C and C++: A Security Perspective Security Beyond Memory Safety Using Modern C++ to Avoid Vulnerabilities by DesignMax Hoffmann Security Beyond Memory Safety CppCon 2024 2 Security Beyond Memory Safety Hoffmann Security Beyond Memory Safety CppCon 2024 3 FIFTY SHADES OF SHOOTING YOURSELF IN THE FOOT WITH A RAILGUNMax Hoffmann Security Beyond Memory Safety CppCon 2024 4Max Hoffmann Security Beyond yearsMax Hoffmann Security Beyond Memory Safety CppCon 2024 6Max Hoffmann Security Beyond Memory Safety CppCon 2024 7Max Hoffmann Security Beyond Memory Safety CppCon 2024 8Max Hoffmann Security Beyond Memory

Embracing an Adversarial Mindset for C++ Security Amanda Rousseau 9/18/2024 This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY1 Strategies for Secure C++ DevelopmentWHOAMI 0x401006 Microsoft 0x40100C Offensive 0x40100F Research & Security 0x401018 Engineering 0x40101A (MORSE) CURRENT 0x401000 MALWARE UNICORN AMANDA ROUSSEAU 0x402001 perspectiveFactors Influencing Trends Increased Security Awareness and Practices Adoption of Modern Technologies •secure coding, regular patching, comprehensive security testing •Improved Discovery Methods -

INJECTION / SECURITY BREACH CPP INJECTION / SECURITY BREACH 5 . 11CPP INJECTION / SECURITY BREACH CPP INJECTION / SECURITY BREACH 5 . 11CPP INJECTION / SECURITY BREACH CPP INJECTION / SECURITY BREACH SELECT 11CPP INJECTION / SECURITY BREACH CPP INJECTION / SECURITY BREACH CPP INJECTION CPP INJECTION SELECT * FROM Users WHERE Name='' or 1==1--' and Password='' 5 . 11CPP INJECTION / SECURITY BREACH CPP INJECTION INJECTION / SECURITY BREACH CPP INJECTION CPP INJECTION SELECT * FROM Users WHERE Name='' or 1==1--' and Password='' int main() { jit<"[]{ std::cout << \""s + std::getenv("USER") + "\"; }">(); } 5

or policies of any company in the Johnson & Johnson Family of Companies.Big Picture Why Safety/Security in C++ Medical Device Failure Analysis Brief Intro to Medical Device Standards, Documents, and Coding Practices in Safety Critical Path Final Words and Q&A 1 2 3 4 5 6Safety/Security and C++ 5Security/Safety Concerns with C++ 6MITRE Common Weaknesses Enumeration 7Recent Notable Talks on 92006-2011 FDA MAUDE database Medical Device Failure Analysis 10 This study does NOT contain security related recalls!Recall Index Database Medical Device Failure Analysis 11 © 2018 Stericycle, Inc

Licensing issues; need to minimize legal risk (covered later in this talk) • Fears of potential security vulnerabilities (covered later in this talk)Problem 4: Building open-source dependencies is hard environmentsCataclysm: Dark Days Ahead Asset cachingProblem 6: Security vulnerabilities in open-source code •Introduction of security vulnerabilities is a risk of consuming open-source • OpenSSL Heartbleed Memory Safety in Software Products | CISA (2023) •Other CppCon talks on these topics tooProblem 6: Security vulnerabilities in open-source code Solution 6: Vulnerability monitoring, prevention, and response

runtime checks static analysis verification formal proofs optimisation safety diagnose bugs security correctness tooling support annotations debugging expressivity performance40 Copyright (c) @timur_audio | https://timur.audio Are P2900 Contracts the solution to safety & security in C++?170 Copyright (c) Timur Doumler | @timur_audio | https://timur.audio • Contract assertions can significantly improve correctness & safety of code P2900 Contracts vs. safety & security171 Copyright (c) Timur Doumler | @timur_audio | https://timur.audio • Contract assertions

CppCon—Just-in-Time compilation This completes our Brief History… But there’s one more thing I want to mention.Security The Cat only grinned when it saw Alice. It looked good-natured, she thought: still it had very said I wouldn’t go into downsides of JiT compilation too much, but one I want to dig int a bit is security. Good news about JiTs: you’re now shipping a compiler! Bad news about JiTs: you’re now shipping mention of compilation related vulnerabilities. This CWE entry concerns a compiler optimizing away a security check inserted by a developer. One concern with complex JiT engines is a compiler producing incorrect

Polls 29SAFETY & SECURITY ▪ What is safety? ▪ Limiting the (accidental) damage to a system caused by bugs ▪ Prefer prevention (compile-time) over detection (run-time) ▪ What is security? ▪ Mitigating identifying the problem ▪ Not much in the way of principles to apply ▪ Formation of SG23 - Safety and Security Kona 2022 Evening Session 38DIRECTION GROUP40 Basic Tenets ▪ Do not radically break backwards collaborative effort of the U.S. Department of Energy (DOE) Office of Science and the National Nuclear Security Administration ▪ Portions of this research used resources of the Argonne Leadership Computing

com/2024/03/11/safety-in-context ) memory safety attacks “cold” cyberwar, in progressSoftware security (or “cybersecurity” or similar) making software able to protect its assets from a malicious attacker ) rules, “shift-left” to compile time27 from the Praise page “... This book’s emphasis on the security aspects of C programming is unmatched … use all of the available tools it presents to avoid undefined cppfront) Photo: Die Hard Dicememory safety attacks “cold” cyberwar, in progress72 Software security (or “cybersecurity” or similar) making software able to protect its assets from a malicious attacker

requirements for a specific intended use or application have been fulfilled" - ISO/IEC 23643:2020Security "Resistance to intentional, unauthorized act(s) designed to cause harm or damage to a system" MeltdownMemory Safety "Memory safety is the state of being protected from various software bugs and security vulnerabilities when dealing with memory access, such as buffer overflows and dangling pointers" quickly and easilyC++ Dangers C++ includes some dangerous features that can introduce bugs and security risks if used improperlyCompile-time Validation CompilerMech Suit or Swim? Choose between safety