Extracting Control from Data: User Interfaces of MIDP Applications

Crégut, Pierre

doi:10.1007/978-3-540-78663-4_5

Pierre Crégut¹

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4912))

Included in the following conference series:

International Symposium on Trustworthy Global Computing

349 Accesses
2 Citations

Abstract

A midlet is a small Java program using the MIDP library that can be executed on a mobile phone. Midlets are developed by software houses and traded on portals often run by operators. Midlets can access powerful APIs, sometimes silently, especially if they are digitally signed by operators and can cause harm to the end-user assets.

We formalize the notion of navigation graph, an abstraction of the behaviour of the graphical user interface of the midlet augmented with security relevant information and we describe an algorithm to extract automatically such a graph from the bytecode of a midlet. Most of the structure of a graph is described by data structures built by the application, not by the static structure of the code.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Andersen, L.O.: Program Analysis and Specialization for the C Programming Language. PhD thesis, University of Copenhagen, DIKU report 94/19 (1994)
Google Scholar
Bernardeschi, C., De Francesco, N., Lettieri, G., Martini, L.: Checking secure information flow in java bytecode by code transformation and standard bytecode verification. Software: Practice and Experience 34(13), 1225–1255 (2004)
Article Google Scholar
Besson, F., Dufay, G., Jensen, T.: A formal model of access control for mobile interactive devices. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 110–126. Springer, Heidelberg (2006)
Chapter Google Scholar
Bloch, C., Wagner, A.: MIDP Style Guide for the Java 2 Platform, Micro Edition. The Java Series. Addison-Wesley, Reading (2003)
Google Scholar
Cachera, D., Jensen, T., Pichardie, D., o Schneider, G.: Certified memory usage analysis. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 91–106. Springer, Heidelberg (2005)
Google Scholar
Crégut, P., Alvarado, C.: Improving the security of downloadable Java applications with static analysis. In: BYTECODE. ENTCS, vol. 141, Elsevier, Amsterdam (2005)
Google Scholar
Emami, M., Ghiya, R., Hendren, L.J.: Context-sensitive interprocedural points-to analysis in the presence of function pointers. In: PLDI 1994: Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, pp. 242–256. ACM Press, New York, NY, USA (1994)
Chapter Google Scholar
Hubbers, E., Oostdijk, M.: Generating JML specifications from UML state diagrams. In: Forum on specification and Design Languages, University of Frankfurt, pp. 263–273 (2003), Proceedings appeared as CD-Rom with ISSN 1636-9874
Google Scholar
JSR 118 Expert Group. Mobile information device profile MIDP, version 2.1. Java specification request, Java Community Process (November 2006), Revised and clarified version of MIDP 2.0 (released in 2001)
Google Scholar
JSR 30 Expert Group. Connected limited device configuration CLDC, version 1.0. Java specification request, Java Community Process (2000)
Google Scholar
Lea, D.: Concurrent Proamming in Java Second Edition. Prentice-Hall, Englewood Cliffs (1999)
Google Scholar
Lhoták, O., Hendren, L.: Scaling Java points-to analysis using Spark. In: Hedin, G. (ed.) CC 2003. LNCS, vol. 2622, pp. 153–169. Springer, Heidelberg (2003)
Chapter Google Scholar
Nielson, F., Nielson, H.R., Hankin, C.L.: Principles of Program Analysis. Springer, Heidelberg (1999)
MATH Google Scholar
Pichardie, D.: Bicolano – Byte Code Language in Coq (2006), http://mobius.inia.fr/bicolano
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Article Google Scholar
Unified Testing Initiative. Unified testing criteria for Java technology-based applications for mobile devices. Technical report, Sun Microsystems, Motorola, Nokia, Siemens, Sony Ericsson, Version 2.1 (May 2006)
Google Scholar
Vallée-Rai, R., Hendren, L., Sundaresan, V., Lam, P., Gagnon, E., Co, P.: Soot - A java optimization framework. In: Proceedings of CASCON 1999, pp. 125–135 (1999)
Google Scholar

Download references

Author information

Authors and Affiliations

France Télécom - Recherche & Développement,
Pierre Crégut

Authors

Pierre Crégut
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Gilles Barthe Cédric Fournet

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Crégut, P. (2008). Extracting Control from Data: User Interfaces of MIDP Applications. In: Barthe, G., Fournet, C. (eds) Trustworthy Global Computing. TGC 2007. Lecture Notes in Computer Science, vol 4912. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78663-4_5

Download citation

DOI: https://doi.org/10.1007/978-3-540-78663-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78662-7
Online ISBN: 978-3-540-78663-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics