2008
Publication title -
software: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.437
H-Index - 70
eISSN - 1097-024X
pISSN - 0038-0644
DOI - 10.1002/spe.906
Subject(s) - computer science , metric (unit) , vulnerability (computing) , benchmark (surveying) , implementation , computer security , embedded system , operating system , software engineering , engineering , operations management , geodesy , geography
OSGi platforms are extensible component platforms, i.e. they support the dynamic and transparent installation of components that are provided by third party providers at runtime. This feature makes systems built using OSGi extensible and adaptable, but opens a dangerous attack vector that has not been considered as such until recently. Performing a security benchmark of the OSGi platform is therefore necessary to gather knowledge related to the weaknesses it introduces as well as to propose enhancements. A suitable Vulnerability Pattern is defined. The attacks that can be performed through malicious OSGi components are identified. Quantitative analysis is then performed so as to characterize the origin of the vulnerabilities and the target and consequences of the attacks. The assessment of the security status of the various implementations of the OSGi platform and of existing security mechanisms is done through a metric we introduce, the Protection rate (PR). Based on these benchmarks, OSGi‐specific security enhancements are identified and evaluated. First recommendations are given. Then evaluation is performed through the PR metric and performance analysis. Lastly, further requirements for building secure OSGi platforms are identified. Copyright © 2008 John Wiley & Sons, Ltd.