SlideShare a Scribd company logo

A toolbox for statical analysis and transformation of OSGi bundles

OSGi User Group France
OSGi User Group France

Nowadays, OSGi is becoming more and more popular in Java world. Consequently, the quantity of available bundles is increasing rapidly, and the means to verify and assess security guaranties about these artifacts are lacking. In the context of opening its platforms to third party applications, Orange is seeking the necessary mechanisms and tools that could be used in order to ensure platforms' protection and robustness. We propose a platform that offers several services that enable statical analysis and transformation of OSGi bundles. The services range from simple ones, like for instance a service for analyzing bundles' manifests, to more complex ones that allow byte-code inspection and transformation. The platform is itself built on OSGi for modularity and extensibility. We further demonstrate the usefulness of our approach by instrumenting an instance of the Eclipse IDE in order to monitor thread creation and CPU consumption per bundle. Radu Kopetz, Technical Architect - Orange Labs

Technology
1 of 38
Download to read offline
A toolbox for statical analysis and transformation of OSGi bundles Radu Kopetz – Orange Labs radu.kopetz @orange.com OSGi Users’ Group France Meeting 25/11/2011
motivations Source: http://www.drm-x.com/
why OSGi ? • ease of development • rich, mature ecosystem • modularity • isolation and security guaranties
chalenges • platforms’ security and availability • preserved QoS • malicious comportement can be both intended or unintended
security in OSGi • based on Java 2 security – Conditional Permission Admin
security in OSGi • based on Java 2 security – Conditional Permission Admin • adds namespace isolation mechanism between bundles
security in OSGi • based on Java 2 security – Conditional Permission Admin • adds namespace isolation mechanism between bundles • but …
security flaws in OSGi • originate in OSGi platform – infinite loop / thread hanging in bundle activator – huge manifest file or import statements – decompression bomb
security flaws in OSGi • originate in OSGi platform – infinite loop / thread hanging in bundle activator – huge manifest file or import statements – decompression bomb • originate in JVM shortcomings: not designed for multi-application systems – memory load injection – exponential thread creation – infinite loops
possible approach (automated) analysis bundle
possible approach (automated) analysis bundle bundle deploy !
possible approach (automated) analysis bundle bundle deploy ! bundle
possible approach (automated) analysis bundle bundle deploy ! bundle Statical Analysis and Transformation
possible approach (automated) analysis bundle bundle deploy ! bundle Statical Analysis and Simulation ? Transformation
possible approach (automated) analysis bundle bundle deploy ! bundle Statical Analysis and Simulation ? ? Transformation
possible approach (automated) analysis bundle bundle deploy ! bundle Statical Analysis and Simulation ? ? Transformation
global idea • a set of generic tools (services)
global idea • a set of generic tools (services) • that can be composed to get complex checkings and transformations on bundles
architecture bundle bundle bundle bundle bundle bundle OSGi
architecture bundle bundle bundle bundle bundle bundle OSGi generic (base) services
architecture more complex, business - specific services bundle bundle bundle bundle bundle bundle OSGi generic (base) services
generic services jars • decompress • compress • estimate size • class bytes
generic services jars • decompress • compress • estimate size • class bytes metadata • manifest contents • DS / iPOJO components
generic services jars bytecode • decompress • method call search • compress • class related information • estimate size • method instrumentation • class bytes metadata • manifest contents • DS / iPOJO components
generic services jars bytecode • decompress • method call search • compress • class related information • estimate size • method instrumentation • class bytes metadata graphs • manifest contents • construction • DS / iPOJO components • analysis (strongly connected components)
business - specific services • remove double imports
business - specific services • remove double imports • detect inappropriate method calls – Runtime.getRuntime.halt() – System.exit()
business - specific services • remove double imports • detect inappropriate method calls – Runtime.getRuntime.halt() – System.exit() • cycles between services
business - specific services • remove double imports • detect inappropriate method calls – Runtime.getRuntime.halt() – System.exit() • cycles between services • associate CPU consumption & Threads with bundles
DÉMO
how it was done • unjar • parse the manifest • retrieve the Activator / DS components bytes • instrument the bytecode • remove digital signature • jar
how it was done • unjar • parse the manifest • retrieve the Activator / DS components bytes • instrument the bytecode • remove digital signature • jar => used almost all of our basic services
bytecode instrumentation class MyActivator implements BundleActivator { … public void start( BundleContext context) throws Exception { // method body } … }
bytecode instrumentation public void renamed_start(BundleContext context) throws Exception { // method body } class MyActivator implements BundleActivator { … public void start( BundleContext context) throws Exception { // method body } … }
bytecode instrumentation public void renamed_start(BundleContext context) throws Exception { // method body } class MyActivator implements BundleActivator { public void start(BundleContext context) … throws Exception { … // get bundleName from manifest public void start( BundleContext context) ThreadGroup tg = new throws Exception { ThreadGroup(bundleName+"_TGroup"); // method body ThreadGroup oldTg = Thread.currentThread().getThreadGroup() } ; … …// modify the thread group of } …// current thread renamed_start(context); …// restore the thread group }
conclusion • some tools for statical analysis & transformation of bundles • complete solution: statical analysis + modified OSGi framework + modified JVM • nice to have: public repository with LOTs of bundles offering generic analysis services
thank you ! questions ?
public void start(final BundleContext context) throws Exception { Dictionary manifProps = context.getBundle().getHeaders(); String bundleName = manifProps.get("Bundle- Name").toString(); ThreadGroup tg = new ThreadGroup(bundleName+"_ThreadGroup"); ThreadGroup oldTg = Thread.currentThread().getThreadGroup(); Field groupField = Thread.class.getDeclaredField("group"); groupField.setAccessible(true); groupField.set(Thread.currentThread(),tg); orange___start(context); groupField.set(Thread.currentThread(), oldTg); groupField.setAccessible(false); }

