| Palmtops, Pagers and cell phones are everywhere | | | | bandwidth and reduce latency, it reduces the |
| and the variety is endless. The industry's need for | | | | likelihood that crucial information will be intercepted |
| these devices to be able to run and perform | | | | or interrupted (e.g., by denial-of-service attacks). |
| almost any task that used to be done on | | | | • Smart applications utilize device processing |
| desktops requires a standard and simple way to | | | | power efficiently. Instead of encrypting everything |
| develop applications. The solution must suit a | | | | with the same key strength regardless of needs, |
| variety of platforms and take in care many | | | | rich clients can establish a comprehensive |
| limitations such as limited memory, small screen | | | | differentiating security policy based on the |
| sizes, alternative input methods, and slow | | | | content. |
| processors that being small brings with. | | | | J2ME vs. native platforms |
| Recognizing that "one size doesn't fit all", Sun | | | | As compared with the native platforms, the main |
| regrouped its Java technologies into three editions, | | | | strength of the Java platform is that it allows us |
| each is aimed at a specific market segment: | | | | to write portable applications. The Java platform's |
| • J2EE - Aimed at heavy duty server | | | | portability stems from its execution model. |
| systems. | | | | Specifically, it stems from the use of the JVM to |
| • J2SE - Aimed at Standard desktop & | | | | process Java bytecode into machine code at |
| workstation applications | | | | runtime, providing a compatibility layer on top of |
| And Java 2 Platform Micro Edition (J2ME) - Aimed | | | | the hardware. The Java platform's execution |
| at Small & memory constrained devices and | | | | model also introduces some important security |
| standardize the use of Java technology in wireless | | | | benefits that are lacking in device-native |
| devices. The J2ME architecture had to be modular | | | | applications. These benefits are as follows: |
| and scalable due to the diversity of target | | | | • The JVM verifies all classes in class loaders |
| devices. To achieve this, J2ME provides a range | | | | and ensures that applications do not perform any |
| of virtual machines, each optimized to the | | | | dangerous operations. Because runtime class |
| different processor types and memory footprints. | | | | verification is computationally expensive for MIDP |
| J2ME advantages include improved security and | | | | VMs, MIDP has a special two-step bytecode |
| consistency of applications across platforms and | | | | verification scheme. We'll address this scheme in a |
| devices, superior user interfaces with graphics, | | | | later section. |
| the ability to function off-line out of wireless | | | | • The JVM has a monitoring mechanism to |
| coverage, peer-to-peer networking and no | | | | safeguard runtime application errors. A good |
| licensing expenses needed for the SDK, which | | | | example is the garbage collector. The JVM can |
| means that anyone can create an application and | | | | clean up application memory heaps automatically |
| market it. | | | | at runtime. This helps to avoid memory leaks, |
| J2ME vs. WAP | | | | which are the major cause of crashes among |
| J2ME apps have much more to offer than those | | | | native applications. |
| built under the Wireless Application Protocol | | | | • The JVM can provide a security manager or |
| (WAP), in terms of both features and security. | | | | sandbox for applications. Viruses and other hostile |
| Whereas WAP is a thin-client development | | | | code accidentally downloaded from the Web can |
| protocol, J2ME is a development platform | | | | pose serious security risks. On the Java platform, |
| specifically for smart applications. J2ME applications | | | | entire applications (i.e., JAR files) can be digitally |
| offer the following security advantages over | | | | signed. The JVM security manager grants the |
| WAP applications: | | | | signed application privileges to access specific APIs |
| • Without a WAP gateway in the middle, | | | | (domains) based on the trust level of the signer. |
| smart applications can provide scalable end-to-end | | | | We'll discuss domain-based mobile code security in |
| security from the back end to wireless devices. | | | | more detail in a later section. |
| This will become especially important as the back | | | | Smart, usability-focused design and the Java |
| end evolves into a message-driven Web-services | | | | platform's built-in execution model give J2ME |
| framework. | | | | applications significant performance and security |
| • Smart applications can store and process | | | | advantages over both WAP and native |
| data locally, thereby reducing network traffic. Not | | | | applications. |
| only does this conserve precious wireless | | | | |