Abstract
Today most mobile devices embed Java runtime environment for Java programs. Java applications running on mobile devices are mainly MIDP (Mobile Information Device Profile) applications. They can be downloaded from the Internet and installed directly on the device. Although the virtual machine performs type-safety checking or verifies bytecode with signed certificates from third-party, the program still has the possibility of containing risky code. Inappropriate use of sensitive method calls may cause loss of personal assets on mobile devices. Moreover, source code is not accessible for most installed applications, making it difficult to analyze the behavior at source-code level. To better protect the device from malicious code, we propose an approach of bytecode instrumentation with aspects at bytecode level. The instrumentation pinpoints the location of statements within methods, rather than at the interface of method calls. The aspects are woven around the statement for tracking. The weaving is performed at bytecode level without requiring source code of the program.
Chapter PDF
Similar content being viewed by others
References
Debbabi, M., Saleh, M., Talhi, C., Zhioua, S.: Vulnerability Analysis of J2ME CLDC Security. US DoD Information Assurance Newsletter 9(2), 18–23 (2006)
Debbabi, M., Saleh, M., Zhioua, S.: Java for Mobile Devices: A Security Study. In: Proceedings of the Annual Computer Security Applications Conference, ACSAC 2005, Tucson, Arizona, USA. IEEE Press, Los Alamitos (2005)
JSR 271: Mobile Information Device Profile 3, http://jcp.org/en/jsr/detail?id=271
Sun Java ME CLDC HotSpot Implementation White Paper, http://java.sun.com/products/cldc/wp/CLDC_HI_WhitePaper.pdf
AspectJ Programming Guide, http://www.eclipse.org/aspectj/doc/released/proggui-de/index.html
Georg, G., Ray, I., France, R.: Using Aspects to Design a Secure System. In: 8th Int’l Conf. on Engineering of Complex Computer Systems, pp. 117–128 (2002)
Using Javassist for bytecode search and replace transformations, http://www.ibm.com/developerworks/java/library/j-dyn0302.html
Lindholm, T., Yellin, F.: The Java Virtual Machine Specification, 2nd edn. Addison Wesley, Reading (1999)
Crégut, P., Alvarado, C.: Improving the security of downloadable Java applications with static analysis. In: BYTECODE. ENTCS, vol. 141. Elsevier, Amsterdam (2005)
Bian, G., Nakayama, K., Kobayashi, Y., Maekawa, M.: Java Mobile Code Security by Bytecode Analysis. ECTI Transactions on Computer and Information Technology 1(1), 30–39 (2005)
Chander, A., Mitchell, J.C., Shin, I.: Mobile code security by Java bytecode instrumentation. In: DARPA Information Survivability Conference & Exposition (DISCEX II) (June 2001)
Tatsubori, M., Sasaki, T., Chiba, S., Itano, K.: A bytecode translator for distributed execution of legacy java software. In: Knudsen, J.L. (ed.) ECOOP 2001. LNCS, vol. 2072, pp. 236–255. Springer, Heidelberg (2001)
Binder, W., Roth, V.: Security Risks in Java-based Mobile Code System. Scalable Computing: Practice and Experience 7(4), 1–11 (2006); SWPS
Binder, W., Hulaas, J., Moret, P.: Advanced Java Bytecode Instrumentation. In: 5th International Conference on Principles and Practices of Programming in Java, Lisbon, Portugal, pp. 135–144 (2007)
Binder, W., Hulaas, J., Moret, P.: Reengineering Standard Java Runtime Systems through Dynamic Bytecode Instrumentation. In: Seventh IEEE International Working Conference, September 30, pp. 91–100 (2007)
Avvenuti, M., Bernardeschi, C., De Francesco, N.: Java bytecode verification for secure information flow. ACM SIGPLAN Notices 38(12) (December 2003)
Resource and Information Flow Security Requirements for MOBIUS (Mobility, Ubiquity and Security) (2006), http://mobius.inria.fr/twiki/pub/DeliverablesList/We-bHome/Deliv1-1.pdf
Bertelsen, P.: Dynamic semantics of Java bytecode. In: Workshop on Principles on Abstract Machines (September 1998)
The Byte Code Engineering Library (BCEL) manual, http://jakarta.apache.org/bcel/manual.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Yang, X., Zulkernine, M. (2009). Secure Method Calls by Instrumenting Bytecode with Aspects. In: Gudes, E., Vaidya, J. (eds) Data and Applications Security XXIII. DBSec 2009. Lecture Notes in Computer Science, vol 5645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03007-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-03007-9_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03006-2
Online ISBN: 978-3-642-03007-9
eBook Packages: Computer ScienceComputer Science (R0)