Registration is now open for CppCon 2024! The conference starts on September 15 and will be held in person in Aurora, CO. To whet your appetite for this year’s conference, we’re posting some upcoming talks that you will be able to attend this year. Here’s another CppCon future talk we hope you will enjoy – and register today for CppCon 2024!

Security Beyond Memory Safety - Using Modern C++ to Avoid Vulnerabilities by Design

Monday, September 16 11:00 - 12:00 MDT

by Max Hoffmann

Summary of the talk:

Nowadays, there is one topic that comes up in virtually all discussions on system programming languages: memory safety.
However, even though memory safety rules out many of the most common sources of vulnerabilities, there are still plenty of ways how a vulnerability may find its way into the codebase.

In this talk, we look beyond memory safety and explore how we can prevent vulnerabilities through simple yet effective C++ constructions and custom static analysis scripts. We analyze multiple examples, from basics like input validation to complex time-of-check vs time-of-use issues when accessing shared resources, all of which are inspired by real-world products, use cases, or vulnerabilities. For each example, we discuss attacker models, threats, and implementation pitfalls, before looking at potential solutions that are not just secure by themselves but also protect developers from accidentally introducing vulnerabilities in the future.

Attendees will leave with a deeper understanding of security engineering and inspirations for leveraging C++ to prevent potential security issues by design.

Max Hoffmann studied cybersecurity and got his Ph.D. in hardware security at the Ruhr University Bochum, Germany, in association with the Max Planck Institute for Security and Privacy at the research group of Professor Christof Paar. With a passion for teaching, he continues to contribute to the university as an external lecturer, shaping the next generation of cybersecurity professionals. As a Security Manager at ETAS, he oversees the Onboard Security portfolio, driving process improvements, supporting in technical discussions, managing vulnerabilities, and enhancing security awareness in the organization.