Security policy enforcement in the OSGi framework using aspect-oriented programming

Proceedings - International Computer Software and Applications Conference

Volumn , Issue , 2008, Pages 1076-1082

  Phung, Phu H ^a   Sands, David ^a  

^a CHALMERS UNIVERSITY OF TECHNOLOGY   (Sweden)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMOTIVE INDUSTRY; BASIC (PROGRAMMING LANGUAGE); C (PROGRAMMING LANGUAGE); COMPUTER APPLICATIONS; COMPUTER OPERATING SYSTEMS; COMPUTER PROGRAMMING LANGUAGES; COMPUTER SOFTWARE; COMPUTERS; DECENTRALIZED CONTROL; GATEWAYS (COMPUTER NETWORKS); HISTORY; JAVA PROGRAMMING LANGUAGE; LINGUISTICS; PUBLIC POLICY; SECURITY OF DATA; SECURITY SYSTEMS; STANDARDS; VEHICLES; WORD PROCESSING;

APPLICATION LEVEL; APPLICATION-SPECIFIC; ASPECT-J; ASPECT-ORIENTED PROGRAMMING; EXTENSIBLE SYSTEMS; IT SYSTEMS; LANGUAGE-BASED SECURITY; LIFE-CYCLE; OPEN SERVICES GATEWAY INITIATIVE; OSGI FRAMEWORKS; PROGRAMMING LANGUAGES; REFERENCE MONITOR; REFERENCE MONITORS; SECURITY GUARANTEES; SECURITY POLICIES; SECURITY POLICY ENFORCEMENT; SESSION LEVELS; SOFTWARE DOWNLOADING; VEHICLE SYSTEMS;

COMPUTER SYSTEMS PROGRAMMING;

EID: 51949084798     PISSN: 07303157     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/COMPSAC.2008.149     Document Type: Conference Paper

References (26)

1. The AspectJ Project. http://www.eclipse.org/aspectj/.
2. Equinox Incubator - Aspects, http://www.eclipse.org/equinox/incubator/ aspects/.
3. Knopflerfish - Open source OSGi.http://www.knopflerfish.org/.
4. OSGi Alliance, OSGi - The Dynamic Module System for Java, http://www.osgi.org.
5. Sun Microsystems, Java Security Architecture, http://java.sun.com/j2se/1. 4.2/docs/guide/security/spec/security-specTOC.fm.html.
6. The Global System for Telematics (GST) project. http://www.gstforum.org.
7. C. Allan et al. Adding trace matching to AspectJ. Technical report, The abc Group, 2005.
8. About the OSGi Service Platform, Technical Whitepaper. http://www.osgi.org/wiki/uploads/Links/OSGiTechnicalWhitePaper.pdf, June, 2007.
9. J. P. Anderson. Computer Security technology planning study. Technical report, Deputy for Command and Management System, USA, 1972.
10. D. Brewer and M. Nash. The Chinese Wall Security Policy. Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages 206-214, 1989.
11. T. Colcombet and P. Fradet. Enforcing Trace Properties by Program Transformation. In 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 54-66, 2000.
12. J. Dehlinger and N. V. Subramanian. Architecting Secure Software Systems Using an Aspect-Oriented Approach: A Survey of Current Research. Technical report, Iowa State University, 2006.
13. R. Douence, P. Fradet, and M. Südholt. Composition, reuse and interaction analysis of stateful aspects. In Proceedings of AOSD '04, pages 141-150, USA, 2004. ACM.
14. G. Edjlali, A. Acharya, and V. Chaudhary. History-based Access Control for Mobile Code. In Proceedings of CCS '98, pages 38-48, New York, USA, 1998. ACM.
15. U. Erlingsson. The Inline Reference Monitors Approach to Security Policy Enforcement. PhD thesis, Cornell, 2004.
16. F.B.Schneider, G.Morrisett, and R.Harper. A Language-based Approach to Security. In Informatics 10 Years Back, 10 Years Ahead, LNCS 2000, pages 86-101, 2000.
17. C.-C. Huang, P.-C. Wang, and T.-W. Hou. Advanced OSGi Security Layer. In Proceedings of AINAW '07, pages 518-523, USA, 2007. IEEE Computer Society.
18. P. Hui and J. Riely. Temporal Aspects as Security Automata. In Proceedings of FOAL' 06), pages 19-28, 2006.
19. T. Keuler and Y. Kornev. A Light-weight Load-time Weaving Approach for OSGi. In Proceedings of Next Generation Aspect Oriented Middleware Workshop, in conjuction with AOSD '08, 2008.
20. G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. V. Lopes, J.-M. Loingtier, and J. Irwin. Aspect-Oriented Programming. In ECOOP, pages 220-242, 1997.
21. J. Ligatti, L. Bauer, and D. Walker. Edit Automata: Enforcement Mechanisms for Run-time Security Policies. International Journal of Information Security, 4(1-2):2-16, 2005.
22. J. A. Ligatti. Policy Enforcement via Program Monitoring. PhD thesis, Princeton University, 2006.
23. H.-Y. Lim, Y.-G. Kim, C.-J. Moon, and D.-K. Baik. Bundle Authentication and Authorization Using XML Security in the OSGi Service Platform. In Proceedings of ICIS '05, pages 502-507, Washington, DC, USA, 2005. IEEE Computer Society.
24. P. Parrend and S. Frenot. Supporting the Secure Deployment of OSGi Bundles. In Proceedings of WoWMoM 2007. IEEE Computer Society, June 2007.
25. F. B. Schneider. Enforceable security policies. ACM Trans. Inf. Syst. Secur, 3(1):30-50, 2000.
26. F. B. Schneider, D. Kozen, G. Morrisett, and A. Myers. Language-Based Security for Malicious Mobile Code. Technical report, Cornell Univ Ithaca NY, 2003.