Context-sensitive interprocedural points-to analysis in the presence of function pointers
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
ACM Transactions on Information and System Security (TISSEC)
Concurrent Programming in Java. Second Edition: Design Principles and Patterns
Concurrent Programming in Java. Second Edition: Design Principles and Patterns
Principles of Program Analysis
Principles of Program Analysis
Soot - a Java bytecode optimization framework
CASCON '99 Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research
MIDP 2.0 Style Guide for the Java 2 Platform (The Java Series)
MIDP 2.0 Style Guide for the Java 2 Platform (The Java Series)
Software—Practice & Experience
Improving the Security of Downloadable Java Applications With Static Analysis
Electronic Notes in Theoretical Computer Science (ENTCS)
Scaling Java points-to analysis using SPARK
CC'03 Proceedings of the 12th international conference on Compiler construction
Certified memory usage analysis
FM'05 Proceedings of the 2005 international conference on Formal Methods
A formal model of access control for mobile interactive devices
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Verifying resource access control on mobile interactive devices
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Midlet navigation graphs in JML
SBMF'10 Proceedings of the 13th Brazilian conference on Formal methods: foundations and applications
| Hi-index | 0.01 |
A midlet is a small Java program using the MIDP library that can be executed on a mobile phone. Midlets are developed by software houses and traded on portals often run by operators. Midlets can access powerful APIs, sometimes silently, especially if they are digitally signed by operators and can cause harm to the end-user assets. We formalize the notion of navigation graph, an abstraction of the behaviour of the graphical user interface of the midlet augmented with security relevant information and we describe an algorithm to extract automatically such a graph from the bytecode of a midlet. Most of the structure of a graph is described by data structures built by the application, not by the static structure of the code.