6: Java Mobile Edition Security in Android

Encoder Data Matrix 2d barcode in Android 6: Java Mobile Edition Security

Figure 6-2

It also does not provide a huge amount of detail After all, it was built for performance analysis with well-understood applications, not for hackers Follow these steps to capture data using the Profiler:

1 Open the JME SDK and load your source project Make sure it compiles 2 Right-click on the emulator profile in the Device Manager pane and select

panel (the filename will have the extension prof)

4 Start the project by clicking the Run arrow 5 Exercise the application The goal is to figure out which code blocks are

6 Terminate the application and close the emulator 7 Open the Profiler log by clicking on Tools | Import JME SDK Snapshot

Figure 6-3

8 Browse to the stored prof file and click Okay 9 The result will appear similar to Figure 6-3 The call graph can be expanded by

All JME code is written in Java, and Java is a memory managed language that prevents buffer and integer overflows and direct manipulation of memory and the hardware The virtual machine makes this security magic possible by verifying every instruction before execution and ensuring that all application code handles memory and objects safely Not having to worry about memory-related security issues is a real boon to developers, but it doesn t mean that they are free and clear Application code can still use the network and local storage insecurely, and the virtual machine implementation itself might have problems that attackers could exploit to compromise devices For example, Adam Gowdiak reported avulnerability in the Kilobyte Virtual Machine s verifier that an application could use to escape the sandbox (http://secuniacom/advisories/12945/) The risk of a JVM error pales in comparison to the risk of writing every JME application in an unmanaged language such as C

The CLDC JSR specifies that JVMs implementing the CLDC configuration must only load and execute valid Java bytecode In addition, CLDC JVMs do not support all of Java s language features Specifically, the CLDC 11 JSR says that CLDC must ensure the following: Class files must be properly verified and the Java bytecode well formed All code branches must follow predictable paths and jump to controlled memory addresses Code verification ensures that the application is not able to execute illegal instructions Applications cannot load custom class loaders or classes of their choosing If attackers could load their own classes, they could pull in application code without the user s knowledge The API set exposed to applications is predefined Therefore, applications cannot use Java reflection to dynamically load classes or access private methods By forcing a predefined set, device manufacturers and carriers know which platform APIs are exposed and how the application will be able to access the hardware Device manufacturers and carriers can always add to the protected set if they want to expose device model-specific functionality (for example, the camera or a digital compass) Native functionality is prohibited Java native invocation (JNI) is a technology used to bridge between native code (such as C/C++) and managed Java code Native code executes outside of the JVM and cannot be monitored Therefore, JME applications must be prevented from using JNI and including native extension libraries Applications cannot extend classes in the java*, javaxmicroedition*, and other manufacturer-specific packages If malicious applications were allowed to overload sensitive system classes, they might be able to take advantage of polymorphism and force system APIs to execute attacker-supplied code when calling object methods All classes must come from the same JAR file This requirement prevents applications from loading and using classes from other applications that may be installed on a device This restriction may change when libraries are introduced as part of MIDP 30 These restrictions aim to stop applications from running Java code that cannot be managed or accesses the hardware in unexpected way MIDP relies on this infrastructure to build a higher level application sandbox, which will be discussed