Extracting Control from Data: User Interfaces of MIDP Applications

  • Pierre Crégut
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4912)


A midlet is a small Java program using the MIDP library that can be executed on a mobile phone. Midlets are developed by software houses and traded on portals often run by operators. Midlets can access powerful APIs, sometimes silently, especially if they are digitally signed by operators and can cause harm to the end-user assets.

We formalize the notion of navigation graph, an abstraction of the behaviour of the graphical user interface of the midlet augmented with security relevant information and we describe an algorithm to extract automatically such a graph from the bytecode of a midlet. Most of the structure of a graph is described by data structures built by the application, not by the static structure of the code.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Andersen, L.O.: Program Analysis and Specialization for the C Programming Language. PhD thesis, University of Copenhagen, DIKU report 94/19 (1994)Google Scholar
  2. 2.
    Bernardeschi, C., De Francesco, N., Lettieri, G., Martini, L.: Checking secure information flow in java bytecode by code transformation and standard bytecode verification. Software: Practice and Experience 34(13), 1225–1255 (2004)CrossRefGoogle Scholar
  3. 3.
    Besson, F., Dufay, G., Jensen, T.: A formal model of access control for mobile interactive devices. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 110–126. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Bloch, C., Wagner, A.: MIDP Style Guide for the Java 2 Platform, Micro Edition. The Java Series. Addison-Wesley, Reading (2003)Google Scholar
  5. 5.
    Cachera, D., Jensen, T., Pichardie, D., o Schneider, G.: Certified memory usage analysis. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 91–106. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Crégut, P., Alvarado, C.: Improving the security of downloadable Java applications with static analysis. In: BYTECODE. ENTCS, vol. 141, Elsevier, Amsterdam (2005)Google Scholar
  7. 7.
    Emami, M., Ghiya, R., Hendren, L.J.: Context-sensitive interprocedural points-to analysis in the presence of function pointers. In: PLDI 1994: Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, pp. 242–256. ACM Press, New York, NY, USA (1994)CrossRefGoogle Scholar
  8. 8.
    Hubbers, E., Oostdijk, M.: Generating JML specifications from UML state diagrams. In: Forum on specification and Design Languages, University of Frankfurt, pp. 263–273 (2003), Proceedings appeared as CD-Rom with ISSN 1636-9874Google Scholar
  9. 9.
    JSR 118 Expert Group. Mobile information device profile MIDP, version 2.1. Java specification request, Java Community Process (November 2006), Revised and clarified version of MIDP 2.0 (released in 2001)Google Scholar
  10. 10.
    JSR 30 Expert Group. Connected limited device configuration CLDC, version 1.0. Java specification request, Java Community Process (2000)Google Scholar
  11. 11.
    Lea, D.: Concurrent Proamming in Java Second Edition. Prentice-Hall, Englewood Cliffs (1999)Google Scholar
  12. 12.
    Lhoták, O., Hendren, L.: Scaling Java points-to analysis using Spark. In: Hedin, G. (ed.) CC 2003. LNCS, vol. 2622, pp. 153–169. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Nielson, F., Nielson, H.R., Hankin, C.L.: Principles of Program Analysis. Springer, Heidelberg (1999)zbMATHGoogle Scholar
  14. 14.
    Pichardie, D.: Bicolano – Byte Code Language in Coq (2006),
  15. 15.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)CrossRefGoogle Scholar
  16. 16.
    Unified Testing Initiative. Unified testing criteria for Java technology-based applications for mobile devices. Technical report, Sun Microsystems, Motorola, Nokia, Siemens, Sony Ericsson, Version 2.1 (May 2006)Google Scholar
  17. 17.
    Vallée-Rai, R., Hendren, L., Sundaresan, V., Lam, P., Gagnon, E., Co, P.: Soot - A java optimization framework. In: Proceedings of CASCON 1999, pp. 125–135 (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Pierre Crégut
    • 1
  1. 1.France Télécom - Recherche & Développement 

Personalised recommendations