Log-based Lazy Monitoring of OSGi Bundles

Lazy controllers are execution monitors which do not continuously observe the behaviour of their target. Monitors are activated and deactivated according to a scheduling strategy. When a lazy controller is activated, it checks the current security state and, in case of a violation, terminates the execution. Instead, if the current execution trace is safe, the monitor is suspended and its activation is scheduled again. The inactivity period is computer by considering the risk that, from the current state, the target can produce a security violation. This behaviour is particularly interesting for systems which are difficult to monitor with standard approaches, such as web services. In this paper we present a prototype using existing logging API, i.e., the Commons Logging Package, for remotely watching the execution of OSGi bundles. We claim that our solution can efficiently follow the target system keeping under control the delay in detecting violations. Also, as we use standard OSGi platform and facilities, we show that our monitors can run under very realistic assumptions in the context of web services