Recommended

Network vs. Code Metrics to Predict Defects: A Replication Study
Network vs. Code Metrics to Predict Defects: A Replication StudyNetwork vs. Code Metrics to Predict Defects: A Replication Study
Network vs. Code Metrics to Predict Defects: A Replication Study
Kim Herzig
 
Core java
Core javaCore java
Core java
Savita Rawat
 
Java concurrency
Java concurrencyJava concurrency
Java concurrency
Hithem Ahmed
 
Java 7: Quo vadis?
Java 7: Quo vadis?Java 7: Quo vadis?
Java 7: Quo vadis?
Michal Malohlava
 
JVM Mechanics: When Does the JVM JIT & Deoptimize?
JVM Mechanics: When Does the JVM JIT & Deoptimize?JVM Mechanics: When Does the JVM JIT & Deoptimize?
JVM Mechanics: When Does the JVM JIT & Deoptimize?
Doug Hawkins
 
Groovy DSLs (JavaOne Presentation)
Groovy DSLs (JavaOne Presentation)Groovy DSLs (JavaOne Presentation)
Groovy DSLs (JavaOne Presentation)
Jim Driscoll
 
Priming Java for Speed at Market Open
Priming Java for Speed at Market OpenPriming Java for Speed at Market Open
Priming Java for Speed at Market Open
Azul Systems Inc.
 
CppUnit using introduction
CppUnit using introductionCppUnit using introduction
CppUnit using introduction
Iurii Kyian
 

Recommended

Network vs. Code Metrics to Predict Defects: A Replication Study
Network vs. Code Metrics to Predict Defects: A Replication StudyNetwork vs. Code Metrics to Predict Defects: A Replication Study
Network vs. Code Metrics to Predict Defects: A Replication Study
Kim Herzig
 
Core java
Core javaCore java
Core java
Savita Rawat
 
Java concurrency
Java concurrencyJava concurrency
Java concurrency
Hithem Ahmed
 
Java 7: Quo vadis?
Java 7: Quo vadis?Java 7: Quo vadis?
Java 7: Quo vadis?
Michal Malohlava
 
JVM Mechanics: When Does the JVM JIT & Deoptimize?
JVM Mechanics: When Does the JVM JIT & Deoptimize?JVM Mechanics: When Does the JVM JIT & Deoptimize?
JVM Mechanics: When Does the JVM JIT & Deoptimize?
Doug Hawkins
 
Groovy DSLs (JavaOne Presentation)
Groovy DSLs (JavaOne Presentation)Groovy DSLs (JavaOne Presentation)
Groovy DSLs (JavaOne Presentation)
Jim Driscoll
 
Priming Java for Speed at Market Open
Priming Java for Speed at Market OpenPriming Java for Speed at Market Open
Priming Java for Speed at Market Open
Azul Systems Inc.
 
CppUnit using introduction
CppUnit using introductionCppUnit using introduction
CppUnit using introduction
Iurii Kyian
 
Java 7 - What's New?
Java 7 - What's New?Java 7 - What's New?
Java 7 - What's New?
Kobib9
 
Java class 6
Java class 6Java class 6
Java class 6
Edureka!
 
