Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
Security '01 Abstract

Security Analysis of the Palm Operating System and its Weaknesses Against Malicious Code Threats

Kingpin and Mudge, @stake, Inc.


Portable devices, such as Personal Digital Assis-tants (PDAs), are particularly vulnerable to mali-cious code threats due to their widespread imple-mentation and current lack of a security framework. Although well known in the security industry to be insecure, PDAs are ubiquitous in enterprise envi-ronments and are being used for such applications as one-time-password generation, storage of medi-cal and company confidential information, and e-commerce. It is not enough to assume all users are conscious of computer security and it is crucial to understand the risks of using portable devices in a security infrastructure. Furthermore, it is not pos-sible to employ a secure application on top of an insecure foundation.

Palm operating system (OS) devices own nearly 80 percent of the global handheld computing mar-ket [11]. It is because of this that the design of the Palm OS and its supporting hardware platform were analyzed. The presented research provides detail into specific scenarios, weaknesses, and mitigation recommendations related to data protection, ma-licious code, virus storage, and virus propagation. Additionally, this work can be used as a model by users and developers to gain a deeper understanding of the additional security risks that these and other portable devices introduce.

  • View the full text of this paper in HTML and PDF.
    The Proceedings are published as a collective work, © 2001 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.

  • If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.

  • To become a USENIX Member, please see our Membership Information.

?Need help? Use our Contacts page.

Last changed: 30 Apr 2002 ml
Technical Program
Security '01 Home