Perspective Security Beyond Memory Safety Using Modern C++ to Avoid Vulnerabilities by DesignMax Hoffmann Security Beyond Memory Safety CppCon 2024 2 Security Beyond Memory Safety Using Modern C++ to Security Beyond Memory Safety CppCon 2024 3 FIFTY SHADES OF SHOOTING YOURSELF IN THE FOOT WITH A RAILGUNMax Hoffmann Security Beyond Memory Safety CppCon 2024 4Max Hoffmann Security Beyond Memory Safety CppCon Security Beyond Memory Safety CppCon 2024 6Max Hoffmann Security Beyond Memory Safety CppCon 2024 7Max Hoffmann Security Beyond Memory Safety CppCon 2024 8Max Hoffmann Security Beyond Memory Safety CppCon

A Relaxed Guide to memory_order_relaxed Hans Boehm Paul E. McKenney Google Facebook CPPCON 2020std::atomic/std::atomic_ref and memory_order_relaxed ● C++ atomic sacrificing the simple threads-as-interleaving semantics ● by passing memory_order enum values to explicit atomic operations. ● In particular, memory_order_relaxed allows arbitrary visibility reordering with respect About memory_order_relaxed? ● Just a load, just a store: Full control, excellent efficiency and scalability! ○ Assuming aligned machine-sized atomic objects, that is…What is Not to Like About memory_order_relaxed

© 2019 Apex.AI, Inc. Safe and certified software for autonomous mobility TM Practical memory pool based allocators for Modern C++ by Misha Shalem misha.shalem@apex.ai © 2020 Apex.AI, Inc.● CppCon Andreas Pasternak ● Quote: “Memory pools and allocators are only one piece of the solution” Today we going to talk about this one piece in (more) depth © 2020 Apex.AI, Inc.Memory allocations in real-time practically for C++ memory allocations? We asked an independent 3rd party safety assessor and the answer was “It should comply to Autosar C++ 14 Coding Guidelines regarding memory allocations” © 2020

Bar std::string Bar std::string Bar std::stringObject Introspection (OI) Goals • Byte level memory footprint analysis for objects • Complete object type hierarchies • Dynamic allocations and containers hierarchy from a given root type • Understand the layout in memory of the entire hierarchy • Understand how to interpret data at memory offsets • Understand containers • Compiler generated debug Object Introspection Measurement Code Code GenerationApplied Example 1 • Unused container memory: Unused Sz = (C.capacity() - C.size()) * sizeof(element) Name TypeName Number ElemStatSz Length

Memory Model C++11 – C++23About Me: alex.dathskovsky@speedata.io www.linkedin.com/in/alexdathskovsky https://www.cppnext.comAlex Dathskovsky | alex.dathskovsky@speedata.io | www.linkedin.com/in/a hazards • an instruction can be executed when its operands have been calculated or loaded from memory • an instruction stalls if operands are not availableAlex Dathskovsky | alex.dathskovsky@speedata com/in/alexdathskovsky Reordering Types • Data dependencies must be honored • C++ compiler may reorder any memory access under the as-if rule • Different processors have different reordering guarantiesAlex

from code at compile-time Be used to construct: Lookup Tables Con�guration Fuses Compressed Strings USB Descriptors 2 . 1/ Along the way Introduce some libraries I created for this code Discuss some 1; // ERROR } 5/ Building Resources Lookup Tables Con�guration Fuses Compressed String Tables USB Descriptor Code samples available on GitHub https://github.com/AshleyRoll/cppcon21 6 . 1/ Why Initialise hardware before the processor starts Fixed locations in Flash memory, �lled with bit- mapped magic values Sets up clocks, memory segments, watchdog timer JTAG debug, code security, and much more

allocator we don't have an rtos 3STM32L432KC 26 GPIO 14 communication interfaces (USB, SAI, I2C, CAN, …) Quad SPI memory interface 11 Timers 3 cap-sense channels 1 ADC 2 DAC 4Interruptstime EXTI2 5Interrupts

Olsen - Back to Basics: Concurrency DATA RACES Data race: 1. Two or more threads access the same memory 2. At least one access is a write 3. The threads do not synchronize with each other A data race racesCppCon 2023 56 David Olsen - Back to Basics: Concurrency DATA RACES It’s all about visibility of memory changes When threads synchronize, changes made by one thread are guaranteed to be visible in the SYNCHRONIZATION: THREAD CREATION Creating a thread synchronizes the parent and child threads All memory changes in parent thread before thread creation are visible in the child threadCppCon 2023 66

Recipe 🧾 Even a complicated class is ultimately made up of scalars, located in discontiguous memory. hash_append() appends each byte to the HashAlgorithm state by "recursing down" into the aggregated Recipe 🧾 Even a complicated class is ultimately made up of scalars, located in discontiguous memory. hash_append() appends each byte to the HashAlgorithm state by "recursing down" into the aggregated overload will either call hash_append() on its bases and members, or it will send bytes of its memory representation to the HashAlgorithm (scalars) No type is aware of the concrete HashAlgorithm implementation2024

Investigating the new patterns with the same scrutiny as the old • Tend to make our initial evaluation and stick with it • Is it a Fad or is it good? Initial Discoveryatomosspace.com | 6 Investigative Process