Towards a More Secure JDK

The last few years have seen new computing trends like increased use of mobile devices, big data and a world connected with internet. This has made Java applications vulnerable to threats and attacks. With time, holes get exposed in cryptographic algorithms and security protocols. They then need to be replaced with stronger alternatives. This session will show how safety mechanisms have been built into JDK to automatically protect applications from weak algorithms and protocols such as MD2, MD5, RC4, weak RSA/DSA keys and SSLv3. A wide variety of security controls have been made available which range from automatic defenses to user friendly APIs. Several new security controls have been introduced in Java 8 and Java 9 platforms like SHA-3 hash algorithms, OCSP stapling for TLS and DRBG SecureRandom implementation. This session will benefit Java developers by introducing them of the many defenses present and available in the Java ecosystem.

 
2 favorite thumb_down thumb_up 2 comments visibility_off  Remove from Watchlist visibility  Add to Watchlist
 

Outline/structure of the Session

  • Java Security Review
  • Making the JDK more Secure
  • Java 9 Security Enhancements
  • Cryptography - New Algorithms
  • Public Key Infrastructure
  • Transport Layer Security - DTLS, OCSP Stapling
  • Java Modularity
  • Annotation Enhancements
  • Security Tools
  • Real World Examples

Learning Outcome

Attendees will be apprised of the changed security threats in the JDK ecosystem. The different mechanisms introduced in Java 8 and Java 9 to make applications secure would be introduced. The presentation will help raise awareness of the many defenses present and available in the Java ecosystem, something every Java developer can benefit from. Attendees would also get to know real world challenges and how to circumvent them.

Target Audience

Developers, Architects, Security Advocates

schedule Submitted 3 months ago

Comments Subscribe to Comments

comment Comment on this Proposal
  • Naresh Jain
    By Naresh Jain  ~  4 weeks ago
    reply Reply

    Gurpreet, thanks for the proposal. This is a very important and relevant topic. However 90 mins for a talk can be very hard to keep the participants engaged. Will it be possible to bring this down to 45 mins and include some real world examples to demo the capabilities? If yes, please update your proposal accordingly.

    • Gurpreet Sachdeva
      By Gurpreet Sachdeva  ~  4 weeks ago
      reply Reply

      Naresh, your suggestions sound reasonable. I will modify the proposal accordingly.


  • Liked Rajesh Sola
    keyboard_arrow_down

    Gateway design with Eclipse Kura - Taking to new heights

    Rajesh Sola
    Rajesh Sola
    schedule 2 months ago
    Sold Out!
    90 mins
    Tutorial
    Intermediate

    This talk cum tutorial aims at introducing Eclipse Kura, OSGi based framework for IOT gateway design.It starts with kura architecture and key elements like bundles, services, web admin interface etc. and a tour of available APIs,services for hardware interfacing, wireless connectivity,cloud connectivity and industrial & automotive protocols.The next part proceeds with case study of building custom services,for eg:- adding client support for HTTP REST, InfluxDb in kura.Later few bridging scenarios will be covered on interfacing local networks with IOT Platforms  like ThingSpeak, OpenSensors.io etc using these services and also storing data points in a time series at edge/gateway side using InfluxDb as an example.

  • Liked Deepu Xavier
    keyboard_arrow_down

    Natural Language Processing & Java

    Deepu Xavier
    Deepu Xavier
    schedule 3 months ago
    Sold Out!
    45 mins
    Demonstration
    Beginner

    This session will cover the basics of Natural Language Processing. We will see the basics of Named Entity Recognition, Sentiment Analysis and other basic features of NLP.

  • Liked Manoj NP
    keyboard_arrow_down

    JDT Embraces Java 9 - An insider's perspective

    Manoj NP
    Manoj NP
    Sasikanth Bharadwaj
    Sasikanth Bharadwaj
    schedule 2 months ago
    Sold Out!
    20 mins
    Talk
    Intermediate

    Eclipse Java Development Tooling or JDT has its own Java compiler at its core, aptly called the JDT Core consisting of the Java compiler and various tools including java model, search infrastructure, content assist, Abstract Syntax Tree Tools etc.  Java 9 is the latest entry in the Java world bringing along-with it a "module" of changes - so to speak.  Any change in the language standards affects JDT directly. While some of the earlier language specification changes affected only the compiler, Java 9, in contrast, has a direct impact on user who uses Eclipse IDE for creating and managing Java Projects. Java 9  introduces the concept of "Modules" which affects JDT from the compiler level to the project dependency layer affecting a normal user. Support for this feature will be dealt with, in detail, in this talk.

