Access Keys:
Skip to content (Access Key - 0)



Security vulnerabilities in Java SE

This talk will present the results of our security research project which has lead to the discovery of 50 security vulnerabilities in Java implementations coming from Oracle, IBM and Apple. The primary goal of the talk is to twist your mind and show you how challenging and tricky Java security can be.

During the talk, certain key details pertaining to Java VM security model and its operation will be presented. This will be followed by a detailed discussion of certain problems related to Java SE security.

The talk will disclose the methodology taken and technical information of several sample (most interesting) vulnerabilities found during our research. This will include information about the critical issue found recently and affecting all Java SE versions 5, 6 and 7 provided that the weakness will be fixed by the time of a conference.

Along with that, the talk will disclose several previously unpublished exploitation techniques allowing for a complete Java VM security sandbox escape.

Speaker

Related Presentations

10 Months of MongoDB at Nokia Entertainment Bristol
A Decade of Shipwrecks The Past, Present, and Future of Builds
Adopt OpenJDK and Adopt a JSR
An analysis of CVE-2012-2122, MySQL authentication
Application within Minutes
Architecture All the Way Down
ArduPilot an Introduction to UAVs
Building application components with monitoring in mind
Custom controls...nothing is impossible
Defensible Development with Secure HTTP Headers
Showing first 10 of 44 results

Search by Tag

Below are the 177 labels used in Devoxx 2012 listed alphabetically. Click on a label to see its associated content.
actors, agile, ajax, akka, alm, analysis, android, animations, annotations, apache, appcache, apple, arduino, arquillian, asynchronous, atdd, atlassian bejug, big, bof cache, caching, cdi, ceylon, children, chrome, clojure, closures, cloud, cloudfoundry, clusters, collaboration, collections, conference, css3
dart, data, datadirect, design, devops, devoxx, domotics, duchess, eclipse, eclipselink, ejb3, excel, facebook, functionalprogramming glassfish, google, grails, graphics, greenfoot, groovy, gtiazdbpwgco, guice, gwt hadoop, hands-onlabs, hateoas, hbpomnhkf, hibernate, html, html5, http, hudson, hypermedia, hzihuduljqejelq
ibm, indexeddb, infinispan, ios, iphone, irxqvjdgvntzpkeef j2me, java7, java8, javaee, javaee6, javaee7, javafx, javame, javaposse, javascript, javase, jax-rs, jboss, jcp, jdk, jdk8, jersey, jigsaw, jms, jmx, jpa, jpa2, jruby, json, jsr, jug, junit, jvm lambda, lombok, mapreduce, maven, methodology, mobile, modules, mongodb, multicore, mylyn, mysql
nao, news, nfc, no-sidebar, nodejs, nosql, oauth, openjdk, openshift, orm, osgi, otgftluul paas, parleys, patterns, performance, phonegap, play, playframework, podcast, polyglot, puzzlers, quickie raspberrypi, redis, rest, ria, robotics, rzxsgheseucnp
salesforce, scala, scalable, scrum, sdk, search, security, servlet, sgxaniowwxebaxn, soa, social, speakers, spock, spring, sql tdd, technology, testing, tfgglcmqjabadme, tools, toolsinaction, torquebox, twitter, university, vaadin, visualvm web, web20, webgl, websockets, websphere, websql, weld, women
Adaptavist Theme Builder Powered by Atlassian Confluence