This action might not be possible to undo. Are you sure you want to continue?
Kamran Talib1, 8210215359,
Tabassum Riaz2 , B S R K Kishore3, 3 8205052577 , 7903310436,
V. S P Babu4 8709291234
email@example.com, 2 firstname.lastname@example.org, 3 email@example.com, 4-
Blekinge Tekniska Hogskola, Sweden
The systematic literature review regarding the OSGi framework is done in this paper. Specifically, the security issues/challenges and their solutions have been reviewed. This systematic review has been made to take into account the research about the security challenges to the OSGi framework and the methods to face them proposed by the researchers.
2. Repeatable Process:
At first the initial questions are set which are revised and refined to make more specific and important research questions and after that the detailed discussion the final research questions are finalized.
2.1 Initial questions for research:
1. Introduction to OSGi
It„s a dynamic module system for Java™ platform . It is dynamic because it Install, start, stop, update, and uninstall bundles at run time. It includes dependency management, version handling and visibility rules of OSGi bundle and modules. The OSGi Service Platform gives functionality to Java to make Java the leading environment for software development and integration . It provides the standardized primitives to construct small, collaborative and reusable components for applications. Then these components can be composed to make a new application and deployed. In OSGi Service Platform, there is no need to restart as the composition of the devices of various networks change dynamically. The OSGi technology provides the SOA (Service-oriented architecture) that makes the components to search each other for cooperation and collaboration dynamically so that the coupling is minimized and managed. OSGi Alliance has developed and introduces different standard component interfaces for general functions like Configuration, Http Servers, security, logging, XML, user authentication and administration and much more. The adopters‟ benefit of OSGi technology are development cost is reduced because it provides the integration of pre-developed and tested modules instead of developing new applications. That‟s why, this also reduces the costs of maintenance.
What is OSGi framework? What are specifications of OSGi framework? Keywords: OSGi
2.2 Revised research questions:
How security is implemented in OSGi framework? What are the general security specifications of OSGi framework? Keywords: Security AND Implementation AND OSGi
2.3 Final research questions:
What are the security challenges to the OSGi framework and their solutions? Keywords: Security in OSGi, security challenges AND OSGi, Security Solution AND OSGi
3 Systematic Review of OSGi
3.1 Review protocol of OSGi framework
The review protocol of the OSGi framework is as follows:
The major purpose of the review protocol is to review the research already done in the field of OSGi framework from 2000 to 2008. The overview of the OSGi framework will be presented by this systematic review. It will provide the current level of the research done in OSGi framework.
3.3 Strategy for search:
The online search process will be done by the following search terms and resources;
a) Search terms:
i. OSGi ii. OSGi framework iii. Why OSGi?
7 Strategy for Data extraction: To gain the information from study followings forms of data extraction will be used. OSGi framework i) Definitions of OSGi and OSGi framework ii) Implementation of OSGi framework iii) Security Implementation in OSGi framework iv) Security issues in OSGi framework v) Challenges regarding security in OSGi framework First Selection Step IEEE ACM Springer Inspec 3. subheadings of the paper like the introduction of paper. 6. vii.8 Strategy for Data extraction and Synthesis: In the process of systematic review. 3. IEEE Xplore ACM digital library Inspec Springer 1) General Information of Research Paper: 1. viii. articles. 4. 5. 2. xvi. v. 2) Specific information of Research Paper: 1. Need of (ii) Introduction to (i) and (ii) Security in (i) Security issues AND (i) Security threats to (ii) Security threats AND (ii) Security mechanism in (ii) Authentication AND (ii) Authorization AND (ii) Access control AND (ii) Integrity of services AND (ii) Methods to secure (ii) Limitations in (vi) 3. analysis and conclusion. Research methodology i) Case study ii) Action research iii) Experiment iv) Survey v) Subjects 3. synthesis of data is done by gathering and reviewing the results gained from the included basic studies. xiii.4 Article Selection Criteria: We will focus on the general research papers. The synthesis quality is will be gained from studying and analyzing the research papers or articles. others will be excluded. Research article or paper title Name(s) of author(s) Conference/Journal/Conference Proceedings Search terms used to get the search research papers or articles Research article or paper retrieval database Publication date 3. methods/models described. xi. case studies. The whole results are stated as . 3. vi.6 Quality evaluation and processes: The research papers and articles that are selected will be assessed on the basis of the structure of the research papers or article i.5 Selection procedure: First of all we will see the title then read the abstract. xiv. b) Search resources: We used following online resources. xv. Environment of study i) Academia ii) Industrial 2.iv. Professionals i) Students ii) Selection of subjects 4. if it will be relevant to our research question then we will study its conclusion and finally the whole paper to find the specific information needed to answer the research question.. ix. 3. xii. experiments and surveys which will be related to the our research questions published from 2000 to 2008.e. x.
