Security-by-Contract for the OSGi Platform

  • Olga Gadyatskaya
  • Fabio Massacci
  • Anton Philippov
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 376)


The natural business model of OSGi is dynamic loading and removal of bundles or services on an OSGi platform. If bundles can come from different stakeholders, how do we make sure that one’s services will only be invoked by the authorized bundles? A simple solution is to interweave functional and security logic within each bundle, but this decreases the benefits of using a common platform for service deployment and is a well-known source of errors. Our solution is to use the Security-by-Contract methodology (SxC) for loading time security verification to separate the security from the business logic while controlling access to applications. The basic idea is that each bundle has a contract embedded into its manifest, that contains details on functional requirements and permissions for access by other bundles on the platform. During bundle installation the contract is matched with the platform security policy (aggregating the contracts of the installed bundles). We illustrate the SxC methodology on a concrete case study for home gateways and discuss how it can help to overcome the OSGi security management shortcomings.


Functional Requirement Security Policy Smart Home Service Interface Open Service Gateway Initiative 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    The OSGi Alliance. OSGi service platform core specification. Version 4.3 (2011)Google Scholar
  2. 2.
    Belimpasakis, P., Michael, M., Moloney, S.: The home as a content provider for mash-ups with external services. In: CCNC 2009, pp. 1–5 (2009)Google Scholar
  3. 3.
    Bielova, N., Dragoni, N., Massacci, F., Naliuka, K., Siahaan, I.: Matching in security-by-contract for mobile code. Journal of Logic and Algebraic Programming 78(5), 340–358 (2009)zbMATHCrossRefGoogle Scholar
  4. 4.
    Capelastegui, P., Gadyatskaya, O., Massacci, F., Philippov, A.: Security-by-Contract for the OSGi framework. Technical Report DISI-12-002, DISI, University of Trento, Italy,
  5. 5.
    Dragoni, N., Lostal, E., Gadyatskaya, O., Massacci, F., Paci, F.: A load time Policy Checker for open multi-application smart cards. In: Proc. of POLICY 2011, pp. 153–156 (2011)Google Scholar
  6. 6.
    Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: CCS 2009, pp. 235–245. ACM, New York (2009)CrossRefGoogle Scholar
  7. 7.
    Nauman, M., Khan, S.: Design and Implementation of a Fine-grained Resource Usage Model for the Android Platform. In: IJAIT (2010)Google Scholar
  8. 8.
    Ngu, A., Carlson, M., Sheng, Q., Paik, H.: Semantic-based mashup of composite applications. IEEE Tran. on Services Computing 99, 2–15 (2010)CrossRefGoogle Scholar
  9. 9.
    Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. In: Proceedings of ACSAC 2009, pp. 340–349 (2009)Google Scholar
  10. 10.
    Parrend, P., Frénot, S.: Component-Based Access Control: Secure Software Composition through Static Analysis. In: Pautasso, C., Tanter, É. (eds.) SC 2008. LNCS, vol. 4954, pp. 68–83. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Phung, P., Sands, D.: Security policy enforcement in the OSGi framework using aspect-oriented programming. In: COMPSAC 2008, pp. 1076–1082 (2008)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Olga Gadyatskaya
    • 1
  • Fabio Massacci
    • 1
  • Anton Philippov
    • 1
  1. 1.DISIUniversity of TrentoItaly

Personalised recommendations