TY - GEN
T1 - Security of the OSGi platform
AU - Philippov, A.
AU - Gadyatskaya, O.
AU - Massacci, F.
PY - 2012
Y1 - 2012
N2 - In the last few years we have seen how increasing computational power of electronic devices triggers the functionality growth of the software that runs on them. The natural consequence is that modern software is no longer single-pieced, it becomes, instead, the composition of autonomous components that run on the shared platform. The examples of such platforms are web browsers (such as Google Chrome), smartphone and smart card operating systems (e.g., Android and Java Card), intelligent vehicle systems or smart homes (usually implemented on OSGi). On one hand, these platforms protect components by isolation, but at the same time, provide methods to share and exchange services. If the components can come from different stakeholders, how do we make sure that one's services would only be invoked by one's authorized siblings? In this PhD proposal we illustrate the problems on the example of OSGi platform. We propose to use the security-by-contract methodology (S×C) for loading time security verification to separate the security from the business logic while controlling access to applications.
AB - In the last few years we have seen how increasing computational power of electronic devices triggers the functionality growth of the software that runs on them. The natural consequence is that modern software is no longer single-pieced, it becomes, instead, the composition of autonomous components that run on the shared platform. The examples of such platforms are web browsers (such as Google Chrome), smartphone and smart card operating systems (e.g., Android and Java Card), intelligent vehicle systems or smart homes (usually implemented on OSGi). On one hand, these platforms protect components by isolation, but at the same time, provide methods to share and exchange services. If the components can come from different stakeholders, how do we make sure that one's services would only be invoked by one's authorized siblings? In this PhD proposal we illustrate the problems on the example of OSGi platform. We propose to use the security-by-contract methodology (S×C) for loading time security verification to separate the security from the business logic while controlling access to applications.
M3 - Conference contribution
T3 - CEUR Workshop Proceedings
SP - 11
EP - 16
BT - ESSoS-DS 2012 - Proceedings of the Doctoral Symposium of the International Symposium on Engineering Secure Software and Systems 2012
T2 - 1st Doctoral Symposium on Engineering Secure Software and Systems 2012, ESSoS-DS 2012
Y2 - 15 February 2012 through 15 February 2012
ER -