Abstract
A midlet is a small Java program using the MIDP library that can be executed on a mobile phone. Midlets are developed by software houses and traded on portals often run by operators. Midlets can access powerful APIs, sometimes silently, especially if they are digitally signed by operators and can cause harm to the end-user assets.
We formalize the notion of navigation graph, an abstraction of the behaviour of the graphical user interface of the midlet augmented with security relevant information and we describe an algorithm to extract automatically such a graph from the bytecode of a midlet. Most of the structure of a graph is described by data structures built by the application, not by the static structure of the code.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Andersen, L.O.: Program Analysis and Specialization for the C Programming Language. PhD thesis, University of Copenhagen, DIKU report 94/19 (1994)
Bernardeschi, C., De Francesco, N., Lettieri, G., Martini, L.: Checking secure information flow in java bytecode by code transformation and standard bytecode verification. Software: Practice and Experience 34(13), 1225–1255 (2004)
Besson, F., Dufay, G., Jensen, T.: A formal model of access control for mobile interactive devices. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 110–126. Springer, Heidelberg (2006)
Bloch, C., Wagner, A.: MIDP Style Guide for the Java 2 Platform, Micro Edition. The Java Series. Addison-Wesley, Reading (2003)
Cachera, D., Jensen, T., Pichardie, D., o Schneider, G.: Certified memory usage analysis. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 91–106. Springer, Heidelberg (2005)
Crégut, P., Alvarado, C.: Improving the security of downloadable Java applications with static analysis. In: BYTECODE. ENTCS, vol. 141, Elsevier, Amsterdam (2005)
Emami, M., Ghiya, R., Hendren, L.J.: Context-sensitive interprocedural points-to analysis in the presence of function pointers. In: PLDI 1994: Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, pp. 242–256. ACM Press, New York, NY, USA (1994)
Hubbers, E., Oostdijk, M.: Generating JML specifications from UML state diagrams. In: Forum on specification and Design Languages, University of Frankfurt, pp. 263–273 (2003), Proceedings appeared as CD-Rom with ISSN 1636-9874
JSR 118 Expert Group. Mobile information device profile MIDP, version 2.1. Java specification request, Java Community Process (November 2006), Revised and clarified version of MIDP 2.0 (released in 2001)
JSR 30 Expert Group. Connected limited device configuration CLDC, version 1.0. Java specification request, Java Community Process (2000)
Lea, D.: Concurrent Proamming in Java Second Edition. Prentice-Hall, Englewood Cliffs (1999)
Lhoták, O., Hendren, L.: Scaling Java points-to analysis using Spark. In: Hedin, G. (ed.) CC 2003. LNCS, vol. 2622, pp. 153–169. Springer, Heidelberg (2003)
Nielson, F., Nielson, H.R., Hankin, C.L.: Principles of Program Analysis. Springer, Heidelberg (1999)
Pichardie, D.: Bicolano – Byte Code Language in Coq (2006), http://mobius.inia.fr/bicolano
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Unified Testing Initiative. Unified testing criteria for Java technology-based applications for mobile devices. Technical report, Sun Microsystems, Motorola, Nokia, Siemens, Sony Ericsson, Version 2.1 (May 2006)
Vallée-Rai, R., Hendren, L., Sundaresan, V., Lam, P., Gagnon, E., Co, P.: Soot - A java optimization framework. In: Proceedings of CASCON 1999, pp. 125–135 (1999)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Crégut, P. (2008). Extracting Control from Data: User Interfaces of MIDP Applications. In: Barthe, G., Fournet, C. (eds) Trustworthy Global Computing. TGC 2007. Lecture Notes in Computer Science, vol 4912. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78663-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-78663-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78662-7
Online ISBN: 978-3-540-78663-4
eBook Packages: Computer ScienceComputer Science (R0)