Dynamic Analysis (EVO 2008)
Dynamic Analysis (EVO 2008)Dynamic Analysis (EVO 2008)
Dynamic Analysis (EVO 2008)
Tudor Girba
 
Java Day-3
Java Day-3Java Day-3
Java Day-3
People Strategists
 
Java class 3
Java class 3Java class 3
Java class 3
Edureka!
 
Inter thread communication & runnable interface
Inter thread communication & runnable interfaceInter thread communication & runnable interface
Inter thread communication & runnable interface
keval_thummar
 
JCConf 2018 - Retrospect and Prospect of Java
JCConf 2018 - Retrospect and Prospect of JavaJCConf 2018 - Retrospect and Prospect of Java
JCConf 2018 - Retrospect and Prospect of Java
Joseph Kuo
 
Millions quotes per second in pure java
Millions quotes per second in pure javaMillions quotes per second in pure java
Millions quotes per second in pure java
Roman Elizarov
 
Cpp unit
Cpp unit Cpp unit
Cpp unit
mudabbirwarsi
 
Core java concepts
Core java conceptsCore java concepts
Core java concepts
Chikugehlot
 
The CoFX Data Model
The CoFX Data ModelThe CoFX Data Model
The CoFX Data Model
Rainer Stropek
 
Configuring Mahout Clustering Jobs - Frank Scholten
Configuring Mahout Clustering Jobs - Frank ScholtenConfiguring Mahout Clustering Jobs - Frank Scholten
Configuring Mahout Clustering Jobs - Frank Scholten
lucenerevolution
 
Java class 4
Java class 4Java class 4
Java class 4
Edureka!
 
Introduction of failsafe
Introduction of failsafeIntroduction of failsafe
Introduction of failsafe
Sunghyouk Bae
 
QtQuick Day 3
QtQuick Day 3QtQuick Day 3
QtQuick Day 3
Timo Strömmer
 
TWJUG x Oracle Groundbreakers 2019 Taiwan - What’s New in Last Java Versions
TWJUG x Oracle Groundbreakers 2019 Taiwan - What’s New in Last Java VersionsTWJUG x Oracle Groundbreakers 2019 Taiwan - What’s New in Last Java Versions
TWJUG x Oracle Groundbreakers 2019 Taiwan - What’s New in Last Java Versions
Joseph Kuo
 
Java 8 - Stamped Lock
Java 8 - Stamped LockJava 8 - Stamped Lock
Java 8 - Stamped Lock
Haim Yadid
 
Testing Django Applications
Testing Django ApplicationsTesting Django Applications
Testing Django Applications
Gareth Rushgrove
 
Classboxes, nested methods, and real private methods
Classboxes, nested methods, and real private methodsClassboxes, nested methods, and real private methods
Classboxes, nested methods, and real private methods
Shugo Maeda
 
2 P Seminar
2 P Seminar2 P Seminar
2 P Seminar
Linkiby Belarus
 
Déploiement dynamique d'applications OSGi sur le Cloud
Déploiement dynamique d'applications OSGi sur le CloudDéploiement dynamique d'applications OSGi sur le Cloud
Déploiement dynamique d'applications OSGi sur le Cloud
OSGi User Group France
 
FraSCAti with OSGi
FraSCAti with OSGiFraSCAti with OSGi
FraSCAti with OSGi
OSGi User Group France
 

More Related Content

What's hot

Java 7 - What's New?
Java 7 - What's New?Java 7 - What's New?
Java 7 - What's New?
Kobib9
 
Java class 6
Java class 6Java class 6
Java class 6
Edureka!
 
Dynamic Analysis (EVO 2008)
Dynamic Analysis (EVO 2008)Dynamic Analysis (EVO 2008)
Dynamic Analysis (EVO 2008)
Tudor Girba
 
Java Day-3
Java Day-3Java Day-3
Java Day-3
People Strategists
 
Java class 3
Java class 3Java class 3
Java class 3
Edureka!
 
