The growth of the applications and services market for mobile devices is 
currently slowed down by the lack of a flexible and reliable security 
infrastructure. The development and adoption of a new generation of mobile 
applications depends on the end user's ability to finely manage system 
security and control application's behavior. The virtual execution environment 
for mobile software and services should support the security needs of users 
and applications. This paper proposes an extension to the security 
architecture of the Java Virtual Machine for mobile systems, to 
support fine-grained policy specification and run-time enforcement. Access 
control decisions are based on system state, application and system history 
data, as well as request specific parameters. The prototype implementation is 
running on desktops, as emulator, and on mobile devices, proving the high 
level of flexibility and security, with excellent performance provided by the 
extended architecture.