The OSGi framework redefines modularity of Java by introducing bundles: JARs enhanced with some meta-information. Bundles can run services, which can be consumed by other bundles. Bundles run on top of a single JVM and they can be redeployed seemlessly for other bundles.
Today OSGi is everywhere - in smart homes, vehicles, Eclipse IDE, service platforms, etc.
What OSGi specs lack is flexible security. The open service platform use case promotes third-party bundles to be deployed on the platform. The bundle providers, if they want to regulate, how and by whom their bundles can be accessed, require currently to negotiate the security policies individually with the platform owner. The providers can redeploy the bundles, but they cannot redeploy the security policy unless re-negotiating with the platform owner.
What we propose is a simple permission-based security framework that relies on the Security-by-Contract scheme. The intuitive workflow is below.
This SxC framework can be implemented as a bundle. We are currently working on the implementation and extension of this framework to cover more security properties in the contract and to extract automatically some of the interesting bundle behavior directly from the bytecode.
We have worked together with engineers from Telefonica to elaborate the example that validates our proposal and evaluate the idea.
You can find more details in the technical report TR-DISI-12-002.pdf.
A shorter version of this report and the results of the evaluation by Telefonica are outlined in the paper ''Security-by-Contract for the OSGi platform'' accepted to IFIP International Information Security and Privacy Conference 2012 (SEC-2012). ( .pdf)