Inter thread communication & runnable interface
Inter thread communication & runnable interfaceInter thread communication & runnable interface
Inter thread communication & runnable interface
keval_thummar
 
JCConf 2018 - Retrospect and Prospect of Java
JCConf 2018 - Retrospect and Prospect of JavaJCConf 2018 - Retrospect and Prospect of Java
JCConf 2018 - Retrospect and Prospect of Java
Joseph Kuo
 
Millions quotes per second in pure java
Millions quotes per second in pure javaMillions quotes per second in pure java
Millions quotes per second in pure java
Roman Elizarov
 
Cpp unit
Cpp unit Cpp unit
Cpp unit
mudabbirwarsi
 
Core java concepts
Core java conceptsCore java concepts
Core java concepts
Chikugehlot
 
The CoFX Data Model
The CoFX Data ModelThe CoFX Data Model
The CoFX Data Model
Rainer Stropek
 
Configuring Mahout Clustering Jobs - Frank Scholten
Configuring Mahout Clustering Jobs - Frank ScholtenConfiguring Mahout Clustering Jobs - Frank Scholten
Configuring Mahout Clustering Jobs - Frank Scholten
lucenerevolution
 
Java class 4
Java class 4Java class 4
Java class 4
Edureka!
 
Introduction of failsafe
Introduction of failsafeIntroduction of failsafe
Introduction of failsafe
Sunghyouk Bae
 
QtQuick Day 3
QtQuick Day 3QtQuick Day 3
QtQuick Day 3
Timo Strömmer
 
TWJUG x Oracle Groundbreakers 2019 Taiwan - What’s New in Last Java Versions
TWJUG x Oracle Groundbreakers 2019 Taiwan - What’s New in Last Java VersionsTWJUG x Oracle Groundbreakers 2019 Taiwan - What’s New in Last Java Versions
TWJUG x Oracle Groundbreakers 2019 Taiwan - What’s New in Last Java Versions
Joseph Kuo
 
Java 8 - Stamped Lock
Java 8 - Stamped LockJava 8 - Stamped Lock
Java 8 - Stamped Lock
Haim Yadid
 
Testing Django Applications
Testing Django ApplicationsTesting Django Applications
Testing Django Applications
Gareth Rushgrove
 
Classboxes, nested methods, and real private methods
Classboxes, nested methods, and real private methodsClassboxes, nested methods, and real private methods
Classboxes, nested methods, and real private methods
Shugo Maeda
 
2 P Seminar
2 P Seminar2 P Seminar
2 P Seminar
Linkiby Belarus
 

What's hot (20)

Java 7 - What's New?
Java 7 - What's New?Java 7 - What's New?
Java 7 - What's New?
 
Java class 6
Java class 6Java class 6
Java class 6
 
Dynamic Analysis (EVO 2008)
Dynamic Analysis (EVO 2008)Dynamic Analysis (EVO 2008)
Dynamic Analysis (EVO 2008)
 
Java Day-3
Java Day-3Java Day-3
Java Day-3
 
Java class 3
Java class 3Java class 3
Java class 3
 
Inter thread communication & runnable interface
Inter thread communication & runnable interfaceInter thread communication & runnable interface
Inter thread communication & runnable interface
 
JCConf 2018 - Retrospect and Prospect of Java
JCConf 2018 - Retrospect and Prospect of JavaJCConf 2018 - Retrospect and Prospect of Java
JCConf 2018 - Retrospect and Prospect of Java
 
Millions quotes per second in pure java
Millions quotes per second in pure javaMillions quotes per second in pure java
Millions quotes per second in pure java
 
Cpp unit
Cpp unit Cpp unit
Cpp unit
 
Core java concepts
Core java conceptsCore java concepts
Core java concepts
 
The CoFX Data Model
The CoFX Data ModelThe CoFX Data Model
The CoFX Data Model
 
Configuring Mahout Clustering Jobs - Frank Scholten
Configuring Mahout Clustering Jobs - Frank ScholtenConfiguring Mahout Clustering Jobs - Frank Scholten
Configuring Mahout Clustering Jobs - Frank Scholten
 
Java class 4
Java class 4Java class 4
Java class 4
 
Introduction of failsafe
Introduction of failsafeIntroduction of failsafe
Introduction of failsafe
 
QtQuick Day 3
QtQuick Day 3QtQuick Day 3
QtQuick Day 3
 
TWJUG x Oracle Groundbreakers 2019 Taiwan - What’s New in Last Java Versions
TWJUG x Oracle Groundbreakers 2019 Taiwan - What’s New in Last Java VersionsTWJUG x Oracle Groundbreakers 2019 Taiwan - What’s New in Last Java Versions
TWJUG x Oracle Groundbreakers 2019 Taiwan - What’s New in Last Java Versions
 
