Following close on the heels of heartbleed we have seen a resurgence in questioning C as the implementation choice for critical infrastructure. With performance innovations on managed runtimes the option to implement more and more critical pieces in alternative languages is becoming tangible. Of course this brings along with it a different set of problems. To re-write a system like OpenSSL or even just to implement SSL/TLS on top of a managed runtime there are some serious obstacles to overcome.
This talk will examine solving the memory management problem present when building cyrptographic systems on top of managed runtimes. It’s no secret that key material and other such sensitive data should be able to be properly allocated and erased from memory with certainty. We will detail the problem with a small implementation of a common cryptographic system and demonstrate how the issue surfaces. We will then detail what steps need to be taken to solve this issue and re-examine the suitability of using these platforms for critical infrastructure.