a toolbox for statical analysis and transformation of osgi bundles
DESCRIPTION
Nowadays, OSGi is becoming more and more popular in Java world. Consequently, the quantity of available bundles is increasing rapidly, and the means to verify and assess security guaranties about these artifacts are lacking. In the context of opening its platforms to third party applications, Orange is seeking the necessary mechanisms and tools that could be used in order to ensure platforms' protection and robustness. We propose a platform that offers several services that enable statical analysis and transformation of OSGi bundles. The services range from simple ones, like for instance a service for analyzing bundles' manifests, to more complex ones that allow byte-code inspection and transformation. The platform is itself built on OSGi for modularity and extensibility. We further demonstrate the usefulness of our approach by instrumenting an instance of the Eclipse IDE in order to monitor thread creation and CPU consumption per bundle. Radu Kopetz, Technical Architect - Orange LabsTRANSCRIPT
![Page 1: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/1.jpg)
A toolbox for statical analysis and transformation of OSGi bundles
Radu Kopetz – Orange Labsradu.kopetz @orange.com
OSGi Users’ Group France Meeting
25/11/2011
![Page 2: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/2.jpg)
motivations
Source: http://www.drm-x.com/
![Page 3: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/3.jpg)
why OSGi ?
• ease of development
• rich, mature ecosystem
• modularity • modularity
• isolation and security guaranties
![Page 4: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/4.jpg)
chalenges
• platforms’ security and availability
• preserved QoS
• malicious comportement can be both intended or unintendedintended or unintended
![Page 5: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/5.jpg)
security in OSGi
• based on Java 2 security
– Conditional Permission Admin
![Page 6: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/6.jpg)
security in OSGi
• based on Java 2 security
– Conditional Permission Admin
• adds namespace isolation mechanism between bundlesbundles
![Page 7: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/7.jpg)
security in OSGi
• based on Java 2 security
– Conditional Permission Admin
• adds namespace isolation mechanism between bundlesbundles
• but …
![Page 8: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/8.jpg)
security flaws in OSGi
• originate in OSGi platform– infinite loop / thread hanging in bundle activator
– huge manifest file or import statements
– decompression bomb– decompression bomb
![Page 9: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/9.jpg)
security flaws in OSGi
• originate in OSGi platform– infinite loop / thread hanging in bundle activator
– huge manifest file or import statements
– decompression bomb– decompression bomb
• originate in JVM shortcomings: not designed for multi-application systems– memory load injection
– exponential thread creation
– infinite loops
![Page 10: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/10.jpg)
possible approach
bundle
(automated) analysis
![Page 11: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/11.jpg)
possible approach
bundle
(automated) analysis
bundle
deploy !deploy !
![Page 12: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/12.jpg)
possible approach
bundle
(automated) analysis
bundle
deploy !deploy !bundle
![Page 13: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/13.jpg)
possible approach
bundle
(automated) analysis
bundle
deploy !deploy !bundle
StaticalAnalysis and Transformation
![Page 14: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/14.jpg)
possible approach
bundle
(automated) analysis
bundle
deploy !deploy !bundle
StaticalAnalysis and Transformation
Simulation ?
![Page 15: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/15.jpg)
possible approach
bundle
(automated) analysis
bundle
deploy !deploy !bundle
StaticalAnalysis and Transformation
Simulation ? ?
![Page 16: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/16.jpg)
possible approach
bundle
(automated) analysis
bundle
deploy !deploy !bundle
StaticalAnalysis and Transformation
Simulation ? ?
![Page 17: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/17.jpg)
global idea
• a set of generic tools (services)
![Page 18: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/18.jpg)
global idea
• a set of generic tools (services)
• that can be composed to get complex checkings and transformations on bundles
![Page 19: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/19.jpg)
architecture
bundle bundle
bundle bundle bundlebundle
OSGiOSGi
![Page 20: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/20.jpg)
architecture
bundle bundle
bundle bundle bundlebundle
OSGiOSGi
generic (base) services
![Page 21: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/21.jpg)
architecture
bundle bundle
more complex, business - specific services
bundle bundle bundlebundle
OSGiOSGi
generic (base) services
![Page 22: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/22.jpg)
generic services
jars• decompress• compress• estimate size• estimate size• class bytes
![Page 23: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/23.jpg)
generic services
jars• decompress• compress• estimate size• estimate size• class bytes
metadata• manifest contents • DS / iPOJO components
![Page 24: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/24.jpg)
generic services
jars• decompress• compress• estimate size
bytecode• method call search• class related information• method instrumentation• estimate size
• class bytes
metadata• manifest contents • DS / iPOJO components
• method instrumentation
![Page 25: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/25.jpg)
generic services
jars• decompress• compress• estimate size
bytecode• method call search• class related information• method instrumentation• estimate size
• class bytes
metadata• manifest contents • DS / iPOJO components
• method instrumentation
graphs• construction• analysis (strongly connected components)
![Page 26: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/26.jpg)
business - specific services
• remove double imports
![Page 27: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/27.jpg)
business - specific services
• remove double imports
• detect inappropriate method calls
– Runtime.getRuntime.halt()
– System.exit()– System.exit()
![Page 28: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/28.jpg)
business - specific services
• remove double imports
• detect inappropriate method calls
– Runtime.getRuntime.halt()
– System.exit()– System.exit()
• cycles between services
![Page 29: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/29.jpg)
business - specific services
• remove double imports
• detect inappropriate method calls
– Runtime.getRuntime.halt()
– System.exit()– System.exit()
• cycles between services
• associate CPU consumption & Threads with bundles
![Page 30: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/30.jpg)
DÉMODÉMO
![Page 31: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/31.jpg)
how it was done
• unjar
• parse the manifest
• retrieve the Activator / DS components bytes
• instrument the bytecode• instrument the bytecode
• remove digital signature
• jar
![Page 32: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/32.jpg)
how it was done
• unjar
• parse the manifest
• retrieve the Activator / DS components bytes
• instrument the bytecode• instrument the bytecode
• remove digital signature
• jar
=> used almost all of our basic services
![Page 33: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/33.jpg)
bytecode instrumentation
class MyActivator implements BundleActivator {…
public void start(
public void start( BundleContext context)
throws Exception {
// method body
}…
}
![Page 34: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/34.jpg)
bytecode instrumentation
class MyActivator implements BundleActivator {…
public void start(
public void renamed_start(BundleContextcontext) throws Exception {// method body
}
public void start( BundleContext context)
throws Exception {
// method body
}…
}
![Page 35: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/35.jpg)
bytecode instrumentation
class MyActivator implements BundleActivator {…
public void start(
public void renamed_start(BundleContextcontext) throws Exception {// method body
}
public void start(BundleContext context) throws Exception {… // get bundleName from manifest
public void start( BundleContext context)
throws Exception {
// method body
}…
}
… // get bundleName from manifest
ThreadGroup tg = new ThreadGroup(bundleName+"_TGroup");
ThreadGroup oldTg = Thread.currentThread().getThreadGroup();…// modify the thread group of
…// current thread
renamed_start(context);
…// restore the thread group
}
![Page 36: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/36.jpg)
conclusion
• some tools for statical analysis &
transformation of bundles
• complete solution: statical analysis + modified
OSGi framework + modified JVMOSGi framework + modified JVM
• nice to have: public repository with LOTs of
bundles offering generic analysis services
![Page 37: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/37.jpg)
thank you ! questions ?thank you ! questions ?
![Page 38: A toolbox for statical analysis and transformation of OSGi bundles](https://reader033.vdocuments.us/reader033/viewer/2022052622/558de5701a28abef428b4704/html5/thumbnails/38.jpg)
public void start(final BundleContext context) throws Exception {
Dictionary manifProps = context.getBundle().getHeaders();
String bundleName = manifProps.get("Bundle-Name").toString();
ThreadGroup tg = new ThreadGroup(bundleName+"_ThreadGroup");
ThreadGroup oldTg = Thread.currentThread().getThreadGroup();
Field groupField = Field groupField = Thread.class.getDeclaredField("group");
groupField.setAccessible(true);
groupField.set(Thread.currentThread(),tg);
orange___start(context);
groupField.set(Thread.currentThread(), oldTg);groupField.setAccessible(false);
}