A toolbox for statical analysis and transformation of OSGi bundles

639 views

Published on

Nowadays, OSGi is becoming more and more popular in Java world. Consequently, the quantity of available bundles is increasing rapidly, and the means to verify and assess security guaranties about these artifacts are lacking. In the context of opening its platforms to third party applications, Orange is seeking the necessary mechanisms and tools that could be used in order to ensure platforms' protection and robustness. We propose a platform that offers several services that enable statical analysis and transformation of OSGi bundles. The services range from simple ones, like for instance a service for analyzing bundles' manifests, to more complex ones that allow byte-code inspection and transformation. The platform is itself built on OSGi for modularity and extensibility. We further demonstrate the usefulness of our approach by instrumenting an instance of the Eclipse IDE in order to monitor thread creation and CPU consumption per bundle.

Radu Kopetz, Technical Architect - Orange Labs

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
639
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

A toolbox for statical analysis and transformation of OSGi bundles

  1. 1. A toolbox for statical analysis andtransformation of OSGi bundles Radu Kopetz – Orange Labs radu.kopetz @orange.com OSGi Users’ Group France Meeting 25/11/2011
  2. 2. motivations Source: http://www.drm-x.com/
  3. 3. why OSGi ?• ease of development• rich, mature ecosystem• modularity• isolation and security guaranties
  4. 4. chalenges• platforms’ security and availability• preserved QoS• malicious comportement can be both intended or unintended
  5. 5. security in OSGi• based on Java 2 security – Conditional Permission Admin
  6. 6. security in OSGi• based on Java 2 security – Conditional Permission Admin• adds namespace isolation mechanism between bundles
  7. 7. security in OSGi• based on Java 2 security – Conditional Permission Admin• adds namespace isolation mechanism between bundles• but …
  8. 8. security flaws in OSGi• originate in OSGi platform – infinite loop / thread hanging in bundle activator – huge manifest file or import statements – decompression bomb
  9. 9. security flaws in OSGi• originate in OSGi platform – infinite loop / thread hanging in bundle activator – huge manifest file or import statements – decompression bomb• originate in JVM shortcomings: not designed for multi-application systems – memory load injection – exponential thread creation – infinite loops
  10. 10. possible approach (automated) analysisbundle
  11. 11. possible approach (automated) analysisbundle bundle deploy !
  12. 12. possible approach (automated) analysisbundle bundle deploy !bundle
  13. 13. possible approach (automated) analysis bundle bundle deploy ! bundleStatical Analysis andTransformation
  14. 14. possible approach (automated) analysis bundle bundle deploy ! bundleStatical Analysis and Simulation ?Transformation
  15. 15. possible approach (automated) analysis bundle bundle deploy ! bundleStatical Analysis and Simulation ? ?Transformation
  16. 16. possible approach (automated) analysis bundle bundle deploy ! bundleStatical Analysis and Simulation ? ?Transformation
  17. 17. global idea• a set of generic tools (services)
  18. 18. global idea• a set of generic tools (services)• that can be composed to get complex checkings and transformations on bundles
  19. 19. architecture bundle bundlebundle bundle bundle bundle OSGi
  20. 20. architecture bundle bundle bundle bundle bundle bundle OSGigeneric (base) services
  21. 21. architecture more complex, business - specific services bundle bundle bundle bundle bundle bundle OSGigeneric (base) services
  22. 22. generic servicesjars• decompress• compress• estimate size• class bytes
  23. 23. generic servicesjars• decompress• compress• estimate size• class bytesmetadata• manifest contents• DS / iPOJO components
  24. 24. generic servicesjars bytecode• decompress • method call search• compress • class related information• estimate size • method instrumentation• class bytesmetadata• manifest contents• DS / iPOJO components
  25. 25. generic servicesjars bytecode• decompress • method call search• compress • class related information• estimate size • method instrumentation• class bytesmetadata graphs• manifest contents • construction• DS / iPOJO components • analysis (strongly connected components)
  26. 26. business - specific services• remove double imports
  27. 27. business - specific services• remove double imports• detect inappropriate method calls – Runtime.getRuntime.halt() – System.exit()
  28. 28. business - specific services• remove double imports• detect inappropriate method calls – Runtime.getRuntime.halt() – System.exit()• cycles between services
  29. 29. business - specific services• remove double imports• detect inappropriate method calls – Runtime.getRuntime.halt() – System.exit()• cycles between services• associate CPU consumption & Threads with bundles
  30. 30. DÉMO
  31. 31. how it was done• unjar• parse the manifest• retrieve the Activator / DS components bytes• instrument the bytecode• remove digital signature• jar
  32. 32. how it was done• unjar• parse the manifest• retrieve the Activator / DS components bytes• instrument the bytecode• remove digital signature• jar=> used almost all of our basic services
  33. 33. bytecode instrumentationclass MyActivator implements BundleActivator { … public void start( BundleContext context) throws Exception { // method body } …}
  34. 34. bytecode instrumentation public void renamed_start(BundleContext context) throws Exception { // method body }class MyActivator implements BundleActivator { … public void start( BundleContext context) throws Exception { // method body } …}
  35. 35. bytecode instrumentation public void renamed_start(BundleContext context) throws Exception { // method body }class MyActivator implements BundleActivator { public void start(BundleContext context) … throws Exception { … // get bundleName from manifest public void start( BundleContext context) ThreadGroup tg = new throws Exception { ThreadGroup(bundleName+"_TGroup"); // method body ThreadGroup oldTg = Thread.currentThread().getThreadGroup() } ; … …// modify the thread group of} …// current thread renamed_start(context); …// restore the thread group }
  36. 36. conclusion• some tools for statical analysis & transformation of bundles• complete solution: statical analysis + modified OSGi framework + modified JVM• nice to have: public repository with LOTs of bundles offering generic analysis services
  37. 37. thank you ! questions ?
  38. 38. public void start(final BundleContext context) throwsException { Dictionary manifProps =context.getBundle().getHeaders(); String bundleName = manifProps.get("Bundle-Name").toString(); ThreadGroup tg = newThreadGroup(bundleName+"_ThreadGroup"); ThreadGroup oldTg =Thread.currentThread().getThreadGroup(); Field groupField =Thread.class.getDeclaredField("group"); groupField.setAccessible(true); groupField.set(Thread.currentThread(),tg); orange___start(context); groupField.set(Thread.currentThread(), oldTg); groupField.setAccessible(false); }

×