Last years have seen a dramatic increase in the use of component platforms,not only in classical application servers, but also more and more in the domainof Embedded Systems. The OSGi(tm) platform is one of these platforms dedicatedto lightweight execution environments, and one of the most prominent. However,new platforms also imply new security flaws, and a lack of both knowledge andtools for protecting the exposed systems. This technical report aims atfostering the understanding of security mechanisms in component deployment. Itfocuses on securing the deployment of components. It presents the cryptographicmechanisms necessary for signing OSGi(tm) bundles, as well as the detailedprocess of bundle signature and validation. We also present the SFelixplatform, which is a secure extension to Felix OSGi(tm) frameworkimplementation. It includes our implementation of the bundle signature process,as specified by OSGi(tm) Release 4 Security Layer. Moreover, a tool for signingand publishing bundles, SFelix JarSigner, has been developed to convenientlyintegrate bundle signature in the bundle deployment process.
展开▼
