Secure Component Deployment in the OSGi(tm) Release 4 Platform

Last years have seen a dramatic increase in the use of component platforms, not only in classical application servers, but also more and more in the domain of Embedded Systems. The OSGi(tm) platform is one of these platforms dedicated to lightweight execution environments, and one of the most prominent. However, new platforms also imply new security flaws, and a lack of both knowledge and tools for protecting the exposed systems. This technical report aims at fostering the understanding of security mechanisms in component deployment. It focuses on securing the deployment of components. It presents the cryptographic mechanisms necessary for signing OSGi(tm) bundles, as well as the detailed process of bundle signature and validation. We also present the SFelix platform, which is a secure extension to Felix OSGi(tm) framework implementation. It includes our implementation of the bundle signature process, as specified by OSGi(tm) Release 4 Security Layer. Moreover, a tool for signing and publishing bundles, SFelix JarSigner, has been developed to conveniently integrate bundle signature in the bundle deployment process

A framework for variable content document generation with multiple actors

“NOTICE: this is the author’s version of a work that was accepted for publication in Information and Software Technology. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Information and Software Technology, Volume 56, Issue 9, September 2014, Pages 1101–1121 DOI10.1016/j.infsof.2013.12.006Context - Advances in customization have highlighted the need for tools supporting variable content document management and generation in many domains. Current tools allow the generation of highly customized documents that are variable in both content and layout. However, most frameworks are technology-oriented, and their use requires advanced skills in implementation-related tools, which means their use by end users (i.e. document designers) is severely limited. Objective - Starting from past and current trends for customized document authoring, our goal is to provide a document generation alternative in which variants are specified at a high level of abstraction and content reuse can be maximized in high variability scenarios. Method Based on our experience in Document Engineering, we identified areas in the variable content document management and generation field open to further improvement. We first classified the primary sources of variability in document composition processes and then developed a methodology, which we called DPL based on Software Product Lines principles to support document generation in high variability scenarios. Results - In order to validate the applicability of our methodology we implemented a tool DPLfw to carry out DPL processes. After using this in different scenarios, we compared our proposal with other state-of-the-art tools for variable content document management and generation. Conclusion - The DPLfw showed a good capacity for the automatic generation of variable content documents equal to or in some cases surpassing other currently available approaches. To the best of our knowledge, DPLfw is the only framework that combines variable content and document workflow facilities, easing the generation of variable content documents in which multiple actors play different roles.This work has been partially funded by the Spanish Ministerio de Economia y Competitividad under Grant TIPEx (TIN2010-19859-C03-03).Gómez Llana, A.; Penadés Gramage, MC.; Canos Cerda, JH.; Borges, MR.; Llavador Campos, M. (2014). A framework for variable content document generation with multiple actors. Information and Software Technology. 56(9):1101-1121. https://doi.org/10.1016/j.infsof.2013.12.006S1101112156

An OSGi implementation for autonomous Goal-Oriented deployment

Trabalho de Conclusão de Curso (graduação)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, 2017.Com a expansão da tecnologia de Internet das coisas, novos desafios computacionais têm surgido. Estes possuem como característica principal seu alto grau de heterogeneidade de recursos, uma vez que são compostos pelos mais variados dispositivos, os quais se utilizam de uma infraestrutura de orientação a serviços para publicarem e descobrirem funcionalidades por meio de serviços. Tendo em vista a natureza complexa de tais sistemas, torna-se necessário o uso de ambientes de gerenciamento de deployment desses recursos heterogêneos. Dentre eles, um potencial framework é o padrão OSGi, que se caracteriza por ser um framework Java para desenvolvimento e deployment de programas modulares (em bundles). Nesse trabalho, será abordada a integração do OSGi ao GoalD, uma plataforma para deployment de recursos heterogêneos conforme a abordagem orientada a objetivos, por meio da descrição detalhada da implementação de cada uma das atividades do processo de deployment autônomo, definida pelo GoalD, utilizando os conceitos e técnicas apresentados pela tecnologia OSGi.With the expansion of the Internet of Things technology, new computational challenges have risen. Their main characteristic is the high degree of resource heterogeneity, once they are composed by the most variant kinds of devices, which make use of a serviceoriented infrastructure to publish and discover functionalities through services. Seeing the complex nature of such systems, it is necessary the use of deployment management environments to handle such heterogeneous resources. Amongst them, a potential framework is the OSGi standard, which is known for being a Java framework for the development and deployment of modular applications (bundles). In this work, it will be addressed the integration of OSGi to GoalD, a platform for the deployment of heterogeneous resources that follows the goal-oriented approach, through the detailed description of the implementation of each activity of the autonomous deployment process, defined by GoalD, by using the concepts and techniques presented by the OSGi technology

MC^2S: a Mobile Component-based CrowdSensing framework

CrowdSensing often refers to sharing data collected by sensing devices with the aim of measure a phenomena of common interest. Within this thesis we will describe MC^2S, a novel Component-based framework suitable for the easy development of multiple, secure, portable, interopeable and concurrent MCS applications. The framework has been built in collaboration between University of Pisa and Trinity College Dublin, starting from September 2015. It exploits both Apache Felix implementation of OSGi framework specifications to ensure composite applications and Java environment to guarantee portability over an huge range of heterogeneous hardaware. However, even if MC^2S framework already offers several forefront capabilities, a lot of additional features may be introduced during the development of its next versions

