隨著網路的普及，網路應用的範圍已經從過去家庭的外部衍生到家庭的內部，成為下一個世代的趨勢。許多現有異質的數位產品以及各種不同的服務可以透過開放式服務閘道平台OSGi(Open Service Gateway initiative)，整合於家庭網路中。本論文中，我們發現在開放式服務閘道平台所執行的服務無法受到有效的保護。針對此問題我們提出一個動態偵測的方法來解決這樣的安全問題。由於開放式服務閘道平台是建置在Java security機制之上，所以沒有內部的入侵偵測系統，容易受到潛在的威脅攻擊。我們在開放式服務閘道平台上模擬了三種潛在的攻擊模式─物件共享攻擊(shared object attack)、阻斷服務攻擊(denial of service attack)、合法服務的濫用攻擊(abuse of legitimate e-service attack)。這些模擬的攻擊皆有可能發生於現有的產品之中，導致系統當機或是資料被竊取。為了加強開放式服務閘道平台本身安全上的不足，我們提出一個Advanced OSGi Security Layer (AOSL)，利用動態偵測的方式來監聽潛在的威脅。並且利用此架構於開放式服務閘道平台上做實際的測試。實驗結果顯示，雖然提供服務的程式執行於AOSL上會比原來沒有使用AOSL的開放式平台慢14%到135%，但AOSL卻可以提供這些執行於開放式平台上的服務一個更穩定並且安全的執行環境。

Home networks are becoming increasingly popular. Open Service Gateway initiative (OSGi) platforms are a solution for integrating heterogeneous devices and e-services in home networks. In this thesis, it was found out that e-services running on an OSGi platform can not be fully protected, so a method to solve this problem is proposed. Based on Java security mechanisms, OSGi does not have its own intrusion detection system, resulting in weak protection from potential threats. Three types of threats, including shared object attacks, denial of service attacks, and abuse of legitimate e-service attacks, were simulated. All of these attacks are likely for commercial products and can successfully crash the system or steal information. To improve the security of OSGi, an Advanced OSGi Security Layer (AOSL) with detectors is proposed to solve the problems identified on OSGi platforms. The performance results show that AOSL can provide a more stable and secure execution environment for e-services, although it makes the execution time 14% to 135% slower than an unmodified OSGi platform.

[1] J. P. Anderson. Computer security threat monitoring and surveillances. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania, April 1980.
[2] G. Bian, K. Nakayama, Y. Kobayashi, and M. Maekawa, "Mobile Code Security by Java Bytecode Dependence Analysis", in ISCIT 2004, October 2004.
[3] E. Bertino, P. Samarati, S. Jajodia, "High Assurance Discretionary Access Control for Object Bases", 1st Conference Computer & Communication and Security, 1993.
[4] Scott Clark, "New Java Virus Alive like a Hive", Jan. 1999. Available from http://www.internetnews.com/dev-news/article.php/56161
[5] H. Cervantes and R.S. Hall, "OSGi in a nutshell". Available from http://gravity.sourceforge.net/servicebinder/osginutshell.html
[6] D. E. Denning, "A lattice model of secure information flow", Communication ACM 19, 2, 236-243, 1976.
[7] W. K. Edwards and R. Grinter , "At Home with Ubiquitous Computing: Seven Challenges," in Proceedings Ubicomp2001, pp. 256-272.
[8] Marc Eluard, Thomas Jensen, and Ewen Denney, "An Operational Semantics of the Java Card", in the Proceeding of Smart Card Programming and Security, LNCS 2140, pages 95-110, September 2001.
[9] S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An Attack Languange for State-based Intrusion Detection. Journal of Computer Security, 10(1/2):71-104, 2002.
[10] C. Fournet and A.D. Gordon, "Stack Inspection: Theory and Variants", in Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 307-318, 2002.
[11] T. D. Garvey and Teresa F. Lunt, "Model based intrusion detection", in Proceedings of the 14th National Computer Security Conference, pages 372-385, October 1991.
[12] L. A. Gordon, M. P. Loeb, W. Lucyshyn, and R. Richardson, "CSI/FBI Computer Crime and Security Survey", 2005.
[13] Li Gong, M. Mueller, H. Prafullchandra, and R. Schemers, "Going Beyond the Sandbox: An Overview of the New Security Architecture in the JavaTM Development Kit 1.2", in Proceedings of the USENIX Symposium on Internet Technologies and Systems, Dec. 1997.
[14] A. Herzog, "Secure Execution Environment for Java Electronic Services", Licentiate Thesis No. 991. Linköping University, Sweden.
