Towards a More Secure JDK

The last few years have seen new computing trends like increased use of mobile devices, big data and a world connected with internet. This has made Java applications vulnerable to threats and attacks. With time, holes get exposed in cryptographic algorithms and security protocols. They then need to be replaced with stronger alternatives. This session will show how safety mechanisms have been built into JDK to automatically protect applications from weak algorithms and protocols such as MD2, MD5, RC4, weak RSA/DSA keys and SSLv3. A wide variety of security controls have been made available which range from automatic defenses to user friendly APIs. Several new security controls have been introduced in Java 8 and Java 9 platforms like SHA-3 hash algorithms, OCSP stapling for TLS and DRBG SecureRandom implementation. This session will benefit Java developers by introducing them of the many defenses present and available in the Java ecosystem.

 
2 favorite thumb_down thumb_up 3 comments visibility_off  Remove from Watchlist visibility  Add to Watchlist
 

Outline/structure of the Session

  • Java Security Review
  • Making the JDK more Secure
  • Java 9 Security Enhancements
  • Cryptography - New Algorithms
  • Public Key Infrastructure
  • Transport Layer Security - DTLS, OCSP Stapling
  • Java Modularity
  • Annotation Enhancements
  • Security Tools
  • Real World Examples

Learning Outcome

Attendees will be apprised of the changed security threats in the JDK ecosystem. The different mechanisms introduced in Java 8 and Java 9 to make applications secure would be introduced. The presentation will help raise awareness of the many defenses present and available in the Java ecosystem, something every Java developer can benefit from. Attendees would also get to know real world challenges and how to circumvent them.

Target Audience

Developers, Architects, Security Advocates

schedule Submitted 5 months ago

Comments Subscribe to Comments

comment Comment on this Proposal
  • Manoj NP
    By Manoj NP  ~  1 month ago
    reply Reply

    Hi,

    First of all, thanks for the confirmation. As you maybe aware, we have reduced the program to a single day program due to reasons beyond our control. However, we would like to include atleast a part of some of the good talks which were initially planned for the two day event. We are requesting everybody who is having a 45 minutes session to reduce it to 20 minutes if possible.

    Can you please confirm whether we can schedule your talk for 20 minutes?

     

    Regards.

    Manoj, on behalf of the program committee

    • Naresh Jain
      By Naresh Jain  ~  2 months ago
      reply Reply

      Gurpreet, thanks for the proposal. This is a very important and relevant topic. However 90 mins for a talk can be very hard to keep the participants engaged. Will it be possible to bring this down to 45 mins and include some real world examples to demo the capabilities? If yes, please update your proposal accordingly.

      • Gurpreet Sachdeva
        By Gurpreet Sachdeva  ~  2 months ago
        reply Reply

        Naresh, your suggestions sound reasonable. I will modify the proposal accordingly.


    • Liked Deepu Xavier
      keyboard_arrow_down

      Deepu Xavier - Natural Language Processing & Java

      20 mins
      Demonstration
      Beginner

      This session will cover the basics of Natural Language Processing. We will see the basics of Named Entity Recognition, Sentiment Analysis and other basic features of NLP.

    • Liked Deepali Kishnani
      keyboard_arrow_down

      Deepali Kishnani - Natural Language Based Query Engine for Eclipse Modeling Framework

      20 mins
      Demonstration
      Beginner

      Searching in big databases is the need of the hour. With ever growing applications and customer base, quicker search over the data helps you survive. Modeling Frameworks sit at the core of modern software. The increasing complexity of business requirements are reflected in the increasing complexity of the modeling framework. What if you could query the complex models within seconds? This is just one use case of VIATRA Query.

      VIATRA Query is an Eclipse project. Initially conceived by the Budapest University of Technology and Economics, VIATRA is an Event-driven and Reactive Model Transformation Platform.  We have used VIATRA Query to create a small search engine for Ecore models of EMF using Natural Language Based Rule Engine and would like to share our experience with it.

      VIATRA Query enables the user to query the EMF models without having to manually traverse them. Complex queries can be converted into patterns. Parameters to models can be passed at runtime, something which is crucial to any query engine. The idea of creating a search engine using VIATRA Query opens up new and innovative ideas of working with Eclipse Modeling Framework. To know more about the algorithm behind this technology or how we made it work, please join us at the Eclipse 2017 Summit!

