Scmad Chapter14

1,252 views
1,172 views

Published on

Chapter 14 - Only for study purposes.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,252
On SlideShare
0
From Embeds
0
Number of Embeds
142
Actions
Shares
0
Downloads
35
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Scmad Chapter14

  1. 1. By Marcel Caraciolo http://mobideia.blogspot.com Chapter 14– MIDP Security SCMAD Certification 45mm 61mm
  2. 2. Agenda <ul><li>MIDP - Security </li></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Permissions </li></ul></ul><ul><ul><li>Security-free API </li></ul></ul><ul><ul><li>Protection Domains </li></ul></ul><ul><ul><li>Application Signing </li></ul></ul><ul><ul><li>Permissions definition </li></ul></ul>
  3. 3. MIDP: Security <ul><li>MIDP has a security model based on sandbox and some operations are controlled by permissions </li></ul><ul><li>Every operation that might expose some system vulnerability (e.g. memory access, network access, private data access) is controlled by the platform. </li></ul><ul><li>The authorization mechanism is implementation-specific. When an authorization is denied, a SecurityException is thrown. </li></ul>
  4. 4. P Permissions <ul><li>Network Permissions: </li></ul><ul><li>javax.microedition.io.Connector .http </li></ul><ul><li>javax.microedition.io.Connector .https </li></ul><ul><li>javax.microedition.io.Connector .datagram </li></ul><ul><li>javax.microedition.io.Connector .datagramreceiver </li></ul><ul><li>javax.microedition.io.Connector .socket </li></ul><ul><li>javax.microedition.io.Connector .serversocket </li></ul><ul><li>javax.microedition.io.Connector .ssl </li></ul><ul><li>javax.microedition.io.Connector .comm </li></ul><ul><li>javax.microedition.io.Connector .sms </li></ul>
  5. 5. P Permissions <ul><li>WMA: </li></ul><ul><ul><li>javax.wireless.messaging.sms.send </li></ul></ul><ul><ul><li>javax.wireless.messaging.sms.receive </li></ul></ul><ul><ul><li>javax.wireless.messaging.cbs.receive </li></ul></ul><ul><li>Notifications: </li></ul><ul><ul><li>javax.microedition.io.PushRegistry </li></ul></ul><ul><li>MMAPI: </li></ul><ul><ul><li>javax.microedition.media.RecordControl.startRecord </li></ul></ul><ul><ul><li>javax.microedition.media.RecordControl.getSnapshot </li></ul></ul>
  6. 6. P Permissions <ul><li>WMA: </li></ul><ul><ul><li>javax.wireless.messaging.sms.send </li></ul></ul><ul><ul><li>javax.wireless.messaging.sms.receive </li></ul></ul><ul><ul><li>javax.wireless.messaging.cbs.receive </li></ul></ul><ul><li>Notifications: </li></ul><ul><ul><li>javax.microedition.io.PushRegistry </li></ul></ul><ul><li>MMAPI: </li></ul><ul><ul><li>javax.microedition.media.RecordControl.startRecord </li></ul></ul><ul><ul><li>javax.microedition.media.RecordControl.getSnapshot </li></ul></ul>
  7. 7. P Security’s Free API <ul><li>There is no security control over the following API’s: </li></ul><ul><ul><li>MIDlet </li></ul></ul><ul><ul><li>LCDUI </li></ul></ul><ul><ul><li>MMAPI (Execution only) </li></ul></ul><ul><ul><li>RMS </li></ul></ul>
  8. 8. P Protection Domains <ul><li>Suites are installed inside protection domains, according to the vendor. Source integrity is guaranteed through digital signatures </li></ul><ul><li>Each protection domain has a set of permissions </li></ul><ul><li>When an application is not signed, it’s installed on the Untrusted domain. MIDP 1.0 application do not support digital signature, so they are always installed on the Untrusted domain </li></ul><ul><li>Inside a protection domain, each permission has an interaction mode: </li></ul><ul><ul><li>blanket: Allows access to a resource asking for it at installation time </li></ul></ul><ul><ul><li>session: Requests user permission once per session </li></ul></ul><ul><ul><li>oneshot: Requests user permission every time a resource is requested </li></ul></ul>
  9. 9. PA Application signing <ul><li>A suite may be digitally signed. First the JAR file digital signature is calculated and then both the signature and the certificate are added to the JAD file with: </li></ul><ul><ul><li>MIDlet- Certificate - <n> - <m> </li></ul></ul><ul><ul><li>MIDlet- Jar- RSA – SHA1 </li></ul></ul><ul><li>When a suite is installed, the signature is verified. If the certificate is recognized and the signature is valid, the suite is installed on one of the device’s protection domain </li></ul>
  10. 10. P Application signing <ul><li>When a JAR is signed, parameters in JAD file and in JAR manifest must match, or else the application will not be installed. If the application is not signed, they do not need to match and JAD properties have precedence over Manifest.mf’s. </li></ul><ul><li>When a JAR is signed, an installation is only successful when all the verifications are successful (e.g. digital signing, JAD parameters, etc) </li></ul><ul><li>A signed application may never be updated with an unsigned application </li></ul>
  11. 11. P Application signing <ul><li>You can define the required permissions on the JAD file: </li></ul><ul><ul><li>MIDlet – Permission: Required permissions for this suite. If they are not available, the suite will not be installed. </li></ul></ul><ul><ul><li>MIDlet- Permission- Opt: Permissions that the device may use, but might work without, even if in a limited way (e.g. game may have multiplayer support, but may work without network access in a singleplayer mode) </li></ul></ul>
  12. 12. Future Work <ul><li>Next Chapter: </li></ul><ul><ul><li>MIDP – JTWI </li></ul></ul><ul><ul><ul><li>Java Technology for Wireless Industry </li></ul></ul></ul><ul><ul><ul><li>API’s requirements </li></ul></ul></ul><ul><ul><ul><li>Other definitions </li></ul></ul></ul>
  13. 13. References <ul><li>ALVES F. Eduardo. SCMAD Study Guide, </li></ul><ul><li>27/04/2008. </li></ul><ul><li>JAKL Andreas, Java Platform, Micro Edition Part </li></ul><ul><li>01 slides, 12/2007. </li></ul><ul><li>Sun Certification Mobile Application Developer </li></ul><ul><li>Website: [http://www.sun.com/training/certification/java/scmad.xml]. </li></ul>

×