Show simple item record

dc.contributor.advisorDuda, Andrzejpt_BR
dc.contributor.authorSilva, Rafael Hansen dapt_BR
dc.date.accessioned2012-08-17T01:37:29Zpt_BR
dc.date.issued2012pt_BR
dc.identifier.urihttp://hdl.handle.net/10183/54147pt_BR
dc.description.abstractOrange ( the brand name of France T el ecom ) provides mobile network, television and Internet services. In order to o er these services, Orange has developed equipment such as the Livebox and the Set Top Box. However, to maintain the quality of service in these equipment, the company researches methods that allow the integration of new features in its equipments, as well as of services developed by third parties. To reach this purpose, Orange studies the possibility of introducing in their equipment an OSGi Service Platform, a dynamic module system for JavaTM, that supports the dynamic and transparent installation of components. This platform would allow the development of applications in a modular fashion, while o ering strong isolation mechanisms. This is necessary to open the Orange Platform for the software developed by third-party providers. In the meantime, recent studies have demonstrated that the OSGi Service Platform possesses a considerable number of security weaknesses. These vulnerabilities, if ignored, can be exploited by the malicious components to block or interfere with Orange services, or to obtain sensitive information from the Orange customers. Something that cannot be neglected by the enterprise. To avoid these problems, a validation platform will be developed that will analyze all the applications developed for Orange equipment, in order to ensure security properties, such as a non-malicious behavior. For example, the validation platform needs to detect a situation where the application wants to occupy a considerable part of the computational resources such as the processor, the RAM, the hard drive, among others. If the constructed platform built does not detect any malicious behavior, Orange will give a certi cation to the third-party application.en
dc.description.abstractOrange (le nom de marque de France T el ecom) fournit des services de r eseaux mobiles, t el evision et Internet. A n d'o rir ces services, Orange a d evelopp e des equipements tels que la Livebox et la Set Top Box. Cependant, pour maintenir la qualit e des services de ces equipements, l'entreprise recherche une m ethode qui permet l'int egration de nouvelles fonctionnalit es, et aussi de services d evelopp es par des tiers. Pour atteindre cet objectif, Orange etudie la possibilit e d'introduire dans ses equipements une plate-forme de services OSGi, un syst eme de modules dynamiques pour JavaTMqui o re la possibilit e de faire des installations dynamiques et transparentes des composants. Cette plate-forme permettra le d eveloppement modulaire des applications, qualit es n ecessaires a des developeurs tiers. Cependant, des etudes r ecentes ont d emontr e que la plate-forme OSGi poss ede un nombre consid erable de failles de s ecurit e. Ces vuln erabilit es, si elles sont ignor ees, peuvent ^etre utilise es par les composants malveillants pour bloquer ou interf erer avec les services d'Orange, ou pour obtenir des informations sensibles des clients Orange. Pour eviter ces probl emes, une plate-forme de validation sera d evelopp ee pour analyser toutes les applications d evelopp ees pour les equipements d'Orange a n d'assurer des propri et es de s ecurit e, comme un comportement non malveillant. Par exemple, la plateforme de validation doit d etecter une situation o u l'application veut occuper une partie consid erable des ressources de calcul comme par exemple le processeur, la m emoire vive, le disque dur, etc. Si la plate-forme construite ne trouve pas un comportement malveillant, Orange donnera une certi cation pour l'application.fr
dc.format.mimetypeapplication/pdfpt_BR
dc.language.isofrapt_BR
dc.rightsOpen Accessen
dc.subjectOSGiTMPlatformen
dc.subjectLinguagens : Programacaopt_BR
dc.subjectJava (Linguagem de programação)pt_BR
dc.subjectOSGiTMPlatform vulnerabilitiesen
dc.subjectJava platformen
dc.subjectIsolationen
dc.subjectSecurityen
dc.subjectMalicious applicationen
dc.subjectValidation platformen
dc.subjectLes vuln erabilit es dans OSGiTMPlatformfr
dc.subjectIsolationfr
dc.subjectSécuritéfr
dc.subjectLes applications malveillantes et plate-forme de validationfr
dc.titleImplantation des services d'analyze statique sur des bundles OSGipt_BR
dc.typeTrabalho de conclusão de graduaçãopt_BR
dc.identifier.nrb000855687pt_BR
dc.degree.grantorUniversidade Federal do Rio Grande do Sulpt_BR
dc.degree.departmentInstituto de Informáticapt_BR
dc.degree.localPorto Alegre, BR-RSpt_BR
dc.degree.date2012pt_BR
dc.degree.graduationCiência da Computação: Ênfase em Ciência da Computação: Bachareladopt_BR
dc.degree.levelgraduaçãopt_BR


Files in this item

Thumbnail
   

This item is licensed under a Creative Commons License

Show simple item record