    • Liked Manoj NP
      keyboard_arrow_down

      Manoj NP - JDT Embraces Java 9 - An insider's perspective

      20 mins
      Talk
      Intermediate

      Eclipse Java Development Tooling or JDT has its own Java compiler at its core, aptly called the JDT Core consisting of the Java compiler and various tools including java model, search infrastructure, content assist, Abstract Syntax Tree Tools etc.  Java 9 is the latest entry in the Java world bringing along-with it a "module" of changes - so to speak.  Any change in the language standards affects JDT directly. While some of the earlier language specification changes affected only the compiler, Java 9, in contrast, has a direct impact on user who uses Eclipse IDE for creating and managing Java Projects. Java 9  introduces the concept of "Modules" which affects JDT from the compiler level to the project dependency layer affecting a normal user. Support for this feature will be dealt with, in detail, in this talk.

      This talk would start with a brief overview of the Java 9 features especially the "module" feature that have direct impact on Eclipse users,  describe the JDT support for features, touch upon some of the design aspects, and would conclude with a demo of Eclipse JDT for Java 9.

    • Liked Vaibhav Choudhary
      keyboard_arrow_down

      Vaibhav Choudhary - Towards a better parallelism

      45 mins
      Lightning Talk
      Intermediate

      World is moving fast towards parallelism. It will soon be seen that parallelism is the default nomenclature of the new software design. As a core member of Java Platforms Team, I want to bring the fact that how programming languages are leveraging the power the parallelism in this world of many core processors.

      Though parallelism is the new demand, it is extremely hard generate performance on parallelism. We need to learn "the best practices" for parallelism.

    • Liked Rajesh Sola
      keyboard_arrow_down

      Rajesh Sola - Gateway design with Eclipse Kura - Taking to new heights

      Rajesh Sola
      Rajesh Sola
      Core Faculty
      CDAC,Pune
      schedule 4 months ago
      Sold Out!
      90 mins
      Tutorial
      Intermediate

      This talk cum tutorial aims at introducing Eclipse Kura, OSGi based framework for IOT gateway design.It starts with kura architecture and key elements like bundles, services, web admin interface etc. and a tour of available APIs,services for hardware interfacing, wireless connectivity,cloud connectivity and industrial & automotive protocols.The next part proceeds with case study of building custom services,for eg:- adding client support for HTTP REST, InfluxDb in kura.Later few bridging scenarios will be covered on interfacing local networks with IOT Platforms like ThingSpeak, OpenSensors.io etc using these services and also storing data points in a time series at edge/gateway side using InfluxDb as an example.

    • Liked Gaurav Gupta
      keyboard_arrow_down

      Gaurav Gupta - Rapid Development Tools for Java EE

      90 mins
      Tutorial
      Advanced

      Create a fully operational Java EE application in a few minutes from scratch and select the technologies based on preferences such as Docker, REST API, MVC 1.0, Arquillian, JSP and AngularJS, Angular 2.x . The solution features a high-quality, rich web UI, business logic, security, a REST API and more. Don't miss this session if you are serious about saving time.

    • Liked Gurpreet Sachdeva
      keyboard_arrow_down

      Gurpreet Sachdeva - Refactor Code To Java8

      Gurpreet Sachdeva
      Gurpreet Sachdeva
      Director - Technology
      Aricent
      schedule 5 months ago
      Sold Out!
      45 mins
      Talk
      Advanced

      Java 8 was released quite a while ago and we are now close to release of Java 9. There are discussions of Java 10 features also. There are many who are still stuck with older versions for various reasons. Many people claim that their code supports Java 8 but they aren't really using the powerful features of Java 8 like lambda expressions, Streams API and the new Date / Time API. This session does a quick recap of the powerful and unique features of Java 8. Tips and techniques to identify areas of code fit for refactoring to Java 8, will be shown. Eclipse can be leveraged to refactor code to use features like lambdas and streams. Pros and Cons of these features would be covered so that an informed decision can be taken whether to refactor or not.

