https://www.cppnow.org​
---

Security in C++ - Hardening techniques from the trenches - Louis Dionne - C++Now 2024
---

C++ has gotten a lot of attention lately for being a memory-unsafe language. However, less well-known is the existence of mitigation techniques for certain spatial and temporal memory safety issues. While imperfect, these techniques can help greatly improve the security of existing C++ applications often without requiring any code changes.

This talk will go over two concrete mitigation techniques we implemented as extensions in the Clang and libc++ toolchain: Standard Library hardening and typed memory allocation. Standard Library hardening allows catching common cases of undefined behavior such as out-of-bounds memory accesses and turning them into guaranteed traps. Typed memory allocation allows passing compiler-inferred type information to the system allocator, which can then isolate memory allocations based on types so as to make it more difficult to put together a type confusion attack by exploiting a temporal memory safety issue.

We will discuss our experience adopting and enabling these mitigation techniques in production on large, performance and security critical code bases. We will also go over some of the evolutionary challenges we met along the way and how we resolved them. Finally, we will propose a path forward to make targeted changes to the C++ Standard that would allow these mitigation techniques to be first class citizens of the Standard.
---

Slides: https://github.com/boostcon/cppnow_pr...

Sponsored by Undo: Debug your hardest C++ bugs with time travel debugging → Learn more at http://bit.ly/cppnow24
---

Louis Dionne

I work at Apple where I lead the development of libc++, the Standard Library under the LLVM project and used by the Clang compiler.
---

C++Now 2025 - 28th April - 2nd May
C++Now is an annual onsite international C++ programming and coding conference held in Aspen, Colarado. For all C++ developers, C++ software engineers and those involved with the C++ language, CppNow provides an indepth and technical content provided by the best and brightest C++ experts of the C++ world.
Annual CppNow Conference - https://www.cppnow.org
  / cppnow​  
  / cppnow  
  / cppnow  
  / cppnow  
https://mastodon.social/@cppnow
Video Sponsors: millennium and think-cell
---

Videos Filmed & Edited By Bash Films: https://bashfilms.com/
YouTube Channel Managed & Optimized By Digital Medium Ltd: https://events.digital-medium.co.uk
---

#boost #cpp #cppprogramming #cplusplusprogramming #softwaredevelopment