Saturday, February 22, 2014

Converting JAR file to OSGI Bundle

Hello All, 

You are reading this post, becasue you googled for OSGI bundle which you included in your pom dependency, but unfortunately you did not find OSGI bundle but ended with simple jar file only. So, in this post, I would like to put in short, how to convert JAR file to OSGI bundle. 

1. Create a maven project in eclipse.
  • When creating, you need to be aware of what will go in artifact Id and group id.
  • Use same groupId and change artifact Id to -osgi. offcourse, you can follow any naming convention, but never give same name as dependency you are adding.(Giving the same name as dependent bundle will not export packages and treats output of this project(osgi bundle) and dependent bundle(jar) as same). Be carefull here.
2. Add "maven-bundle-plugin" plugin to plugins section as shown below.

maven-bundle-plugin 1.2.0 true ${project.artifactId} ${project.groupId}.${project.artifactId} OSGI version of ${} ${export.packages} true 3. Add your dependecy of jar which you want to convert to osgi.


spymemcached 2.10.0

4. Build project with "mvn clean install" from command prompt.

5. Varify the "Export-Package:" section of MANIFEST.MF file, which should list all the packages which are there in your(added dependency) jar file.

6. New bundle is ready to deploy to OSGI container like sling(Felix console).

In above step 2, as we are specifying 
, which unpacks all classes under dependent bundles, and "maven-bundle-plugin" plugin is responsible to create osgi bundle including these dependent classes.

You can optionaly exclude some of the packages and have some custom classes and include those classes to this bundle as well by having and  tags under  tags under of this bundle. One more last thing, you can also combine multiple jars by adding maven dependecy to pom.xml file and build single OSGI bundle. This will help to reduce the pain of deploying individual bundles to felix console. Offcourse you have to build this bundle agin if you would like to change any of the dependent jars bundle version. Hope this helps and happy OSGIfying...:-)


Tuesday, February 18, 2014

         Cloud Forensics ---Retrieving Virtual Disks for Forensic Investigation

1. Openstack Installation :
                             The Following are the various ways to install Openstack Cloud Orchestration System

1.Devstack Multi Node Installation :-
        We need to have a fresh install of linux on all linux nodes at least on 3 systems so that we can run openstack service’s on different nodes.

Devstack Refers the following Website for Minimal Ubuntu 12.04  Download on all Nodes

2. Opscode Chef Server :-

Summary Of
                                        Design and Implementation of FROST
                    Digital Forensic Tools for the OpenStack Cloud Computing Platform
                                        Josiah Dykstra and Alan T.Sherman

            The Objective of the paper is add forensic tools for the Openstack Cloud platform which operates at the management plane. These Forensic capabilities allows the customers,forensic examiners and law enforcement to acquire trustworthy forensic acquisition of virtual disks,API Logs and guest firewall logs.

                               FROST works at the cloud management plane rather than interacting with the operating system inside the guest virtual machine, thereby requiring no trust in the guest virtual machines.It overcomes non-trivial challenges of remote evidence integrity by storing log data in hash trees and returning evidence with cryptographic hashes.

           The Following assumptions are taken into consideration
                  1. The User driven forensic capabilities are applicable in situations where a cooperative cloud customer is involved in the investigation. That is ,if a malicious customer uses the cloud to commit a crime, the cloud provider will still be required to assist law enforcement in the investigation.

                 2. The Frost tools assume trust in the cloud provider and cloud infrastructure. otherwise, there is a chance of modifying evidence at the provider side so we require trust in the host operating system, hardware and provider.

The paper has contributed following capabilities to FROST:-

1. Implementation of user driven forensic acquisition of virtual disks, API logs and firewall logs from the management plane of openstack.

2. An algorithm for storing and retrieving log data with integrity in a hash tree that logically segregates the data of each cloud user in his or her own subtree.

3. Evaluation results showing that the proposed solution satisfies technological and legal requirements for a acceptance in court .


Specifications and Capabilities :-
                        FROST has three primary components

1. A Cloud user can retrieve image of the virtual disks associated with any of the user’s virtual machines,and validate the integrity of those images with cryptographic checksums.

2.A cloud user can retrieve the logs of all API requests made to the cloud provider using his or her credentials and validate the integrity of those logs.

3.A cloud user can retrieve the Openstack firewall logs for any of the user’s virtual machines,
and validate the integrity of those logs.

A  Scenario which shows the advantage of FROST :-

          An arbitrary cloud customer alice who wants to investigate suspiciously high bandwidth usage from her cloud hosted web server. Aside from the logging of web requests that she does
inside of her own VM.Alice would have a more complete picture of activity if she could also get a record of management activity and meta data about her VMs . The FROST Collects and provides trustworthy API logs, guest firewall logs and virtual disks. These data can help construct a timeline activity and understand an incident.      

Conclusion :-
        I conclude that the FROST implements the acquisition phase of the forensic process and there are other phases need to be added according to the cloud computing platform .I wanted to re-implement this paper to my best so that I can get good exposure to Cloud platform and ability to add  additional modules required to the FROST .
References :-
1. Amazon Web Services: Overview of Security Processes. Available at;2011. [accessed 10.28.2012].

2.Clarke, D.E.. Towards Constant Bandwidth Overhead Integrity Checking of Untrusted Data. Ph.D. thesis; MIT; 2005.

3.Crosby, S.A.. Efficient Tamper-Evident Data Structures for Untrusted Servers. Ph.D. thesis; Rice University; 2009.

4.Dykstra,J.,Riehl, D.. Forensic Collection of Electronic Evidence from Infrastructure-As-A-Service Cloud Computing. Richmond Journal of Law and Technology 2012;19. Available at

5.Dykstra, J., Sherman, A.T.. Understanding Issues in Cloud Forensics: Two Hypothetical Case Studies. In: Proceedings of the 2011 ADFSL Conference on Digital Forensics Security and Law. ASDFL; 2011a. p. 191–206.

6.Garfinkel,S..Digital forensics xml and the df xml toolset. Digital Investigation 2012;8(3–4):161–174.

7.Taylor, M., Haggerty, J., Gresty, D., Lamb, D.. Forensic investigation of cloud computing systems. Network Security 2011;(3):4–10.

8.Scientific Working Group on Digital Evidence (SWGDE),.Data Integrity Within Computer Forensics.
Available at :-
2006. [accessed 9.16.2012].

9.Ruan, K., Carthy, J., Kechadi, T., Crosbie, M.. Cloud forensics: An overview. In: Advances in Digital Forensics VII. 2011. .

10.National Institute of Standards and Technology,.Digital Data Acquisition Tool Specification.Available at; 2004. [accessed 9.16.2012].

11.Marty, R.. Cloud application logging for forensics. In: Proceedings of the 2011 ACM Symposium on Applied Computing. New York, NY, USA: ACM; SAC ’11; 2011. p. 178–184.

12.Liand, J., Krohn, M., Mazi`res, D., Shasha, D.. Secure Untrusted Data Repository (SUNDR). .

13.Kundu, A.. Data in the Cloud: Authentication without Leaking. Ph.D. thesis; Purdue University; 2010.