A Mechanism for Secure, Fine-Grained Dynamic Provisioning of Applications on Small Devices

  • William R. Bush
  • Antony Ng
  • Doug Simon
  • Bernd Mathiske
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3362)


As small, secure devices become more powerful and more wide spread, it has become desirable to support the dynamic provisioning and updating of multiple applications on such devices. This paper presents a simple mechanism for performing such provisioning and updating, even if the applications are mutually distrustful. The mechanism extends CLDC JavaTMtechnology with a classfile attribute that carries the certificates necessary to enable the added security.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Connected, Limited Device Configuration, Specification Version 1.1; Sun Microsystems (May 2002), http://java.sun.com/products/cldc
  2. 2.
    Chen, Z.: Java Card Technology for Smart Cards, June 2000. Addison-Wesley, Reading (2000)Google Scholar
  3. 3.
    CLDC Technology Compatibility Kit version 1.0a User’s Guide; Sun Microsystems (February 2001)Google Scholar
  4. 4.
    Information on the KVM can be found, at http://java.sun.com/products/cldc
  5. 5.
    Gong, L.: Inside Java 2 Platform Security, October 1999. Addison-Wesley, Reading (1999)Google Scholar
  6. 6.
    Mobile Information Device Profile for Java 2 Micro Edition, Version 2.0; Java Community Process (November 2002), http://java.sun.com/products/midp
  7. 7.
    Kolsi, O., Virtanen, T.: MIDP 2.0 Security Enhancements. In: Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS 2004) (January 2004)Google Scholar
  8. 8.
    Knudsen, J.: Understanding MIDP 2.0’s Security Architecture (February 2003), http://developers.sun.com/techtopics/mobility/midp/articles/permissions/
  9. 9.
    Acharya, A., Raje, M.: MAPbox: Using Parameterized Behavior CLasses to Confine Untrusted Applications. In: Proceedings of the 9th USENIX Security Symposium (August 2000)Google Scholar
  10. 10.
    Bishop, M., Pandey, R.: A Flexible Containment Mechanism for Executing Untrusted Code. In: Proceedings of the 11th USENIX Security Symposium (August 2002)Google Scholar
  11. 11.
    Security Requirements for Cryptographic Modules; NIST FIPS PUB 140-2, 25 May (2001)Google Scholar
  12. 12.
    Dyer, J.G., Lindemann, M., Perez, R., Sailer, R., van Doorn, L., Smith, S.W.: Building the IBM 4758 Secure Coprocessor, October 2001, pp. 57–66. IEEE Computer, Los Alamitos (2001)Google Scholar
  13. 13.
    Schneier, B.: Secrets and Lies. John Wiley and Sons, Chichester (2000)Google Scholar
  14. 14.
    Schneier, B.: Applied Cryptography, 2nd edn. John Wiley and Sons, Chichester (1996)Google Scholar
  15. 15.
    Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley and Sons, Chichester (2001)Google Scholar
  16. 16.
    Lindholm, T., Yellin, F.: The Java Virtual Machine Specification, 2nd edn. Addison-Wesley, Reading (April 1999)Google Scholar
  17. 17.
    Gosling, J., Joy, B., Steele, G., Bracha, G.: The Java Language Specification, 2nd edn. Addison-Wesley, Reading (June 2000)Google Scholar
  18. 18.
    McGraw, G., Felten, E.W.: Securing Java. John Wiley and Sons, Chichester (1999)Google Scholar
  19. 19.
    KVM Debug Wire Protocol (KDWP), Version 1.0; Sun Microsystems; 26 February (2001)Google Scholar
  20. 20.
    Dennis, J., Van Horn, E.: Programming Semantics for Multiprogrammed Computations. In: Communications of the ACM, March 1966, pp. 143–155 (1966)Google Scholar
  21. 21.
    Shaylor, N., Simon, D., Bush, B.: A Java Virtual Machine Architecture for Very Small Devices. In: Proceedings of the 2003 ACM SIGPLAN conference on Languages, Compilers, and Tools for Embedded Systems, June 2003, pp. 34–41 (2003)Google Scholar
  22. 22.
    van Doorn, L.: A Secure Java Virtual Machine. In: Proceedings of the 9th USENIX Security Symposium (August 2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • William R. Bush
    • 1
  • Antony Ng
    • 2
  • Doug Simon
    • 1
  • Bernd Mathiske
    • 1
  1. 1.Sun Microsystems LaboratoriesMountain ViewUSA
  2. 2.D’Crypt Pte. Ltd 

Personalised recommendations