And the one problem with the RSA is that encryption as well as authentication of all the data being transferred among operators and the service gateways. So there is expectation that there will be poor performance when the service bundle size will be increased.al  has described another threat to the OSGi framework known as shared object attack which is the major threat to the Java card environment also. that is similar to the OSGi. Young-Gab Kim & et al  explain that the process used to authenticate the service bundles using PKI and RSH is not proper for the OSGi framework that has limited memory as well as operations. mutual authentication b/w service bundle and operator is carried on. Pierre Parrend and Stephane Frenot  have developed some tools for deploying the service bundles securely. a service bundle is transferred from the operator to the receiver in the secure way. They are agreed with the sunil & et al . The data extraction procedures will be used to gather the information from each basic study. They has proposed the solution of this threat with the help of RBAC (role-based access control). Further. Hee-Young Lim & et al  has proposed the above problem using the XML signature. As operations of public key like DSA or RSA may be performed by it and it will also check the certificate which is working with the certification authority for effectiveness. The mutual authentication provides shared key which is then used for the formation of MAC. Jongil Jenong & et al  has discussed the security concerns when web and mobile services are expanded up to home networks by using OSGi service framework. SFelix2 has implemented the validation layer of digital signature of specifications of OSGi Release 4 . who proposed an intrusion detector and facility of thread level auditing for the JVM for detecting the malicious code attack. Chi Chih houng & et. is based on the MACs (Message Authentication Code). then the MAC-based authentication is done. But it is hard to find out the security features of this life cycle especially during the deployment phase of the bundles that is generally done over the non secure networks. in which the users will be associated with the roles and then the roles are associated with the permissions. They say that java has weak security against the denial of service because when a service is authorized to use the resources allocated to it then system may hog by it if this service is not able to stop the nonstop allocation.al  explain that service of User Admin used for authorization is not adequate enough to work in open and dynamic environments like OSGi. SF-Jarisgnerl supports the security of the early life cycle deployment phase. At first. The OSGi is not capable of stopping this attack as it can‟t remove the bundle which is cached in the local disk. MAC-based service bundle has been proposed by Young-Gab Kim & et al  for authenticating the service bundles rather than RSH protocol or PKI. the movement and deployment of the service bundles is in on demand fashion. Hee-Young Lim & et al. So the policy file format should be common and standard when the policy files are referenced by the service bundles. But the problem with OSGi is that the local system makes cache of the bundle. The system can be rebooted to end denial of the service attack in general. has described that RSH protocol or the public Key Infrastructure (PKI) used for authentication of the service bundles securely are not efficient enough for the OSGi framework having a little resources because RSH and PKI require long time for the encryption/decryption process and more memory is needed for this purpose as well. They have also raised another issue that the only OSGi User-Admin specification is not enough sufficient for the management of the users and associated permissions with them. They describe that though the java presents a strong mechanism against modification of the system but there are chances of the service level attacks due to the services which are authorized and accessing the same resources and files. According to . Gail-Joon Ahn & et. so it is very difficult to build the policies without knowing in detail about the service bundle implementation. Using XML signature. Pierre Parrend and Stephane Frenot  present that the OSGi is becoming the de-facto component based middleware for the extensible soft wares. It provides the solution of the problem regarding the generation and the transmission of the policies of the access control securely to the home gateway with the help of RBAC model based on the XACML in the home network of the service OSGi framework. Chi chih houng & et.al  has presented the challenge to the security of the OSGi framework due to the java. The challenge is that how to deploy the bundles securely.according to the research questions mentioned in review protocol. Many security threats may arise in the policy files being transferred to the home gateway. with the help of its management layer for managing the life cycle of the bundles or components. They have also designed a key exchange method for sending the service bundle in safe form in the phase of the bootstrapping which is used for recognizing and starting the equipment. The mechanism of authorization in the OSGi framework is mapped and configured with the RBAC.
