Java 11-如何覆盖JVM和系统内存中的敏感信息（也许使用System.gc（）？）

Question

Problem: How to forcefully overwrite system-memory in Java - More specifically: When secure keys must not stay longer than a few seconds in the memory: Neither in the jvm-memory, nor in the OS-Memory?

What I tried: Modifying the java garbage-collector implementation, so that it would for sure overwrite objects with random bytes, instead of just freeing them. However:

Everything I read about System.gc() showed me that I can never really rely on it, and that one should not use it in production. However, what if I know that I use a specific JVM? What if I know that I want to use the OpenJDK with Java 11 and that I configure the JVM to use a specific GC Implementation (to not let the JVM choose the GC)?

Question 1: Can I then somehow be sure that System.gc() will trigger garbage collection 100% times?

Question 2: Can I find out, what's the maximum duration between System.gc() has been called and the actual garbage collection will start? This is a significant part of the question! I could only find answers to the garbage-collection-efficiency itself (eg the throughput vs stop-the-world pause-times), but that is NOT the answer to this question. (Read myself through the whole documentation here )

Question 3: If the idea with the modified garbage collector is by far the worst idea to securely overwrite each occurence of various sensible java objects in the memory, then how could I otherwise overwrite those objects in the memory? Is it even possible with Java? It would be nice to be able to delete and overwrite these objects directly in the java-code, similar to freeing objects in C/C++? Are there other possibilities maybe outside java where I can overwrite each occurrence of such sensible information in the memory, which would have to be triggered as instantly as possible as soon as the java object is no longer in use?

My research so far:

• Official Java docs for Java 11
• Forcing Java virtual machine to run garbage collector [duplicate] from 2013
• When does System.gc() do anything from 2008
• System.gc() for garbage collection from 2013
• What does System.gc() guarantees to do? [duplicate] from 2013
• Does invoking System.gc() in java suggest garbage collection of the tenured generation as well as the young generation? from 2010
• Why is it bad practice to call System.gc()? from 2010
• How to force garbage collection in Java? from 2009
• Is there a destructor for Java? from 2008
• Explicitly call system.gc() in code [duplicate] from 2016

As you can see those are, except for the official docs, quite old, so:

Question 4: Are there any newer insights available to the concern whether System.gc() behaves the same like 10 years ago?? Thanks!

*EDIT: I already use byte-arrays for the cases where those can be used. The question is about more complex Java-Objects with various different fields and properties, which have to be cleaned completely in the memory.

Answer 1

Assuming you can store the security key in a byte[] or other primitive array it should be enough to zero the array after the key was read:

for (int i = 0; i < key.length; i++) {
  key[i] = 0;
}

Above should result in byte[] key being fully overridden. Relying on GC here would be a mistake as it's unpredictable.