Security-by-Contract for the OSGi Platform

Gadyatskaya, Olga; Massacci, Fabio; Philippov, Anton

doi:10.1007/978-3-642-30436-1_30

Cited by 5 publications

(6 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Means for ensuring OSGi compatibility of bundles realized by using an advanced versioning system for OSGi bundles based on their type information is studied in [4]. Aspects on formal security models for OSGi have been studied in [15].…”

Section: Related Workmentioning

confidence: 99%

Towards a Framework for Behavioral Specifications of OSGi Components

Blech

2013

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

We present work on behavioral specifications of OSGi components. Our behavioral specifications are based on finite automata like formalisms. Behavioral specifications can be used to find appropriate components to interact with, detect incompatibilities between communication protocols of components and potential problems resulting from the interplay of non-deterministic component specifications. These operations can be carried out during development and at runtime of a system. Furthermore, we describe work carried out using the Eclipse based implementation of our framework

show abstract

Section: Related Workmentioning

confidence: 99%

Towards a Framework for Behavioral Specifications of OSGi Components

Blech

2013

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

show abstract

“…Another approach that exploits application contracts to monitor the behavior of mobile applications is given by the security‐by‐contract framework . This framework has been extended and applied in several ways and in different scenarios . Differently from PICARD, the security‐by‐contract framework does not perform intrusion and malware detection but matches the application behavior with a security policy.…”

Section: Related Workmentioning

confidence: 99%

Detection of repackaged mobile applications through a collaborative approach

Aldini

Martinelli

Saracino

et al. 2014

Concurrency and Computation

View full text Add to dashboard Cite

Repackaged applications are based on genuine applications, but they subtlety include some modifications. In particular, trojanized applications are one of the most dangerous threats for smartphones. Malware code may be hidden inside applications to access private data or to leak user credit. In this paper, we propose a contract-based approach to detect such repackaged applications, where a contract specifies the set of legal actions that can be performed by an application. Current methods to generate contracts lack information from real usage scenarios, thus being inaccurate and too coarse-grained. This may result either in generating too many false positives or in missing misbehaviors when verifying the compliance between the application and the contract. In the proposed framework, application contracts are generated dynamically by a central server merging execution traces collected and shared continuously by collaborative users executing the application. More precisely, quantitative information extracted from execution traces is used to define a contract describing the expected application behavior, which is deployed to the cooperating users. Then, every user can use the received contract to check whether the related application is either genuine or repackaged. Such a verification is based on an enforcement mechanism that monitors the application execution at run-time and compares it against the contract through statistical tests

show abstract

“…The Security-by-Contract methodology has also been proposed to deal with OSGi security issues in (Gadyatskaya, Massacci, & Philippov, 2012), where the authors consider the case of an OSGi platform applying a local security policy. Under these assumptions, they can apply the Securityby-Contract framework with minor modifications.…”

Section: Monitoringmentioning

confidence: 99%

“…Since their proposal does not consider the necessity of handling mobile code, it does not apply to our assumptions. However, our service platform definition is compliant with the security components presented in (Gadyatskaya, Massacci, & Philippov, 2012), and they can be included in our model. The next section presents the security assessments under different Web service paradigms.…”

Section: Monitoringmentioning

confidence: 99%

Mitigating Security Risks in Web Service Invocations

Costa

Mandati

Martinelli

et al. 2014

Advances in Systems Analysis, Software Engineering, and High Performance Computing

View full text Add to dashboard Cite

The pervasiveness of Web services increases the necessity for consumers to access and use them in a secure way. Besides secure communications, consumer security also involves providing strong guarantees that a requested security policy is satisfied. Needless to say, remote services are adverse to most techniques of analysis and control that usually require direct access to either the implementation or the execution. In this chapter, the authors classify service execution paradigms and provide a characterization of the security threats that may affect a Web service infrastructure depending on the elements composing it. In particular, the authors provide a discussion of the threat models for several different Web service paradigms involving service consumers, providers, and platforms, and illustrate how and when contract-based security approaches and its variants can be applied for mitigating risks in service integrations in the identified paradigms.

show abstract

Security-by-Contract for the OSGi Platform

Cited by 5 publications

References 8 publications

Towards a Framework for Behavioral Specifications of OSGi Components

Towards a Framework for Behavioral Specifications of OSGi Components

Detection of repackaged mobile applications through a collaborative approach

Mitigating Security Risks in Web Service Invocations

Contact Info

Product

Resources

About