Extending the Java Virtual Machine to Enforce Fine-Grained Security Policies in Mobile Devices

Iulia Ion
CREATE-NET
Italy

Boris Dragovic
CREATE-NET
Italy

Bruno Crispo
University of Trento
Italy

The growth of the applications and services market for mobile devices is currently slowed down by the lack of a flexible and reliable security infrastructure. The development and adoption of a new generation of mobile applications depends on the end user’s ability to finely manage system security and control application’s behavior. The virtual execution environment for mobile software and services should support the security needs of users and applications. This paper proposes an extension to the security architecture of the Java Virtual Machine for mobile systems, to support fine-grained policy specification and run-time enforcement. Access control decisions are based on system state, application and system history data, as well as request specific parameters. The prototype implementation is running on desktops, as emulator, and on mobile devices, proving the high level of flexibility and security, with excellent performance provided by the extended architecture.

Keywords: Java security, mobile computing, policy models

Read Paper Read Paper (in PDF)