Supporting the secure Deployment of OSGi Bundles

Jun 18, 2007 - [email protected]. Lab. CITI, 21, Avenue J. Capelle. 69621 Vileurbanne Cedex ... their code. ○. Execution environments are often resource-restricted devices .... Untrusted Network. – Trusted Platform Issuer.
Télécharger le PDF
338KB taille 1 téléchargements 346 vues
commentaire
Report
Supporting the secure Deployment of OSGi Bundles

Pierre Parrend, Stéphane Frénot [email protected] Lab. CITI, 21, Avenue J. Capelle 69621 Vileurbanne Cedex

Context ●

The OSGi Platform –

Extensible at runtime ● ●



A versatile Platform ● ● ●



Based on Java Components are called 'bundles' IBM Websphere 6.1, JBoss Home Set top Boxes (ADSL Modems), Automotive Media Systems Soon in the Sun JVM ? JSR 277, 291

A new Attack Vector ●

06/18/2007

Seemless install code from the environment

Secure Deployment of OSGi Bundles

2

The problem ●

OSGi Security –

How to make actual code secure ●



Requires a very pragmatic view ●





Formal approaches is not relevant Java Developpers usually do not accept to put (too much) constraints on their code Execution environments are often resource-restricted devices

Boom on Functionalities ●

06/18/2007

Need a strong secure environment

Secure Deployment of OSGi Bundles

3

This Work ● ●

Identification of the threats over OSGi Platforms A convenient tool for supporting life-cycle long security in OSGi-based Systems – – – –



Bundle Signature Publication (Download) Signature Verification – OSGi R4 compliant

Objective – –

Provide tools for OSGi users Provide a Spec-compliant basis to support further research

06/18/2007

Secure Deployment of OSGi Bundles

4

Summary ● ●

OSGi Platforms and Threats Secure OSGi Tool Suite – –



SFelix SF-JarSigner

Comparisons

06/18/2007

Secure Deployment of OSGi Bundles

5

OSGi Platforms and Threats ●

Overview of the OSGi Platform

06/18/2007

Secure Deployment of OSGi Bundles

6

OSGi Platforms and Threats

06/18/2007

Secure Deployment of OSGi Bundles

7

OSGi Platforms and Threats ●

Attack Vector - Execution of Malicious Code

06/18/2007

Secure Deployment of OSGi Bundles

8

Summary ● ●

Threats over OSGi Platforms Secure OSGi Tool Suite – –



SFelix SF-JarSigner

Comparisons

06/18/2007

Secure Deployment of OSGi Bundles

9

Secure OSGI Tool Suite ●

Overview

06/18/2007

Secure Deployment of OSGi Bundles

10

Secure OSGI Tool Suite ●

Sfelix – –

http://sfelix.gforge.inria.fr/ Sfelix v0.1 ● ●



OSGi Release 4 Implementation of the Bundle Signature Validation Process Beware of JVM-only solutions !

Sfelix v0.2 ● ●

06/18/2007

Robust against ill-coded Bundles In a near future – still need to be published

Secure Deployment of OSGi Bundles

11

Secure OSGI Tool Suite ●

Sfelix

06/18/2007

Secure Deployment of OSGi Bundles

12

Secure Deployment ●

The SF-JarSigner Tools – –

http://sf-jarsigner.gforge.inria.fr/ The Archive Analysis Panel

06/18/2007

Secure Deployment of OSGi Bundles

13

Secure Deployment ●

The SF-JarSigner Tools –

The BundleRepository Management Panel

06/18/2007

Secure Deployment of OSGi Bundles

14

Secure Deployment ●

The SF-JarSigner Tools –

The Publication Panel

06/18/2007

Secure Deployment of OSGi Bundles

15

Summary ● ●

Threats over OSGi Platforms Secure OSGi Tool Suite – –



SFelix SF-JarSigner

Comparisons

06/18/2007

Secure Deployment of OSGi Bundles

16

Digital Signature Validation ●

Validity Criteria

06/18/2007

Secure Deployment of OSGi Bundles

17

Perspectives Secure Deployment ●

Key Management with Identity Based Cryptography

06/18/2007

Secure Deployment of OSGi Bundles

18

Perspectives Safe execution ●

What if a Bundle Issuer provides ill-tested Code ? – – –



The whole system is impacted What are OSGi Weaknesses To be released very soon

What guarantees on OSGi Code ? – – –

Code Validation for better code (e.g. Findbugs) Formal Code Analysis (e.g. PCC) Sandboxing (e.g. Java Permissions)

06/18/2007

Secure Deployment of OSGi Bundles

19

Conclusions ●

Current Threat Model for OSGi – – – –



Untrusted Network Trusted Platform Issuer Trusted Bundle Issuer Trusted Host

Future Threat Model – – – –

Untrusted Network Trusted Platform Issuer Untrusted Bundle Issuer ?? Untrusted Host ??

06/18/2007

Secure Deployment of OSGi Bundles

20

Questions ? For more informations Secure Component Deployment in the OSGi(tm) Release 4 Platform , http://www.rzo.free.fr/parrend06deployment.php http://sfelix.gforge.inria.fr/ http://sf-jarsigner.gforge.inria.fr/

06/18/2007

Secure Deployment of OSGi Bundles

21



OSGi Signed Bundle

06/18/2007

Secure Deployment of OSGi Bundles

22



Signing OSGi Bundles

06/18/2007

Secure Deployment of OSGi Bundles

23



OSGi Bundles Signature Verification

06/18/2007

Secure Deployment of OSGi Bundles

24