Young-Gab Kim. problems related inner Java security like denial of service attack.523.Phung and David  have proposed the enforcement of the policy in OSGi framework with the help of aspect oriented programming which is AspectJ. Chi-Chih Huang.org/About/Technology. We only searched the papers available in English on some research databases like ACM and IEEE Xplore etc. Page(s):23 .6. this review cannot stay away from selection bias while searching the papers relevant to the research question.29. At first. Phu H. authorization for using a service. It summarizes the security threats to the OSGi framework as well as accounts their solutions proposed by the researchers. 2007. 21-23 Oct. 18-21 June 2007  Hee-Young Lim.507. No.   Article Title Advanced OSGi Security Layer Towards Role-Based Authorization for OSGi Service Environments Supporting the Secure Deployment of OSGi Bundles Bundle authentication and authorization using XML security in the OSGi service platform A service bundle authentication mechanism in the OSGi service platform An XML-based single sign-on scheme supporting OSGi framework Security Policy Enforcement in the OSGi Framework Using AspectOriented Programming OSGi technology OSGi service platform core specification the OSGi Alliance release 4 version 4. There is also danger of the insecurity of the passwords because the password is transmitted frequently on the sites. and Stephane. SAML can be used for the exchanging of the information in the format of XML. Future Trends of Distributed Computing Systems. and Doo-Kwan Baik. 2008 Jun. " A service bundle authentication mechanism in the OSGi service platform ". 21-23 May 2007  Hongxin Hu. Computer and Information Science. In short. 2007 2005 research in this field. limitations of the PKI and RSH protocol etc. http://www. small number of research papers relevant to our research question were found. 2005 Aug. and TingWei Hou. “Towards Role-Based Authorization for OSGi Service Environments ". but it has some limitations also. Gail-Joon Ahn. Chang-Joo Moon. IEEE International Symposium. Mobile and Multimedia Networks. and Jing Jin. No. World of Wireless. 2005  Young-Gab Kim. There is still need of . Parrend. OASIS  has recommended the SAML for the purpose of single sign-on. FTDCS '08. Dae-Ha Park. 12th IEEE International Workshop. " Bundle authentication and authorization using XML security in the OSGi service platform ". and Doo-Kwon Baik. It is necessary for the user to remember his user name and the password for every service. Secondly.1 Date of Publish May 2007 Oct. 2008 7 8 9    2008 2008 4 Systematic Review Limitations: Though the systematic review has helped us to summarize the present status of the research regarding to our research question. and administer has to manage the passwords present in the database. Advanced Information Networking and Applications Workshops. last visited 12 April 2009  Pang-Chieh Wang.them the core security issue is that security architecture has distributed nature and there is need of building of the main security characteristics the whole system parts. The major challenges were related to bundle authentication. which provides the facility of authentication of the user only once for using the various services. 1 2 Ref. AINAW '07. WoWMoM 2007. Pierre. 5 Conclusion: The systematic review describes the work done in the field of security of the OSGi service framework. The solution to the above problem as recommended by Jong Jenong & et al  is SS0 (Single sign-on). 6 References:  OSGi Alliance|about/OSGi Technology.OSGi. Chang-Joo Moon. 2008. 21st International Conference on Volume 2 Page(s):518 . Fourth Annual ACIS International Conference. Advanced Information Networking 3  4  2004 5  6  Jan. “Supporting the Secure Deployment of OSGi Bundles". 2005. the systematic review has helped us to search the papers which focus on our research question for finding the challenges to OSGi service framework and their possible solutions. Page(s):502 . Page(s):1 . 2008  Frenot. “Advanced OSGi Security Layer ". 2007.
Page(s):1076 . Computer Software and Applications. Page(s):31 . 2004. AINA 2004. P.  OSGi Alliance|about/OSGi service plateform core specification. D.1082. and Phung. last visited 12 April 2009 . http://www. Soman S. 2003.org. “Security Policy Enforcement in the OSGi Framework Using Aspect-Oriented Programming ". ICCE.  Sands. July 28 2008-Aug. 2005.org/About/Technology. " An XML-based single sign-on scheme supporting OSGi framework ". http://www. and Vigna G. last visited 16 April 2009. Consumer Electronics.and Applications. 2005 Digest of Technical Papers. COMPSAC '08.32.OSGi. and Dongil Shin. “Detecting Malicious Java Code Using Virtual Machine Auditing. 32nd Annual IEEE International. Jongil Jeong. 1 2008  Krintz C.oasisopen. 18th International Conference Volume Page(s):420 425 1.” 12th USENIX Security Symposium. 8-12 Jan. 2008.H. 2005  “OASIS security services”. 2004  Dongkyoo Shin. International Conference.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.