Enhancing Java ME Security Support with Resource Usage Monitoring

Both the spreading and the capabilities of mobile devices have dramatically increased over the last years. Nowadays, many mobile devices are able to run Java applications, that can create Internet connections, send SMS messages, and perform other expensive or dangerous operations on the mobile device. Hence, an adequate security support is required to meet the needs of this new and evolving scenario. This paper proposes an approach to enhance the security support of Java Micro Edition, based on the monitoring of the usage of mobile device resources performed by MIDlets. A process algebra based language is used to define the security policy and a reference monitor based architecture is exploited to monitor the resource usage. The paper also presents the implementation of a prototype running on a real mobile device, along with some preliminary performance evaluation.

[1]  Mourad Debbabi,et al.  Java for mobile devices: a security study , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[2]  Fabio Martinelli,et al.  Improving Grid Services Security with Fine Grain Policies , 2004, OTM Workshops.

[3]  Mourad Debbabi,et al.  Security Evaluation of J2ME CLDC Embedded Java Platform , 2006, J. Object Technol..

[4]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[5]  Teemupekka Virtanen,et al.  MIDP 2.0 security enhancements , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[6]  Mourad Debbabi,et al.  Security Analysis of Mobile Java , 2005, 16th International Workshop on Database and Expert Systems Applications (DEXA'05).

[7]  Fabio Martinelli,et al.  A model for usage control in GRID systems , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[8]  Fabio Martinelli,et al.  Towards Continuous Usage Control on Grid Computational Services , 2005, Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services - (icas-isns'05).

[9]  Bruno Crispo,et al.  Extending the Java Virtual Machine to Enforce Fine-Grained Security Policies in Mobile Devices , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).