Security '01 Abstract
Security Analysis of the Palm Operating System
and its Weaknesses Against Malicious Code Threats
Kingpin and Mudge, @stake, Inc.
Portable devices, such as Personal Digital Assis-tants
(PDAs), are particularly vulnerable to mali-cious
code threats due to their widespread imple-mentation
and current lack of a security framework.
Although well known in the security industry to be
insecure, PDAs are ubiquitous in enterprise envi-ronments
and are being used for such applications
as one-time-password generation, storage of medi-cal
and company confidential information, and e-commerce.
It is not enough to assume all users are
conscious of computer security and it is crucial to
understand the risks of using portable devices in a
security infrastructure. Furthermore, it is not pos-sible
to employ a secure application on top of an
Palm operating system (OS) devices own nearly
80 percent of the global handheld computing mar-ket
. It is because of this that the design of the
Palm OS and its supporting hardware platform were
analyzed. The presented research provides detail
into specific scenarios, weaknesses, and mitigation
recommendations related to data protection, ma-licious
code, virus storage, and virus propagation.
Additionally, this work can be used as a model by
users and developers to gain a deeper understanding
of the additional security risks that these and other
portable devices introduce.
- View the full text of this paper in
The Proceedings are published as a collective work, © 2001 by the USENIX Association. All Rights Reserved. Rights
to individual papers remain with the author or the author's employer.
Permission is granted for the noncommercial reproduction of the complete
work for educational or research purposes. USENIX acknowledges all
trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.