    This talk would start with a brief overview of the Java 9 features especially the "module" feature that have direct impact on Eclipse users,  describe the JDT support for features, touch upon some of the design aspects, and would conclude with a demo of Eclipse JDT for Java 9.

  • Liked Deepali Kishnani
    keyboard_arrow_down

    Natural Language Based Query Engine for Eclipse Modeling Framework

    Deepali Kishnani
    Deepali Kishnani
    Harkirat Singh Lamba
    Harkirat Singh Lamba
    schedule 2 months ago
    Sold Out!
    45 mins
    Demonstration
    Beginner

    Searching in big databases is the need of the hour. With ever growing applications and customer base, quicker search over the data helps you survive. Modeling Frameworks sit at the core of modern software. The increasing complexity of business requirements are reflected in the increasing complexity of the modeling framework. What if you could query the complex models within seconds? This is just one use case of VIATRA Query.

    VIATRA Query is an Eclipse project. Initially conceived by the Budapest University of Technology and Economics, VIATRA is an Event-driven and Reactive Model Transformation Platform.  We have used VIATRA Query to create a small search engine for Ecore models of EMF using Natural Language Based Rule Engine and would like to share our experience with it.

    VIATRA Query enables the user to query the EMF models without having to manually traverse them. Complex queries can be converted into patterns. Parameters to models can be passed at runtime, something which is crucial to any query engine. The idea of creating a search engine using VIATRA Query opens up new and innovative ideas of working with Eclipse Modeling Framework. To know more about the algorithm behind this technology or how we made it work, please join us at the Eclipse 2017 Summit!

  • Vaibhav Choudhary
    Vaibhav Choudhary
    schedule 4 months ago
    Sold Out!
    45 mins
    Lightning Talk
    Intermediate

    World is moving fast towards parallelism. It will soon be seen that parallelism is the default nomenclature of the new software design. As a core member of Java Platforms Team, I want to bring the fact that how programming languages are leveraging the power the parallelism in this world of many core processors.

    Though parallelism is the new demand, it is extremely hard generate performance on parallelism. We need to learn "the best practices" for parallelism.

  • Liked Gaurav Gupta
    keyboard_arrow_down

    Rapid Development Tools for Java EE

    Gaurav Gupta
    Gaurav Gupta
    Shiwani Gupta
    Shiwani Gupta
    schedule 2 months ago
    Sold Out!
    90 mins
    Tutorial
    Advanced

    Create a fully operational Java EE application in a few minutes from scratch and select the technologies based on preferences such as Docker, REST API, MVC 1.0, Arquillian, JSP and AngularJS, Angular 2.x . The solution features a high-quality, rich web UI, business logic, security, a REST API and more. Don't miss this session if you are serious about saving time.

  • Liked Gurpreet Sachdeva
    keyboard_arrow_down

    Refactor Code To Java8

    Gurpreet Sachdeva
    Gurpreet Sachdeva
    schedule 3 months ago
    Sold Out!
    45 mins
    Talk
    Advanced

    Java 8 was released quite a while ago and we are now close to release of Java 9. There are discussions of Java 10 features also. There are many who are still stuck with older versions for various reasons. Many people claim that their code supports Java 8 but they aren't really using the powerful features of Java 8 like lambda expressions, Streams API and the new Date / Time API. This session does a quick recap of the powerful and unique features of Java 8. Tips and techniques to identify areas of code fit for refactoring to Java 8, will be shown. Eclipse can be leveraged to refactor code to use features like lambdas and streams. Pros and Cons of these features would be covered so that an informed decision can be taken whether to refactor or not.

  • Gurpreet Sachdeva
    Gurpreet Sachdeva
    schedule 3 months ago
    Sold Out!
    45 mins
    Talk
    Advanced

    Java 8 was released in March 2014 with lambda expressions as its flagship feature. Many people have used them to write more concise and flexible code. Lambda expressions can be combined with the Streams API to express rich data processing queries. Many popular programming languages already had support for "lambdas" aka "closures". Interestingly, many of these languages run on the JVM and Java as the most prominent language running on the JVM did not want to be left behind. Java has provided support for lambdas using an elegant mechanism of "invokedynamics". In addition to this the streams API provided support for concurrent execution of instructions to suit new age parallel pipelined microprocessors. This session does a recap of Lambdas and Streams and their benefits with some practical examples. It then goes on to see how the community has taken these concepts. The excellent support provided by Eclipse for Lambdas will also be covered.

  • Liked Vaibhav Choudhary
    keyboard_arrow_down

    Taming Java Streams

    Vaibhav Choudhary
    Vaibhav Choudhary
    schedule 4 weeks ago
    Sold Out!
    45 mins
    Talk
    Advanced

    The demand for parallel computing has always been on the rise when it comes to high performance computing. The innovations in hardware in the last decade have enabled developers to achieve this within a single machine which now offers multi-core, multi-processor capabilities. This is also becoming more and more popular compared to the traditional way of distributed computing which has its own constraints in terms of power and heat dissipation. Modern day developers want to leverage more on the multi-core/multi-processor architecture to achieve parallelism and Java Streams API offer them the best solution which allows the developers to break a larger task into smaller sub-tasks, process the sub-tasks in parallel and combine the results, while abstracting lower level multi-threading logic. While it sounds appealing, there are practical challenges in terms of getting the implementation right and debugging such implementations when there are issues. Essentially, the success of streams adoption largely depends on how robust the implementation is and how effectively one can do the trouble-shooting if something goes wrong. With that in mind, this session aims at addressing the best practices, common pitfalls with streams programming and provide debugging how-to for streams to make developers life easier. 

  • Liked Vaibhav Choudhary
    keyboard_arrow_down

    Live Java Heap Comparison for JDK8 and JDK9 with Eclipse

    Vaibhav Choudhary
    Vaibhav Choudhary
    schedule 4 weeks ago
    Sold Out!
    45 mins
    Talk
    Intermediate

    Optimized memory usage is a key to the success of enterprise applications on the cloud and developers often spend a lot of their time in trying to optimize their applications for memory footprint on the cloud. A deeper analysis of Java Heap reveals that 25-30% of live objects of most enterprise applications are strings and optimizing how strings are represented internally can give substantial benefit to the enterprise applications, without developers investing extra time. In this regard, there has been a significant effort to optimize string representation in JDK9 which would give significant off-the-shelf benefit to all the applications moving to JDK9 in terms of memory footprint. This session would cover all the string optimizations implemented in JDK9 in detail and a live comparison of Java Heap between JDK8 and JDK9 to demonstrate the real optimization that the application would get by just adopting JDK9. 

  • Liked Vaibhav Choudhary
    keyboard_arrow_down

    Java 9 - The game changer for Cloud

    Vaibhav Choudhary
    Vaibhav Choudhary
    schedule 2 months ago
    Sold Out!
    45 mins
    Talk
    Advanced

    Java has evolved and continues to remain as one of the most reliable platforms for Application Development. With the advent of the Cloud it is paramount for Cloud scale applications to run on a smaller footprint. The upcoming Java SE9 release, with a host of features, helps just that. Java is evolving as a modular and cloud focused platform. One of the highlights of Java SE 9 is Project Jigsaw. It will enable our customers to have a leaner runtime with enhanced security and better performance. In this talk, the audience will understand how Java 9 better enables developer productivity, reduces server overhead, improves application density and predictability and why it is the best platform for SAAS and PAAS in the cloud.

    Scope of the final presentation:-

       1    Project Jigsaw Overview and its implication on Oracle cloud.

       2    Other key Java Features to look forward to - AppCDS (Low Latency Application Development with great startup time) , G1 Garbage Collector (Predictable Pauses by Application), Excellent Monitoring tools.

       3    Modular JDK Demo - Java + Eclipse + Docker 

       4    Conclusion - Java is the future of Oracle cloud.