    • Liked Gurpreet Sachdeva
      keyboard_arrow_down

      Gurpreet Sachdeva - Lambdas Revisited

      Gurpreet Sachdeva
      Gurpreet Sachdeva
      Director - Technology
      Aricent
      schedule 5 months ago
      Sold Out!
      45 mins
      Talk
      Advanced

      Java 8 was released in March 2014 with lambda expressions as its flagship feature. Many people have used them to write more concise and flexible code. Lambda expressions can be combined with the Streams API to express rich data processing queries. Many popular programming languages already had support for "lambdas" aka "closures". Interestingly, many of these languages run on the JVM and Java as the most prominent language running on the JVM did not want to be left behind. Java has provided support for lambdas using an elegant mechanism of "invokedynamics". In addition to this the streams API provided support for concurrent execution of instructions to suit new age parallel pipelined microprocessors. This session does a recap of Lambdas and Streams and their benefits with some practical examples. It then goes on to see how the community has taken these concepts. The excellent support provided by Eclipse for Lambdas will also be covered.

    • Liked Vaibhav Choudhary
      keyboard_arrow_down

      Vaibhav Choudhary - Taming Java Streams

      45 mins
      Talk
      Advanced

      The demand for parallel computing has always been on the rise when it comes to high performance computing. The innovations in hardware in the last decade have enabled developers to achieve this within a single machine which now offers multi-core, multi-processor capabilities. This is also becoming more and more popular compared to the traditional way of distributed computing which has its own constraints in terms of power and heat dissipation. Modern day developers want to leverage more on the multi-core/multi-processor architecture to achieve parallelism and Java Streams API offer them the best solution which allows the developers to break a larger task into smaller sub-tasks, process the sub-tasks in parallel and combine the results, while abstracting lower level multi-threading logic. While it sounds appealing, there are practical challenges in terms of getting the implementation right and debugging such implementations when there are issues. Essentially, the success of streams adoption largely depends on how robust the implementation is and how effectively one can do the trouble-shooting if something goes wrong. With that in mind, this session aims at addressing the best practices, common pitfalls with streams programming and provide debugging how-to for streams to make developers life easier. 

    • Liked Vaibhav Choudhary
      keyboard_arrow_down

      Vaibhav Choudhary - Live Java Heap Comparison for JDK8 and JDK9 with Eclipse

      45 mins
      Talk
      Intermediate

      Optimized memory usage is a key to the success of enterprise applications on the cloud and developers often spend a lot of their time in trying to optimize their applications for memory footprint on the cloud. A deeper analysis of Java Heap reveals that 25-30% of live objects of most enterprise applications are strings and optimizing how strings are represented internally can give substantial benefit to the enterprise applications, without developers investing extra time. In this regard, there has been a significant effort to optimize string representation in JDK9 which would give significant off-the-shelf benefit to all the applications moving to JDK9 in terms of memory footprint. This session would cover all the string optimizations implemented in JDK9 in detail and a live comparison of Java Heap between JDK8 and JDK9 to demonstrate the real optimization that the application would get by just adopting JDK9. 

    • Liked Vaibhav Choudhary
      keyboard_arrow_down

      Vaibhav Choudhary - Java 9 - The game changer for Cloud

      45 mins
      Talk
      Advanced

      Java has evolved and continues to remain as one of the most reliable platforms for Application Development. With the advent of the Cloud it is paramount for Cloud scale applications to run on a smaller footprint. The upcoming Java SE9 release, with a host of features, helps just that. Java is evolving as a modular and cloud focused platform. One of the highlights of Java SE 9 is Project Jigsaw. It will enable our customers to have a leaner runtime with enhanced security and better performance. In this talk, the audience will understand how Java 9 better enables developer productivity, reduces server overhead, improves application density and predictability and why it is the best platform for SAAS and PAAS in the cloud.

      Scope of the final presentation:-

         1    Project Jigsaw Overview and its implication on Oracle cloud.

         2    Other key Java Features to look forward to - AppCDS (Low Latency Application Development with great startup time) , G1 Garbage Collector (Predictable Pauses by Application), Excellent Monitoring tools.

         3    Modular JDK Demo - Java + Eclipse + Docker 

         4    Conclusion - Java is the future of Oracle cloud.