Java 8 - Stamped Lock
Java 8 - Stamped LockJava 8 - Stamped Lock
Java 8 - Stamped Lock
 
Testing Django Applications
Testing Django ApplicationsTesting Django Applications
Testing Django Applications
 
Classboxes, nested methods, and real private methods
Classboxes, nested methods, and real private methodsClassboxes, nested methods, and real private methods
Classboxes, nested methods, and real private methods
 
2 P Seminar
2 P Seminar2 P Seminar
2 P Seminar
 

Viewers also liked

Déploiement dynamique d'applications OSGi sur le Cloud
Déploiement dynamique d'applications OSGi sur le CloudDéploiement dynamique d'applications OSGi sur le Cloud
Déploiement dynamique d'applications OSGi sur le Cloud
OSGi User Group France
 
FraSCAti with OSGi
FraSCAti with OSGiFraSCAti with OSGi
FraSCAti with OSGi
OSGi User Group France
 
Last night OSGi saved my life
Last night OSGi saved my lifeLast night OSGi saved my life
Last night OSGi saved my life
OSGi User Group France
 
All about Apache ACE
All about Apache ACEAll about Apache ACE
All about Apache ACE
OSGi User Group France
 
Robust Embedded Applications OSGi ME Platforms
Robust Embedded Applications OSGi ME PlatformsRobust Embedded Applications OSGi ME Platforms
Robust Embedded Applications OSGi ME Platforms
OSGi User Group France
 
Chame RIA
Chame RIAChame RIA
Chame RIA
OSGi User Group France
 
Isandla tech - psem2m sdk - perspectives v1.0 - ougf
Isandla tech - psem2m sdk - perspectives v1.0 - ougfIsandla tech - psem2m sdk - perspectives v1.0 - ougf
Isandla tech - psem2m sdk - perspectives v1.0 - ougf
OSGi User Group France
 
Open home automation infrastructure
Open home automation infrastructureOpen home automation infrastructure
Open home automation infrastructure
OSGi User Group France
 
CATS: A Context-Aware Transportation Services Framework for Mobile Environments
CATS: A Context-Aware Transportation Services Framework for Mobile EnvironmentsCATS: A Context-Aware Transportation Services Framework for Mobile Environments
CATS: A Context-Aware Transportation Services Framework for Mobile Environments
OSGi User Group France
 
OUGF - OSAmI - OSGi Ubiquity
OUGF - OSAmI - OSGi UbiquityOUGF - OSAmI - OSGi Ubiquity
OUGF - OSAmI - OSGi Ubiquity
OSGi User Group France
 
Celix universal OSGi
Celix universal OSGiCelix universal OSGi
Celix universal OSGi
OSGi User Group France
 

Viewers also liked (11)

Déploiement dynamique d'applications OSGi sur le Cloud
Déploiement dynamique d'applications OSGi sur le CloudDéploiement dynamique d'applications OSGi sur le Cloud
Déploiement dynamique d'applications OSGi sur le Cloud
 
FraSCAti with OSGi
FraSCAti with OSGiFraSCAti with OSGi
FraSCAti with OSGi
 
Last night OSGi saved my life
Last night OSGi saved my lifeLast night OSGi saved my life
Last night OSGi saved my life
 
All about Apache ACE
All about Apache ACEAll about Apache ACE
All about Apache ACE
 
Robust Embedded Applications OSGi ME Platforms
Robust Embedded Applications OSGi ME PlatformsRobust Embedded Applications OSGi ME Platforms
Robust Embedded Applications OSGi ME Platforms
 
Chame RIA
Chame RIAChame RIA
Chame RIA
 
Isandla tech - psem2m sdk - perspectives v1.0 - ougf
Isandla tech - psem2m sdk - perspectives v1.0 - ougfIsandla tech - psem2m sdk - perspectives v1.0 - ougf
Isandla tech - psem2m sdk - perspectives v1.0 - ougf
 
Open home automation infrastructure
Open home automation infrastructureOpen home automation infrastructure
Open home automation infrastructure
 
CATS: A Context-Aware Transportation Services Framework for Mobile Environments
CATS: A Context-Aware Transportation Services Framework for Mobile EnvironmentsCATS: A Context-Aware Transportation Services Framework for Mobile Environments
CATS: A Context-Aware Transportation Services Framework for Mobile Environments
 