[15] C. Hawblitzel and T. von Eicken, "Luna: A flexible Java Protection System", in Proceddings of the 5th Symposium on Operating Systems Design and Implementation, December 2002.
[16] R. Heady, G. Luger, A. Maccabe and M. Servilla, "The architecture of a network level intrusion detection system", Technical Report, Computer Science Department, University of New Mexico, August 1990.
[17] K. Ilgun, R. A. Kemmerer, and et al, "State transition analysis: A rule-based intrusion detection approach", IEEE transactions on software engineering, 1995.
[18] Java Card Technology. Available from http://java.sun.com/products/javacard/index.jsp.
[19] Java SUN, "Default Policy Implementation and Policy File Syntax", October 1998. Available from http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html
[20] JavaTM Virtual Machine Profiler Interface (JVMPI). Available from http://java.sun.com/j2se/1.4.2/docs/guide/jvmpi/jvmpi.html
[21] JikesRVM. Project Home Page. Available from http://jikesrvm.sourceforge.net/
[22] A.K. Jones, and R.S. Sielken, "Computer System Intrusion Detection: A Survey," University of Virginia, Virginia, 2000.
[23] S. Kumar, "Classification and Detection of Computer Intrusions", Ph. D. Dissertation, August 1995.
[24] Y.-G. Kim, C.-J. Moon, D.-H. Park, and D.-K. Baik, "A Service Bundle Authentication Mechanism in the OSGi Service Platform," in Proceedings of the 18th International Conference on Advanced Information Networking and Application (AINA’04), 2004.
[25] H.-Y. Lim, Y.-G.. Kim, C.-J. Moon, and D.-K. Baik, "Bundle Authentication and Authorization Using XML Security in the OSGi Service Platform," in (ICIS’05), 2005.
[26] G. McGraw, and E.W. Felten, "Securing Java: Getting Down to Business with Mobile Code," Wiley & Sons, 1999.
[27] Andrew C. Myers and B. Liskov, "A decentralized model for information flow control", in Proceedings of the 16th ACM Symposium on Operating Systems Principles, October 1997.
[28] C. J. McCollum, J. R. Messing, and L. Giacomo, "Beyond the pale of MAC and DAC – Defining new forms of access control", in Proceeding of IEEE Symposium on Security and Privacy, May 1990.
[29] Multimedia Home Platform. Available from http://www.mhp.org/
[30] National Computer Security Center, "A guide to understanding discretionary access control in trusted systems", September 1987.
[31] S. Oaks, "Java Security, 2/e," O'Reilly, 2001.
[32] Open Services Gateway initiative, "OSGi Service Platform Specification," Version 3, March 2003.
[33] Open Services Gateway initiative, "About the OSGi Service Platform," Technical Whitepaper, Revision 4.1, November 2005.
[34] Oscar, "An OSGi framework implementation," available from http://oscar.objectweb.org/.
[35] D. Reynaud-Plantey, "New threats of Java viruses" Journal in Computer Virology, 1(1-2), 2005.
[36] SUN Microsystems. Available from http://www.sun.com/.
[37] A. Stoughton, "Access flow: a protection model which integrates access control and information flow", in Proceeding Symposium on Security and Privacy, May 1981.
[38] T. Stack, E. Eide, and J. Lepreau, "Bees: A secure, Resource-Controlled, Java-Based Execution Environment", in Proceedings of IEEE Conference on Open Architectures and Network Programming, pages 97-106, April 2003.
[39] S. Sunil, Krintz C, Vigna G, "Detecting Malicious Java Code Using Virtual Machine Auditing," 12th USENIX Security Symposium, 2003.
[40] H. S. Teng, K. Chen and S. C. Lu, "Security Audit Trail Analysis Using Inductively Generated Predictive Rules", in Proceedings of the 11th National Conference on Artificial Intelligence Applications, pages 24-29, March 1990.
[41] G. Vigna and R. Kemmerer, "NetSTAT: A Network-based Intrusion Detection Approach", in Proceedings of the 14th Annual Computer Security Application Conference, December 1998.
[42] Mark Weiser, "The computer for the twenty-first century", Scientific American, 265(3): 94-104, 1991.
[43] D. S. Wallach and E. W. Felten, "Understanding Java Stack Inspection", in the Proceedings of S&P’98, May 1998.
[44] Max Ziegler, Wolfgang Müller, Robbie Schaefer, Chris Loeser, "Secure Profile Management in Smart Home Networks," DEXA Workshops 2005, pp. 209-213.