Network Infrastructures for Highly Distributed Cloud-Computing

Software-Defined-Network (SDN) is emerging as a solid opportunity for the Network Service Providers (NSP) to reduce costs while at the same time providing better and/or new services. The possibility to flexibly manage and configure highly-available and scalable network services through data model abstractions and easy-to-consume APIs is attractive and the adoption of such technologies is gaining momentum. At the same time, NSPs are planning to innovate their infrastructures through a process of network softwarisation and programmability. The SDN paradigm aims at improving the design, configuration, maintenance and service provisioning agility of the network through a centralised software control. This can be easily achievable in local area networks, typical of data-centers, where the benefits of having programmable access to the entire network is not restricted by latency between the network devices and the SDN controller which is reasonably located in the same LAN of the data path nodes. In Wide Area Networks (WAN), instead, a centralised control plane limits the speed of responsiveness in reaction to time-constrained network events due to unavoidable latencies caused by physical distances. Moreover, an end-to-end control shall involve the participation of multiple, domain-specific, controllers: access devices, data-center fabrics and backbone networks have very different characteristics and their control-plane could hardly coexist in a single centralised entity, unless of very complex solutions which inevitably lead to software bugs, inconsistent states and performance issues. In recent years, the idea to exploit SDN for WAN infrastructures to connect multiple sites together has spread in both the scientific community and the industry. The former has produced interesting results in terms of framework proposals, complexity and performance analysis for network resource allocation schemes and open-source proof of concept prototypes targeting SDN architectures spanning multiple technological and administrative domains. On the other hand, much of the work still remains confined to the academy mainly because based on pure Openflow prototype implementation, networks emulated on a single general-purpose machine or on simulations proving algorithms effectiveness. The industry has made SDN a reality via closed-source systems, running on single administrative domain networks with little if no diversification of access and backbone devices. In this dissertation we present our contributions to the design and the implementation of SDN architectures for the control plane of WAN infrastructures. In particular, we studied and prototyped two SDN platforms to build a programmable, intent-based, control-plane suitable for the today highly distributed cloud infrastructures. Our main contributions are: (i) an holistic and architectural description of a distributed SDN control-plane for end-end QoS provisioning; we compare the legacy IntServ RSVP protocol with a novel approach for prioritising application-sensitive flows via centralised vantage points. It is based on a peer-to-peer architecture and could so be suitable for the inter-authoritative domains scenario. (ii) An open-source platform based on a two-layer hierarchy of network controllers designed to provision end-to-end connectivity in real networks composed by heterogeneous devices and links within a single authoritative domain. This platform has been integrated in CORD, an open-source project whose goal is to bring data-center economics and cloud agility to the NSP central office infrastructures, combining NFV (Network Function Virtualization), SDN and the elasticity of commodity clouds. Our platform enables the provisioning of connectivity services between multiple CORD sites, up to the customer premises. Thus our system and software contributions in SDN has been combined with a NFV infrastructure for network service automation and orchestration

An online environmental approach to service interaction management in home automation

Home automation is maturing with the increased deployment of networks and intelligent devices in the home. Along with new protocols and devices, new software services will emerge and work together releasing the full potential of networked consumer devices. Services may include home security, climate control or entertainment. With such extensive interworking the phenomenon known as service interaction, or feature interaction, appears. The problem occurs when services interfere with one another causing unexpected or undesirable outcomes. The main goal of this work is to detect undesired interactions between devices and services while allowing positive interactions between services and devices. If the interaction is negative, the approach should be able to handle it in an appropriate way. Being able to carry out interaction detection in the home poses certain challenges. Firstly, the devices and services are provided by a number of vendors and will be using a variety of protocols. Secondly, the configuration will not be fixed, the network will change as devices join and leave. Services may also change and adapt to user needs and to devices available at runtime. The developed approach is able to work with such challenges. Since the goal of the automated home is to make life simpler for the occupant, the approach should require minimal user intervention. With the above goals, an approach was developed which tackles the problem. Whereas previous approaches solving service interaction have focused on the service, the technique presented here concentrates on the devices and their surrounds, as some interactions occur through conflicting effects on the environment. The approach introduces the concept of environmental variables. A variable may be room temperature, movement or perhaps light. Drawing inspiration from the Operating Systems domain, locks are used to control access to the devices and environmental variables. Using this technique, undesirable interactions are avoided. The inclusion of the environment is a key element of this approach as many interactions can happen indirectly, through the environment. Since the configuration of a home’s devices and services is continually changing, developing an off-line solution is not practical. Therefore, an on-line approach in the form of an interaction manager has been developed. It is the manager’s role to detect interactions. The approach was shown to work successfuly. The manager was able to successfully detect interactions and prevent negative interactions from occurring. Interactions were detected at both device and service level. The approach is flexible: it is protocol independent, services are unaware of the manager, and the manager can cope with new devices and services joining the network. Further, there is little user intervention required for the approach to operate.EThOS - Electronic Theses Online ServiceGBUnited Kingdo