Java run-time security policies

Fall 2008

Anthony Felice
Lujo Bauer
Project description

The aim of this project is to further the development of the Polymer security system for Java 2 Mobile Edition (J2ME) code. Polymer is a specification language and enforcement system that enforces pre-specified security policies on an untrusted Java applications by rewriting the application prior to run time. When the application attempts to execute a security sensitive action, Polymer is consulted to approve the action; outcomes range from proceeding normally to halting the program.

Polymer was originally developed in J2SE and is in the process of being ported to J2ME. Due to differences between the two environments -- namely, in J2SE a user usually has full access to the Java class libraries, while in J2ME he or she doesn't -- the strategy for rewriting a target application to appropriately pass control to Polymer will be significantly different in J2ME than it is in J2SE. Particular challenges include rewriting target applications to allow Polymer to intercept invocations of untrusted constructor methods and compensating for the lack of advanced APIs, e.g., for regular expression matching, in J2ME. The goal of this project is to add the above functionality to Polymer J2ME, and, as time permits, to integrate Polymer J2ME with a Java web (HTTP/1.1) proxy and to test Polymer on mobile phones.

Return to project list