Extracting Control from Data: User Interfaces of MIDP Applications
A midlet is a small Java program using the MIDP library that can be executed on a mobile phone. Midlets are developed by software houses and traded on portals often run by operators. Midlets can access powerful APIs, sometimes silently, especially if they are digitally signed by operators and can cause harm to the end-user assets.
We formalize the notion of navigation graph, an abstraction of the behaviour of the graphical user interface of the midlet augmented with security relevant information and we describe an algorithm to extract automatically such a graph from the bytecode of a midlet. Most of the structure of a graph is described by data structures built by the application, not by the static structure of the code.
Unable to display preview. Download preview PDF.
- 1.Andersen, L.O.: Program Analysis and Specialization for the C Programming Language. PhD thesis, University of Copenhagen, DIKU report 94/19 (1994)Google Scholar
- 4.Bloch, C., Wagner, A.: MIDP Style Guide for the Java 2 Platform, Micro Edition. The Java Series. Addison-Wesley, Reading (2003)Google Scholar
- 5.Cachera, D., Jensen, T., Pichardie, D., o Schneider, G.: Certified memory usage analysis. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 91–106. Springer, Heidelberg (2005)Google Scholar
- 6.Crégut, P., Alvarado, C.: Improving the security of downloadable Java applications with static analysis. In: BYTECODE. ENTCS, vol. 141, Elsevier, Amsterdam (2005)Google Scholar
- 7.Emami, M., Ghiya, R., Hendren, L.J.: Context-sensitive interprocedural points-to analysis in the presence of function pointers. In: PLDI 1994: Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, pp. 242–256. ACM Press, New York, NY, USA (1994)CrossRefGoogle Scholar
- 8.Hubbers, E., Oostdijk, M.: Generating JML specifications from UML state diagrams. In: Forum on specification and Design Languages, University of Frankfurt, pp. 263–273 (2003), Proceedings appeared as CD-Rom with ISSN 1636-9874Google Scholar
- 9.JSR 118 Expert Group. Mobile information device profile MIDP, version 2.1. Java specification request, Java Community Process (November 2006), Revised and clarified version of MIDP 2.0 (released in 2001)Google Scholar
- 10.JSR 30 Expert Group. Connected limited device configuration CLDC, version 1.0. Java specification request, Java Community Process (2000)Google Scholar
- 11.Lea, D.: Concurrent Proamming in Java Second Edition. Prentice-Hall, Englewood Cliffs (1999)Google Scholar
- 14.Pichardie, D.: Bicolano – Byte Code Language in Coq (2006), http://mobius.inia.fr/bicolano
- 16.Unified Testing Initiative. Unified testing criteria for Java technology-based applications for mobile devices. Technical report, Sun Microsystems, Motorola, Nokia, Siemens, Sony Ericsson, Version 2.1 (May 2006)Google Scholar
- 17.Vallée-Rai, R., Hendren, L., Sundaresan, V., Lam, P., Gagnon, E., Co, P.: Soot - A java optimization framework. In: Proceedings of CASCON 1999, pp. 125–135 (1999)Google Scholar