Java for mobile devices: A security study

Mourad Debbabi; Mohamed Saleh; Chamseddine Talhi; Sami Zhioua

doi:10.1109/CSAC.2005.34

Java for mobile devices: A security study

Mourad Debbabi, Mohamed Saleh, Chamseddine Talhi, Sami Zhioua

Concordia Institute for Information Systems Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Java 2 Micro-Edition Connected Limited Device Configuration (J2ME CLDC) is the platform of choice when it comes to running mobile applications on resource-constrained devices (cell phones, set-top boxes, etc.). The large deployment of this platform makes it a target for security attacks. The intent of this paper is twofold: First, we study the security architecture of J2ME CLDC. Second, we provide a vulnerability analysis of this Java platform. The analyzed components are: Virtual machine, CLDC API and MIDP (Mobile Information Device Profile) API. The analysis covers the specifications, the reference implementation (RI) as well as several other widely-deployed implementations of this platform. The aspects targeted by this security analysis encompass: Networking, record management system, virtual machine, multi-threading and digital right management. This work identifies security weaknesses in J2ME CLDC that may represent sources of security exploits. Moreover, the results reported in this paper are valuable for any attempt to test or harden the security of this platform.

Original language	English
Title of host publication	Proceedings - 21st Annual Computer Security Applications Conference, ACSAC 2005
Pages	235-244
Number of pages	10
DOIs	https://doi.org/10.1109/CSAC.2005.34
Publication status	Published - 1 Dec 2005
Externally published	Yes
Event	21st Annual Computer Security Applications Conference, ACSAC 2005 - Tucson, AZ, United States Duration: 5 Dec 2005 → 9 Dec 2005

Publication series

Name	Proceedings - Annual Computer Security Applications Conference, ACSAC
Volume	2005
ISSN (Print)	1063-9527

Conference

Conference	21st Annual Computer Security Applications Conference, ACSAC 2005
Country/Territory	United States
City	Tucson, AZ
Period	5/12/05 → 9/12/05

Access to Document

10.1109/CSAC.2005.34

Cite this

@inproceedings{b9af11be284c4359998aa1a4eab9d537,

title = "Java for mobile devices: A security study",

abstract = "Java 2 Micro-Edition Connected Limited Device Configuration (J2ME CLDC) is the platform of choice when it comes to running mobile applications on resource-constrained devices (cell phones, set-top boxes, etc.). The large deployment of this platform makes it a target for security attacks. The intent of this paper is twofold: First, we study the security architecture of J2ME CLDC. Second, we provide a vulnerability analysis of this Java platform. The analyzed components are: Virtual machine, CLDC API and MIDP (Mobile Information Device Profile) API. The analysis covers the specifications, the reference implementation (RI) as well as several other widely-deployed implementations of this platform. The aspects targeted by this security analysis encompass: Networking, record management system, virtual machine, multi-threading and digital right management. This work identifies security weaknesses in J2ME CLDC that may represent sources of security exploits. Moreover, the results reported in this paper are valuable for any attempt to test or harden the security of this platform.",

author = "Mourad Debbabi and Mohamed Saleh and Chamseddine Talhi and Sami Zhioua",

year = "2005",

month = dec,

day = "1",

doi = "10.1109/CSAC.2005.34",

language = "English",

isbn = "0769524613",

series = "Proceedings - Annual Computer Security Applications Conference, ACSAC",

pages = "235--244",

booktitle = "Proceedings - 21st Annual Computer Security Applications Conference, ACSAC 2005",

note = "21st Annual Computer Security Applications Conference, ACSAC 2005 ; Conference date: 05-12-2005 Through 09-12-2005",

}

Debbabi, M, Saleh, M, Talhi, C & Zhioua, S 2005, Java for mobile devices: A security study. in Proceedings - 21st Annual Computer Security Applications Conference, ACSAC 2005., 1565251, Proceedings - Annual Computer Security Applications Conference, ACSAC, vol. 2005, pp. 235-244, 21st Annual Computer Security Applications Conference, ACSAC 2005, Tucson, AZ, United States, 5/12/05. https://doi.org/10.1109/CSAC.2005.34

Java for mobile devices: A security study. / Debbabi, Mourad; Saleh, Mohamed; Talhi, Chamseddine et al.
Proceedings - 21st Annual Computer Security Applications Conference, ACSAC 2005. 2005. p. 235-244 1565251 (Proceedings - Annual Computer Security Applications Conference, ACSAC; Vol. 2005).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Java for mobile devices

T2 - 21st Annual Computer Security Applications Conference, ACSAC 2005

AU - Debbabi, Mourad

AU - Saleh, Mohamed

AU - Talhi, Chamseddine

AU - Zhioua, Sami

PY - 2005/12/1

Y1 - 2005/12/1

N2 - Java 2 Micro-Edition Connected Limited Device Configuration (J2ME CLDC) is the platform of choice when it comes to running mobile applications on resource-constrained devices (cell phones, set-top boxes, etc.). The large deployment of this platform makes it a target for security attacks. The intent of this paper is twofold: First, we study the security architecture of J2ME CLDC. Second, we provide a vulnerability analysis of this Java platform. The analyzed components are: Virtual machine, CLDC API and MIDP (Mobile Information Device Profile) API. The analysis covers the specifications, the reference implementation (RI) as well as several other widely-deployed implementations of this platform. The aspects targeted by this security analysis encompass: Networking, record management system, virtual machine, multi-threading and digital right management. This work identifies security weaknesses in J2ME CLDC that may represent sources of security exploits. Moreover, the results reported in this paper are valuable for any attempt to test or harden the security of this platform.

AB - Java 2 Micro-Edition Connected Limited Device Configuration (J2ME CLDC) is the platform of choice when it comes to running mobile applications on resource-constrained devices (cell phones, set-top boxes, etc.). The large deployment of this platform makes it a target for security attacks. The intent of this paper is twofold: First, we study the security architecture of J2ME CLDC. Second, we provide a vulnerability analysis of this Java platform. The analyzed components are: Virtual machine, CLDC API and MIDP (Mobile Information Device Profile) API. The analysis covers the specifications, the reference implementation (RI) as well as several other widely-deployed implementations of this platform. The aspects targeted by this security analysis encompass: Networking, record management system, virtual machine, multi-threading and digital right management. This work identifies security weaknesses in J2ME CLDC that may represent sources of security exploits. Moreover, the results reported in this paper are valuable for any attempt to test or harden the security of this platform.

U2 - 10.1109/CSAC.2005.34

DO - 10.1109/CSAC.2005.34

M3 - Conference contribution

AN - SCOPUS:33846326296

SN - 0769524613

SN - 9780769524610

T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC

SP - 235

EP - 244

BT - Proceedings - 21st Annual Computer Security Applications Conference, ACSAC 2005

Y2 - 5 December 2005 through 9 December 2005

ER -

Java for mobile devices: A security study

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this