The Java ME Security Blog

What Exactly is Java Micro Edition? The term "Java Micro Edition" has historically been a trademark used to describe and sell a number of Java technologies under one moniker. It labels a software product line that organizes classes of resource-limited devices. The variant factors it identifies are the: cost of security run-time checks, a.k.a. the sandbox, footprint in memory of the built-in set of classes. a.k.a. the boot classpath , way activities are dispatched a.k.a. the framework or lifecycle and facilities that are additionally available on the device a.k.a. optional packages. For example, for a blue-ray disk player the applications will: have a limited and fairly fixed need for security checks, want to run in a medium memory space, and hence have very limited basic API without frills, want to respond to tray opening and closing events and input from a remote c

Java's origins lie in small and embedded devices , so one would assume that developing for such devices in Java would be a natural fit. In reality however, Java is strongest in enterprise and desktop systems, and Java developers using the Standard and Enterprise Editions (SE and EE, respectively) enjoy a diverse ecosystem of tools and frameworks to develop their software systems. Embedded use of Java has only recently come back into focus, as the number of devices connected to the Internet is drastically increasing. The revived interest is reflected in the Connected Limited Device Configuration - CLDC 8 ( JSR 360 ) and Java ME Embedded Profile - MEEP 8 ( JSR 361 ) specifications, which update earlier specifications for Embedded Java to provide current language features of Java like Generics and Annotations, for which Oracle offers a corresponding set of implementations. While CLDC 8 and MEEP 8 are Java standards, they are not based on the same core as Java SE, and SE tooling and

When your television watches you, your washing machine steals your credit card details and your car can be commandeered to drive into a ditch because it has a network media player in it, then you know something has gone wrong with technology. We have connected Things to the Internet for our convenience . We have neglected to think about our safety and security in the act . If we ask why we cannot get better safety and security at reasonable prices, the answer we receive from the techies is that the engineering that is needed to achieve this is too complicated and hence too costly. Devices we buy are primed with tiny Linux distributions that run scripting languages and native code, often under default accounts with standard passwords. The operating systems and programs may not be secure to start with, and because their configuration is not minimised or individualised, they are readily identifiable on the Internet when scanned for and probed. Even if the developers of the devices woul