Security Benchmarks Of Osgi Platforms: Toward Hardened Osgi

摘要

OSGi platforms are extensible component platforms, i.e. they support the dynamic and transparent installation of components that are provided by third party providers at runtime. This feature makes systems built using OSGi extensible and adaptable, but opens a dangerous attack vector that has not been considered as such until recently. Performing a security benchmark of the OSGi platform is therefore necessary to gather knowledge related to the weaknesses it introduces as well as to propose enhancements. A suitable Vulnerability Pattern is defined. The attacks that can be performed through malicious OSGi components are identified. Quantitative analysis is then performed so as to characterize the origin of the vulnerabilities and the target and consequences of the attacks. The assessment of the security status of the various implementations of the OSGi platform and of existing security mechanisms is done through a metric we introduce, the Protection rate (PR). Based on these benchmarks, OSGi-speciflc security enhancements are identified and evaluated. First recommendations are given. Then evaluation is performed through the PR metric and performance analysis. Lastly, further requirements for building secure OSGi platforms are identified.