Security in C++: Hardening techniques from the trenches

Speaker: Louis Dionne

Audience level: [ Beginner | Intermediate | Advanced ]

This talk will go over two security mitigation techniques we implemented as extensions in the Clang and libc++ toolchain: Standard Library hardening and typed memory allocation. Standard Library hardening allows catching common cases of undefined behavior such as out-of-bounds memory accesses and turning them into guaranteed traps. Typed memory allocation allows passing compiler-inferred type information to the system allocator, which can then isolate memory allocations based on types so as to make it more difficult to put together a type confusion attack by exploiting a temporal memory safety issue.


We will discuss our experience adopting and enabling these mitigation techniques in production on large, performance and security critical code bases. Our experience shows that these techniques can help greatly improve the security of existing C++ applications often without requiring any code changes. We will also go over some of the evolutionary challenges we met along the way and how we resolved them. Finally, we will propose a path forward to make targeted changes to the C++ Standard that would allow these mitigation techniques to be first class citizens of the Standard.