{"title":"移动设备的Java:安全研究","authors":"M. Debbabi, Mohamed Saleh, C. Talhi, Sami Zhioua","doi":"10.1109/CSAC.2005.34","DOIUrl":null,"url":null,"abstract":"Java 2 Micro-Edition connected limited device configuration (J2ME CLDC) is the platform of choice when it comes to running mobile applications on resource-constrained devices (cell phones, set-top boxes, etc.). The large deployment of this platform makes it a target for security attacks. The intent of this paper is twofold: first, we study the security architecture of J2ME CLDC; and second, we provide a vulnerability analysis of this Java platform. The analyzed components are: virtual machine, CLDC API and MIDP (mobile information device profile) API. The analysis covers the specifications, the reference implementation (RI) as well as several other widely deployed implementations of this platform. The aspects targeted by this security analysis encompass: networking, record management system, virtual machine, multi-threading and digital right management. This work identifies security weaknesses in J2ME CLDC that may represent sources of security exploits. Moreover, the results reported in this paper are valuable for any attempt to test or harden the security of this platform","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"87 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Java for mobile devices: a security study\",\"authors\":\"M. Debbabi, Mohamed Saleh, C. Talhi, Sami Zhioua\",\"doi\":\"10.1109/CSAC.2005.34\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Java 2 Micro-Edition connected limited device configuration (J2ME CLDC) is the platform of choice when it comes to running mobile applications on resource-constrained devices (cell phones, set-top boxes, etc.). The large deployment of this platform makes it a target for security attacks. The intent of this paper is twofold: first, we study the security architecture of J2ME CLDC; and second, we provide a vulnerability analysis of this Java platform. The analyzed components are: virtual machine, CLDC API and MIDP (mobile information device profile) API. The analysis covers the specifications, the reference implementation (RI) as well as several other widely deployed implementations of this platform. The aspects targeted by this security analysis encompass: networking, record management system, virtual machine, multi-threading and digital right management. This work identifies security weaknesses in J2ME CLDC that may represent sources of security exploits. Moreover, the results reported in this paper are valuable for any attempt to test or harden the security of this platform\",\"PeriodicalId\":422994,\"journal\":{\"name\":\"21st Annual Computer Security Applications Conference (ACSAC'05)\",\"volume\":\"87 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-12-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"21st Annual Computer Security Applications Conference (ACSAC'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSAC.2005.34\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"21st Annual Computer Security Applications Conference (ACSAC'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.2005.34","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Java 2 Micro-Edition connected limited device configuration (J2ME CLDC) is the platform of choice when it comes to running mobile applications on resource-constrained devices (cell phones, set-top boxes, etc.). The large deployment of this platform makes it a target for security attacks. The intent of this paper is twofold: first, we study the security architecture of J2ME CLDC; and second, we provide a vulnerability analysis of this Java platform. The analyzed components are: virtual machine, CLDC API and MIDP (mobile information device profile) API. The analysis covers the specifications, the reference implementation (RI) as well as several other widely deployed implementations of this platform. The aspects targeted by this security analysis encompass: networking, record management system, virtual machine, multi-threading and digital right management. This work identifies security weaknesses in J2ME CLDC that may represent sources of security exploits. Moreover, the results reported in this paper are valuable for any attempt to test or harden the security of this platform
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
