Semantic Service Substitution in Pervasive Environments

A computing infrastructure where everything is a service offers many new system and application possibilities. Among the main challenges, however, is the issue of service substitution for the application execution in such heterogeneous environments. An application would like to continue to execute even when a service disappears, or it would like to benefit from the environment by using better services with better QoS when possible. In this article, we define a generic service model and describe the equivalence relations between services considering the functionalities they propose and their non functional QoS properties. We define semantic equivalence relations between services and equivalence degree between non functional QoS properties. Using these relations we propose semantic substitution mechanisms upon the appearance and disappearance of services that fits the application needs. We developed a prototype as a proof of concept and evaluated its efficiency over a real use case

Secure Component Deployment in the OSGi(tm) Release 4 Platform

Last years have seen a dramatic increase in the use of component platforms, not only in classical application servers, but also more and more in the domain of Embedded Systems. The OSGi(tm) platform is one of these platforms dedicated to lightweight execution environments, and one of the most prominent. However, new platforms also imply new security flaws, and a lack of both knowledge and tools for protecting the exposed systems. This technical report aims at fostering the understanding of security mechanisms in component deployment. It focuses on securing the deployment of components. It presents the cryptographic mechanisms necessary for signing OSGi(tm) bundles, as well as the detailed process of bundle signature and validation. We also present the SFelix platform, which is a secure extension to Felix OSGi(tm) framework implementation. It includes our implementation of the bundle signature process, as specified by OSGi(tm) Release 4 Security Layer. Moreover, a tool for signing and publishing bundles, SFelix JarSigner, has been developed to conveniently integrate bundle signature in the bundle deployment process

Gestion du déploiement de composants sur réseau P2P

The deployment of component-based applications relies on a centralized directory to store the components. This paper describes an approach to distribute software components to be deployed on a set of peers of a peer to peer network in order to exploit some associated characteristics (load balancing, fault-tolerance, self-organisation). The proposed architecture is situated in the context of OSGI application deployment management. The software components (bundles) are distributed among a set of nodes participating in the execution of services. When a node wants to install a component which is not deployed locally, the component is looked for and installed using a p2p network. –––––Le déploiement d'applications à composants repose sur une approche d'annuaire centralisé de stockage des composants. Cet article décrit une approche pour distribuer les composants logiciels à déployer sur un ensemble de noeuds d'un réseau pair-à-pair afin de pouvoir exploiter certaines caractéristiques associées (équilibrage de charge, tolérance de panne, auto-organisation). L'architecture proposée entre dans le cadre de la gestion du déploiement d'applications sur le modèle OSGi. Les composants logiciels (ou bundles) sont répartis à travers un ensemble de noeuds participant à l'exécution de services. Lorsqu'un noeud veut installer un composant et si celui-ci n'est pas encore déployé localement, il est recherché et installé en utilisant un réseau p2

An in-Browser Microblog Ranking Engine

International audienceMicroblogs, although extremely peculiar pieces of data, constitute a very rich source of information, which has been widely exploited recently, thanks to the liberal access Twitter offers through its API. Nevertheless, computing relevant answers to general queries is still a very challenging task. We propose a new engine, the Twittering Machine, which evaluates SQL like queries on streams of tweets, using ranking techniques computed at query time. Our algorithm is real time, it produces streams of results which are refined progressively, adaptive, the queries continuously adapt to new trends, invasive, it interacts with Twitter by suggesting relevant users to follow, and query results to publish as tweets. Moreover it works in a decentralized environment, directly in the browser on the client side, making it easy to use, and server independent

Vérification automatique pour l'exécution sécurisée de composants Java

National audienceLes plates-formes dynamiques de services permettent d'exécuter simultanément plusieurs composants fournis par des tiers. Ceci apporte une grande flexibilité dans leur utilisation, aussi bien en environnements à ressources limitées que dans le cas de serveurs d'applications. Toutefois, les implications pour la sécurité du système sont encore mal connues: quels sont les risques posés par l'exécution de composants tiers pour la plate-forme d'execution ? pour les autres composants ? Comment y remédier ? A partir d'expérimentations réalisées sur la plate-forme Java/OSGi, nous proposons une classification des vulnérabilités des platesformes dynamiques de services. Deux cas sont considérés: les vulnérabilités de la plate-forme elle-même, et les vulnérabilités des composants. Plusieurs solutions sont proposées pour résoudre ces vulnérabilités. Premièrement, le Contrôle d'accès basé Composants (CBAC, pour Component-based Access Control) permet de limiter l'accès à des méthodes dangereuses de la plate-forme ou des composants. La validation est effectuée par analyse statique de code. La configuration est entièrement déclarative, ce qui rend cette approche extensible, et adaptée pour la protection de méthodes fournies par des composants tiers. Deuxièmement, l'Analyse de Composants faibles (WCA, pour Weak Component Analysis) permet d'identifier les vulnérabilités des composants, par analyse statique de code également. CBAC et WCA exploitent la phase d'installation des composants pour réaliser les vérifications nécessaires. Seuls les composants valides sont installés. WCA peut également être utilisé lors du dévelopement pour améliorer la qualité du code

LogOS: an Automatic Logging Framework for Service-Oriented Architectures

International audienceAs multi-source, component based platforms are becoming widespread both for constrained devices and cloud computing, the need for automatic logging framework is increas- ing. Indeed, components from untrusted and possibly competing vendors are being deployed to the same runtime environments. They are also being integrated, with some components from a vendor being exposed as a service to another one. This paper presents our investigations on an automated log-based architec- ture called LogOS, focused on service interactions monitoring. We ported and experimented it on Java / OSGi to enable identification between bundle providers in cases of failures. We motivate the need for an automatic logging framework in service- oriented architectures, and discuss the requirements of such frameworks design. We present our implementation on OSGi and expose the trade-offs in doing so. We conduct some experiments and, despite a necessary and significant existing overhead due to unequivocal identification constraints, we show that it should not be a major hindrance to the adoption of automatic frameworks for most service-oriented applications. Finally, we position our approach and give some perspectives

Component-based Access Control: Secure Software Composition through Static Analysis

International audienceExtensible Component Platforms support the discovery, in- stallation, starting, uninstallation of components at runtime. Since they are often targeted at mobile resource-constraint devices, they have both strong performance and security requirements. The current security model for Java systems, Permissions, are based on call stack analysis. They proves to be very time-consuming, which makes them difficult to use in production environments. We therefore define the Component-Based Access Control (CBAC) Se- curity Model, which aims at emulating Java Permissions through static analysis at the installation phase of the components. CBAC is based on a fully declarative approach, that makes it possible to tag arbitrary meth- ods as sensitive. A formal model is defined to guarantee that a given component have sufficient access rights, and that dependencies between components are taken into account. A first implementation of the model is provided for the OSGi Platform, using the ASM library for code anal- ysis. Performance tests show that the cost of CBAC at install time is negligible, because it is executed together with digital signature which is much more costly. Moreover, contrary to Java Permissions, the CBAC security model does not imply any runtime overhead

A Survey of Unix Init Schemes

In most modern operating systems, init (as in "initialization") is the program launched by the kernel at boot time. It runs as a daemon and typically has PID 1. Init is responsible for spawning all other processes and scavenging zombies. It is also responsible for reboot and shutdown operations. This document describes existing solutions that implement the init process and/or init scripts in Unix-like systems. These solutions range from the legacy and still-in-use BSD and SystemV schemes, to recent and promising schemes from Ubuntu, Apple, Sun and independent developers. Our goal is to highlight their focus and compare their sets of features

Java Components Vulnerabilities - An Experimental Classification Targeted at the OSGi Platform

The OSGi Platform finds a growing interest in two different applications domains: embedded systems, and applications servers. However, the security properties of this platform are hardly studied, which is likely to hinder its use in production systems. This is all the more important that the dynamic aspect of OSGi-based applications, that can be extended at runtime, make them vulnerable to malicious code injection. We therefore perform a systematic audit of the OSGi platform so as to build a vulnerability catalog that intends to reference OSGi Vulnerabilities originating in the Core Specification, and in behaviors related to the use of the Java language. Standard Services are not considered. To support this audit, a Semi-formal Vulnerability Pattern is defined, that enables to uniquely characterize fundamental properties for each vulnerability, to include verbose description in the pattern, to reference known security protections, and to track the implementation status of the proof-of-concept OSGi Bundles that exploit the vulnerability. Based on the analysis of the catalog, a robust OSGi Platform is built, and recommendations are made to enhance the OSGi Specifications