Talk Proposal: The OpenJDK JVM : Securing a moving target
Andrew Dinn
adinn at redhat.com
Fri Nov 29 10:10:00 CET 2019
Title:
The OpenJDK JVM : Securing a moving target
or
What could possibly go wrong?
Abstract:
The OpenJDK Java Virtual Machine presents some interesting challenges
when it comes to guarding against potential vulnerabilities. This talk
will explain how dynamic class-loading, JIT compilation, speculative
compilation and other aspects of the JVM's operation present a moving
attack surface that presents some very different challenges to those
found in other programs or runtimes.
This talk won't say anything about specific vulnerabilities but it will
identify a few areas of the OpenJDK JVM where some of these unique types
of vulnerability have been identified and resolved. It may teach you
some things you didn't know about the complexity of the JVM and
hopefully reassure you that the OpenJDK devs are very aware of what
could possibly go wrong. Whether we have got it all right is left as a
follow-up exercise for attendees.
Speaker:
Andrew Dinn is a Senior Principal Software Engineer in Red Hat's Java
team, mostly working on the JVM. He is an active member of the OpenJDK
Vulnerability Group. Andrew also leads JBoss project Byteman.
Recording:
Ok by me!
More information about the java-devroom
mailing list