OUGF - OSAmI - OSGi Ubiquity
OUGF - OSAmI - OSGi UbiquityOUGF - OSAmI - OSGi Ubiquity
OUGF - OSAmI - OSGi Ubiquity
 
Celix universal OSGi
Celix universal OSGiCelix universal OSGi
Celix universal OSGi
 

Similar to A toolbox for statical analysis and transformation of OSGi bundles

Tuscany : Applying OSGi After The Fact
Tuscany : Applying OSGi After The FactTuscany : Applying OSGi After The Fact
Tuscany : Applying OSGi After The Fact
Luciano Resende
 
Using the OSGi Application Model on Mobile Devices with CLDC JVM - Dimitar Va...
Using the OSGi Application Model on Mobile Devices with CLDC JVM - Dimitar Va...Using the OSGi Application Model on Mobile Devices with CLDC JVM - Dimitar Va...
Using the OSGi Application Model on Mobile Devices with CLDC JVM - Dimitar Va...
mfrancis
 
OSGi bootcamp - part 1
OSGi bootcamp - part 1OSGi bootcamp - part 1
OSGi bootcamp - part 1
Jan Willem Janssen
 
Gallio Crafting A Toolchain
Gallio Crafting A ToolchainGallio Crafting A Toolchain
Gallio Crafting A Toolchain
ConSanFrancisco123
 
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data Everywhere
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data EverywhereApache Bigtop and ARM64 / AArch64 - Empowering Big Data Everywhere
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data Everywhere
Ganesh Raju
 
Introduction to OSGGi
Introduction to OSGGiIntroduction to OSGGi
Introduction to OSGGi
Marek Koniew
 
Synapseindia reviews.odp.
Synapseindia reviews.odp.Synapseindia reviews.odp.
Synapseindia reviews.odp.
Tarunsingh198
 
OSGi introduction
OSGi introductionOSGi introduction
OSGi introduction
Dario Bonino
 
Новый InterSystems: open-source, митапы, хакатоны
Новый InterSystems: open-source, митапы, хакатоныНовый InterSystems: open-source, митапы, хакатоны
Новый InterSystems: open-source, митапы, хакатоны
Timur Safin
 
An introduction to maven gradle and sbt
An introduction to maven gradle and sbtAn introduction to maven gradle and sbt
An introduction to maven gradle and sbt
Fabio Fumarola
 
Beyond OSGi Software Architecture
Beyond OSGi Software ArchitectureBeyond OSGi Software Architecture
Beyond OSGi Software Architecture
Jeroen van Grondelle
 
Cinfony - Bring cheminformatics toolkits into tune
Cinfony - Bring cheminformatics toolkits into tuneCinfony - Bring cheminformatics toolkits into tune
Cinfony - Bring cheminformatics toolkits into tune
baoilleach
 
OSGi Service Platform Release 4 Overview - BJ Hargrave, IBM & Peter Kriens, a...
OSGi Service Platform Release 4 Overview - BJ Hargrave, IBM & Peter Kriens, a...OSGi Service Platform Release 4 Overview - BJ Hargrave, IBM & Peter Kriens, a...
OSGi Service Platform Release 4 Overview - BJ Hargrave, IBM & Peter Kriens, a...
mfrancis
 
Java tutorials
Java tutorialsJava tutorials
Java tutorials
saryu2011
 
Intro To OSGi
Intro To OSGiIntro To OSGi
Intro To OSGi
Stephan Janssen
 
Introduction to OSGi
Introduction to OSGiIntroduction to OSGi
Introduction to OSGi
pradeepfn
 
OSGi in 5 minutes
OSGi in 5 minutesOSGi in 5 minutes
OSGi in 5 minutes
Serge Huber
 
Everything can be a bundle - making OSGi bundles of Java legacy code - Gunnar...
Everything can be a bundle - making OSGi bundles of Java legacy code - Gunnar...Everything can be a bundle - making OSGi bundles of Java legacy code - Gunnar...
Everything can be a bundle - making OSGi bundles of Java legacy code - Gunnar...
mfrancis
 
Building modular software with OSGi - Ulf Fildebrandt
Building modular software with OSGi - Ulf FildebrandtBuilding modular software with OSGi - Ulf Fildebrandt
Building modular software with OSGi - Ulf Fildebrandt
mfrancis
 
DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)
Soshi Nemoto
 

Similar to A toolbox for statical analysis and transformation of OSGi bundles (20)

Tuscany : Applying OSGi After The Fact
Tuscany : Applying OSGi After The FactTuscany : Applying OSGi After The Fact
Tuscany : Applying OSGi After The Fact
 
Using the OSGi Application Model on Mobile Devices with CLDC JVM - Dimitar Va...
Using the OSGi Application Model on Mobile Devices with CLDC JVM - Dimitar Va...Using the OSGi Application Model on Mobile Devices with CLDC JVM - Dimitar Va...
Using the OSGi Application Model on Mobile Devices with CLDC JVM - Dimitar Va...
 
