Heap dump analysis in a secure environment

Solution Unverified - Updated

Environment

  • OpenJDK
  • Oracle JDK

Issue

  • Company policy forbids providing a heap dump to Red Hat support.
  • Does Red Hat provide a software tool to enable us sanitize Thread dump and Heap dump to remove sensitive data before they are submitted to Red Hat for analysis?

Resolution

The customer will need to analyze the heap dump locally.

Heap dump analysis typically requires a very robust box, as the RAM and heap requirements of the Eclipse Memory Analyzer Tool (MAT) are on order with the size of the heap being analyzed. For example, if the heap being analyzed is 20GB, it will take a box with 20+GB of RAM and starting MAT with a max heap size of 20GB (-Xmx-20g).

Check to see if it would be acceptable to attach the Eclipse Memory Analyzer Tool (MAT) Leak Suspects or Leak Hunter report to the support case. These are created automatically by MAT in the directory where the heap dump is parsed and named HEAPDUMP_Leak_Suspects.zip and HEAPDUMP_Leak_Hunter.zip respectively.

If assisting a customer doing local heap dump analysis via a remote session, ensure no sensitive information is displayed by ensuring the customer closes the MAT Inspector window so field values are not displayed.


NOTE:

  • Red Hat does not offer data sanitizing tools. For further input on how Red Hat may help meet any data compliance and secure file handling requirements, it may help to have a broader discussion with your Red Hat account team

  • Though you might find other third party tools in the wild that strip out any and all field values from a heap dump, Red Hat cannot attest to a third party tool's success and consistency in removing those values.
    This can limit the review possible from a heap dump as we wouldn't be able to see any values of non-sensitive fields but generally just the class names and the heap amount they use.

SBR
Category

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.