Protecting code archives with digital signatures
An example with OSGi bundles
The OSGi platform provides support for the life cycle of bundles, from installation through execution to removal. This implies that the security for OSGi must be considered along the whole life-cycle, and in particular that the deployment is taken into account.
Security implies three main aspects:
- and Confidentiality.
The OSgi specification propose to enforce the first two properties: Integrity and Authentication, that can not be considered separately. In fact, guaranteeing integrity without authentication means that anybody can provide the data, and authentication without integrity means that anybody can change the data. Confidentiality is not considered, because it implies that security unaware systems are excluded.
We present here the principles of secure deployment, the threats that exist, and the solution proposed by the OSGi specification. The structure of a signed bundle as well as the algorithm for signing and validating a bundle are shown.
- Threats to the Deployment
- Structure of a signed bundle
- Algorithms for bundle signature
These mechanisms are derived from the Jar archive specification, and can be applied to any type of data or code archive that is transfered over an unsecure network.