Free Java

The OpenJDK JVM : Securing a moving target or What could possibly go wrong?

H.1302 (Depage)
Andrew Dinn
The OpenJDK Java Virtual Machine presents some interesting challenges when it comes to guarding against potential vulnerabilities. This talk will explain how dynamic class-loading, JIT compilation, speculative compilation and other aspects of the JVM's operation present a moving attack surface that presents some very different challenges to those found in other programs or runtimes. This talk won't say anything about specific vulnerabilities but it will identify a few areas of the OpenJDK JVM where some of these unique types of vulnerability have been identified and resolved. It may teach you some things you didn't know about the complexity of the JVM and hopefully reassure you that the OpenJDK devs are very aware of what could possibly go wrong. Whether we have got it all right is left as a follow-up exercise for attendees.

Additional information

Type devroom

More sessions

2/1/20
Free Java
Mark Reinhold
H.1302 (Depage)
A review of the past year in the life of the OpenJDK Community, and a look at what's ahead.
2/1/20
Free Java
Andrew Haley
H.1302 (Depage)
Project Loom, an OpenJDK project, is "intended to explore, incubate and deliver Java VM features and APIs built on top of them for the purpose of supporting easy-to-use, high-throughput lightweight concurrency and new programming models on the Java platform." These feature include Lightweight Threads, delimited continuations, and tail-call elimination. The speaker, a Project Loom team member, will describe the project in depth, in particular the gnarly details of how coroutine and continuation ...
2/1/20
Free Java
Thanos Stratikopoulos
H.1302 (Depage)
The proliferation of heterogeneous hardware in recent years has driven us to consider that every system we program, most likely includes a mix of computing elements; each of which with different hardware characteristics enabling programmers to improve performance while reducing energy consumption. These new heterogeneous devices include multi-core CPUs, GPUs and FPGAs. This trend has been accompanied by changes in software development norms that do not necessarily favor programmers. A prime ...
2/1/20
Free Java
Maurizio Cimadamore
H.1302 (Depage)
Abstract: Direct buffers are, to date, the only way to access foreign, off-heap memory. Despite their success, direct buffers suffer from some limitations --- stateful-ness, lack of addressing space, non-deterministic deallocation to name a few --- which makes them a less-than-ideal choice under certain workloads. In this talk we paint the path to the future: a safe, supported and efficient foreign memory access API for Java. By providing a more targeted solution to the problem of accessing ...
2/1/20
Free Java
Mike Milinkovich
H.1302 (Depage)
In September 2017 Oracle announced that it would be migrating governance of the Java EE platform to the Eclipse Foundation, the home of MicroProfile. Two years later Jakarta EE 8 shipped, signaling the successful completion of that move. As a result, Free Java has a new home for a significant piece of the Java ecosystem. A home which is purely open source, vendor neutral, and community led. This talk will be about how the long and painful journey from Java EE to Jakarta EE unfolded. But more ...
2/1/20
Free Java
Roman Kennke
H.1302 (Depage)
Shenandoah GC landed in JDK12 about a year ago, giving OpenJDK another low-pause garbage collector. It has undergone substantial changes since then. Specifically we have a new barrier scheme, and have eliminated the extra forwarding pointer word per object, thus substantially reducing memory footprint. After giving a general introduction to OpenJDK GC landscape and Shenandoah GC, this talk focuses on those recent changes in Shenandoah and what's in it for you.
2/1/20
Free Java
Jie Kang
H.1302 (Depage)
JDK Flight Recorder provides production time profiling and diagnostics via a compact events-based infrastructure inside the Hotspot JVM itself. JDK Mission Control is a stand-alone application that provides real-time monitoring information for Hotspot JVMs, as well as tools to read, automatically analyze and visualize flight recording data produced by JDK Flight Recorder. When this talk is presented, JMC 7.1.0 has (hopefully) been out for a little while. This presentation talks about what is new ...