Title: Security Evaluation of J2ME CLDC Embedded Java Platform.
Abstract: Java 2 Micro-Edition Connected Limited Device Configuration (J2ME CLDC) is the platform of choice when it comes to running mobile applications on resourceconstrained devices (cell phones, set-top boxes, etc.).The large deployment of this platform makes it a target for security attacks.The intent of this paper is twofold: First, we study and evaluate the security model of J2ME CLDC.Second, we provide a vulnerability analysis of this Java platform.The evaluated components are: Virtual machine, CLDC API and MIDP (Mobile Information Device Profile) API.The analysis covers the specifications, the reference implementation (RI) as well as several other widely-deployed implementations of this platform.The aspects targeted by this security analysis encompass: Networking, record management system, virtual machine, multi-threading and digital rights management.This work identifies security weaknesses in J2ME CLDC that may represent sources of security exploits.Moreover, the results reported in this paper are valuable for any attempt to test or harden the security of this platform.This platform has been deployed now by more than 20 telecommunication operators.The total number of deployed Java mobile devices in the market exceeds 250 million units worldwide.According to IDC, a prestigious market research firm, there will be more than 1.2 billion deployed Java-based mobile devices by 2006.J2ME CLDC gained a big momentum and is now standardized by the Java Community Process (JCP) and adopted by many standardization bodies such as Cite this document as follows: