Memory-Constrained Security Enforcement

With the proliferation of mobile, wireless and internet-enabled devices (e.g., PDAs, cell phones, pagers, etc.), Java is emerging as a standard execution environment due to its security, portability, mobility and network support features. The platform of choice in this setting is Java ME-CLDC. With the large number of applications available for Javaenabled network-connected devices, security is of paramount importance. Applications can handle user-sensitive data such as phonebook data or bank account information. Moreover, Java-enabled devices support networking, which means that applications can also create network connections and send or receive data. However, the considerable efforts of securing Java ME-CLDC are constrained by strict memory limitations of the target devices. This thesis aims at investigating memory-constrained security by analyzing the security of Java ME-CLDC and characterizing enforceable security policies. More precisely, the main objectives of our research are (1) evaluating and improving the security of Java ME-CLDC and (2) characterizing memory-constrained execution monitoring; an important class of security mechanisms. The main results of our research are the following: • A security analysis of Java ME-CLDC. The two main contributions of this analysis are a vulnerability analysis and a risk analysis of the platform. The vulnerability analysis revealed the presence of vulnerabilities in the platform and showed how to improve the underlying security model. The risk analysis provided a seriousness estimation of the risks associated with the uncovered vulnerabilities. • A characterization of memory-constrained execution monitoring. This characterization covers conventional monitors as well as more powerful monitors. The contribution of this characterization is mainly threefold. First, we defined a new automata class, called Bounded History Automata (BHA), to specify memoryconstrained EM enforcement. Second, we identified a new memory-directed taxonomy of EM-enforceable properties. Third, we investigated the enforcement of local properties using memory-constrained EM. This was performed by identifying BHA-enforceable local properties and explaining how to check whether an EM-enforceable policy is local or not.