Author Archives: axtaxt

Analyzing the “ecological footprint” of java algorithms

When trying to optimize algorithms implemented in java, not just cputime, and memory footprint are important, but often we are interested in the amount of generated garbage. If your service is bounded by some availability agreements having a deep knowledge … Continue reading

Posted in Benchmark, Java | Tagged , , , , | Leave a comment

Implementing a simple hit tracer in DynamoRIO

It is a while ago, when I last posted to this blog. Lately I’m focusing my interest more on mathematics (statistical inference, machine learning) and software engineering (functional reactive programming), than on software security. (Maybe I will post in those … Continue reading

Posted in Fun, Security | Tagged , , , | Leave a comment

IO trace generation in java: experimenting with sun.misc.IoTrace

I’ve recently checked the new features in the latest release (1.7.0_40) of Oracle’s Java SE, when I stumbled upon a new class, sun.misc.IoTrace. The source of sun.misc.IoTrace can be viewed here. Its basically and “empty” class, which does nothing, and … Continue reading

Posted in Benchmark | Tagged , , , | 5 Comments

Analysis of CVE-2013-0809

This post is about the analysis of CVE-2013-0809, a java security bug I’ve found. As it is common for java bugs, the most relevant information can be found in RedHat’s CVE database and in RedHat’s bugzilla. In this case it … Continue reading

Posted in Bugs, Security | Tagged , , , , , | 4 Comments

[revised] Benchmark: Rhino vs Chrome V8 on server side

It was a while ago, when I’ve created the post, titled ‘Benchmark: Rhino vs Chrome V8 on server side’. Since then, it has received a lot of critics about the measurement method, so I’ve decided to rerun the measurements: I’ve … Continue reading

Posted in Benchmark | Tagged , , , , | 1 Comment

Analysis of CVE-2012-0711 (IBM DB2 Integer Signedness Error)

It this post I’m going to analyse the details of CVE-2012-0711 (IBM’s security bulettin), an integer signedness bug, I’ve found in IBM DB2 Express-C a while ago. The description of the bug: “Integer signedness error in the db2dasrrm process in … Continue reading

Posted in Bugs, Security | Tagged , , , , , | Leave a comment

Analysis of CVE-2011-3545 (ZDI-11-307)

I’ve decided to share the details of the first 0-day I’ve found. There are a lot of Java vulnerabilities nowadays, mainly originating from bytecode verifier bugs or desing flaws in the JDK, which can be exploited usign pure java code … Continue reading

Posted in Bugs, Security | Tagged , , , , | 7 Comments