OSGi bootcamp - part 1
OSGi bootcamp - part 1OSGi bootcamp - part 1
OSGi bootcamp - part 1
 
Gallio Crafting A Toolchain
Gallio Crafting A ToolchainGallio Crafting A Toolchain
Gallio Crafting A Toolchain
 
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data Everywhere
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data EverywhereApache Bigtop and ARM64 / AArch64 - Empowering Big Data Everywhere
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data Everywhere
 
Introduction to OSGGi
Introduction to OSGGiIntroduction to OSGGi
Introduction to OSGGi
 
Synapseindia reviews.odp.
Synapseindia reviews.odp.Synapseindia reviews.odp.
Synapseindia reviews.odp.
 
OSGi introduction
OSGi introductionOSGi introduction
OSGi introduction
 
Новый InterSystems: open-source, митапы, хакатоны
Новый InterSystems: open-source, митапы, хакатоныНовый InterSystems: open-source, митапы, хакатоны
Новый InterSystems: open-source, митапы, хакатоны
 
An introduction to maven gradle and sbt
An introduction to maven gradle and sbtAn introduction to maven gradle and sbt
An introduction to maven gradle and sbt
 
Beyond OSGi Software Architecture
Beyond OSGi Software ArchitectureBeyond OSGi Software Architecture
Beyond OSGi Software Architecture
 
Cinfony - Bring cheminformatics toolkits into tune
Cinfony - Bring cheminformatics toolkits into tuneCinfony - Bring cheminformatics toolkits into tune
Cinfony - Bring cheminformatics toolkits into tune
 
OSGi Service Platform Release 4 Overview - BJ Hargrave, IBM & Peter Kriens, a...
OSGi Service Platform Release 4 Overview - BJ Hargrave, IBM & Peter Kriens, a...OSGi Service Platform Release 4 Overview - BJ Hargrave, IBM & Peter Kriens, a...
OSGi Service Platform Release 4 Overview - BJ Hargrave, IBM & Peter Kriens, a...
 
Java tutorials
Java tutorialsJava tutorials
Java tutorials
 
Intro To OSGi
Intro To OSGiIntro To OSGi
Intro To OSGi
 
Introduction to OSGi
Introduction to OSGiIntroduction to OSGi
Introduction to OSGi
 
OSGi in 5 minutes
OSGi in 5 minutesOSGi in 5 minutes
OSGi in 5 minutes
 
Everything can be a bundle - making OSGi bundles of Java legacy code - Gunnar...
Everything can be a bundle - making OSGi bundles of Java legacy code - Gunnar...Everything can be a bundle - making OSGi bundles of Java legacy code - Gunnar...
Everything can be a bundle - making OSGi bundles of Java legacy code - Gunnar...
 
Building modular software with OSGi - Ulf Fildebrandt
Building modular software with OSGi - Ulf FildebrandtBuilding modular software with OSGi - Ulf Fildebrandt
Building modular software with OSGi - Ulf Fildebrandt
 
DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)
 

Recently uploaded

Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 

Recently uploaded (20)

Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 

A toolbox for statical analysis and transformation of OSGi bundles

  • 1. A toolbox for statical analysis and transformation of OSGi bundles Radu Kopetz – Orange Labs radu.kopetz @orange.com OSGi Users’ Group France Meeting 25/11/2011
  • 3. why OSGi ? • ease of development • rich, mature ecosystem • modularity • isolation and security guaranties
  • 4. chalenges • platforms’ security and availability • preserved QoS • malicious comportement can be both intended or unintended
  • 5. security in OSGi • based on Java 2 security – Conditional Permission Admin
  • 6. security in OSGi • based on Java 2 security – Conditional Permission Admin • adds namespace isolation mechanism between bundles
  • 7. security in OSGi • based on Java 2 security – Conditional Permission Admin • adds namespace isolation mechanism between bundles • but …
  • 8. security flaws in OSGi • originate in OSGi platform – infinite loop / thread hanging in bundle activator – huge manifest file or import statements – decompression bomb
  • 9. security flaws in OSGi • originate in OSGi platform – infinite loop / thread hanging in bundle activator – huge manifest file or import statements – decompression bomb • originate in JVM shortcomings: not designed for multi-application systems – memory load injection – exponential thread creation – infinite loops
  • 10. possible approach (automated) analysis bundle
  • 11. possible approach (automated) analysis bundle bundle deploy !
  • 12. possible approach (automated) analysis bundle bundle deploy ! bundle
  • 13. possible approach (automated) analysis bundle bundle deploy ! bundle Statical Analysis and Transformation
  • 14. possible approach (automated) analysis bundle bundle deploy ! bundle Statical Analysis and Simulation ? Transformation
  • 15. possible approach (automated) analysis bundle bundle deploy ! bundle Statical Analysis and Simulation ? ? Transformation
  • 16. possible approach (automated) analysis bundle bundle deploy ! bundle Statical Analysis and Simulation ? ? Transformation
  • 17. global idea • a set of generic tools (services)
  • 18. global idea • a set of generic tools (services) • that can be composed to get complex checkings and transformations on bundles
  • 19. architecture bundle bundle bundle bundle bundle bundle OSGi
  • 20. architecture bundle bundle bundle bundle bundle bundle OSGi generic (base) services
  • 21. architecture more complex, business - specific services bundle bundle bundle bundle bundle bundle OSGi generic (base) services
  • 22. generic services jars • decompress • compress • estimate size • class bytes
  • 23. generic services jars • decompress • compress • estimate size • class bytes metadata • manifest contents • DS / iPOJO components
  • 24. generic services jars bytecode • decompress • method call search • compress • class related information • estimate size • method instrumentation • class bytes metadata • manifest contents • DS / iPOJO components
  • 25. generic services jars bytecode • decompress • method call search • compress • class related information • estimate size • method instrumentation • class bytes metadata graphs • manifest contents • construction • DS / iPOJO components • analysis (strongly connected components)
  • 26. business - specific services • remove double imports
  • 27. business - specific services • remove double imports • detect inappropriate method calls – Runtime.getRuntime.halt() – System.exit()
  • 28. business - specific services • remove double imports • detect inappropriate method calls – Runtime.getRuntime.halt() – System.exit() • cycles between services
  • 29. business - specific services • remove double imports • detect inappropriate method calls – Runtime.getRuntime.halt() – System.exit() • cycles between services • associate CPU consumption & Threads with bundles
  • 30. DÉMO
  • 31. how it was done • unjar • parse the manifest • retrieve the Activator / DS components bytes • instrument the bytecode • remove digital signature • jar
  • 32. how it was done • unjar • parse the manifest • retrieve the Activator / DS components bytes • instrument the bytecode • remove digital signature • jar => used almost all of our basic services
  • 33. bytecode instrumentation class MyActivator implements BundleActivator { … public void start( BundleContext context) throws Exception { // method body } … }
  • 34. bytecode instrumentation public void renamed_start(BundleContext context) throws Exception { // method body } class MyActivator implements BundleActivator { … public void start( BundleContext context) throws Exception { // method body } … }
  • 35. bytecode instrumentation public void renamed_start(BundleContext context) throws Exception { // method body } class MyActivator implements BundleActivator { public void start(BundleContext context) … throws Exception { … // get bundleName from manifest public void start( BundleContext context) ThreadGroup tg = new throws Exception { ThreadGroup(bundleName+"_TGroup"); // method body ThreadGroup oldTg = Thread.currentThread().getThreadGroup() } ; … …// modify the thread group of } …// current thread renamed_start(context); …// restore the thread group }
  • 36. conclusion • some tools for statical analysis & transformation of bundles • complete solution: statical analysis + modified OSGi framework + modified JVM • nice to have: public repository with LOTs of bundles offering generic analysis services
  • 37. thank you ! questions ?
  • 38. public void start(final BundleContext context) throws Exception { Dictionary manifProps = context.getBundle().getHeaders(); String bundleName = manifProps.get("Bundle- Name").toString(); ThreadGroup tg = new ThreadGroup(bundleName+"_ThreadGroup"); ThreadGroup oldTg = Thread.currentThread().getThreadGroup(); Field groupField = Thread.class.getDeclaredField("group"); groupField.setAccessible(true); groupField.set(Thread.currentThread(),tg); orange___start(context); groupField.set(Thread.currentThread(), oldTg); groupField.setAccessible(false); }