Java Virtual Machine Specification
Java Virtual Machine Specification
A Bytecode Translator for Distributed Execution of ``Legacy'' Java Software
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
Using Aspects to Design a Secure System
ICECCS '02 Proceedings of the Eighth International Conference on Engineering of Complex Computer Systems
Java bytecode verification for secure information flow
ACM SIGPLAN Notices
Java for Mobile Devices: A Security Study
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Advanced Java bytecode instrumentation
Proceedings of the 5th international symposium on Principles and practice of programming in Java
Reengineering Standard Java Runtime Systems through Dynamic Bytecode Instrumentation
SCAM '07 Proceedings of the Seventh IEEE International Working Conference on Source Code Analysis and Manipulation
Improving the Security of Downloadable Java Applications With Static Analysis
Electronic Notes in Theoretical Computer Science (ENTCS)
| Hi-index | 0.01 |
Today most mobile devices embed Java runtime environment for Java programs. Java applications running on mobile devices are mainly MIDP (Mobile Information Device Profile) applications. They can be downloaded from the Internet and installed directly on the device. Although the virtual machine performs type-safety checking or verifies bytecode with signed certificates from third-party, the program still has the possibility of containing risky code. Inappropriate use of sensitive method calls may cause loss of personal assets on mobile devices. Moreover, source code is not accessible for most installed applications, making it difficult to analyze the behavior at source-code level. To better protect the device from malicious code, we propose an approach of bytecode instrumentation with aspects at bytecode level. The instrumentation pinpoints the location of statements within methods, rather than at the interface of method calls. The aspects are woven around the statement for tracking. The weaving is performed at bytecode level without requiring source code of the program.