C and C++: A Security Perspective Security Beyond Memory Safety Using Modern C++ to Avoid Vulnerabilities by DesignMax Hoffmann Security Beyond Memory Safety CppCon 2024 2 Security Beyond Memory Safety Hoffmann Security Beyond Memory Safety CppCon 2024 3 FIFTY SHADES OF SHOOTING YOURSELF IN THE FOOT WITH A RAILGUNMax Hoffmann Security Beyond Memory Safety CppCon 2024 4Max Hoffmann Security Beyond yearsMax Hoffmann Security Beyond Memory Safety CppCon 2024 6Max Hoffmann Security Beyond Memory Safety CppCon 2024 7Max Hoffmann Security Beyond Memory Safety CppCon 2024 8Max Hoffmann Security Beyond Memory

Embracing an Adversarial Mindset for C++ Security Amanda Rousseau 9/18/2024 This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY1 Strategies for Secure C++ DevelopmentWHOAMI 0x401006 Microsoft 0x40100C Offensive 0x40100F Research & Security 0x401018 Engineering 0x40101A (MORSE) CURRENT 0x401000 MALWARE UNICORN AMANDA ROUSSEAU 0x402001 perspectiveFactors Influencing Trends Increased Security Awareness and Practices Adoption of Modern Technologies •secure coding, regular patching, comprehensive security testing •Improved Discovery Methods -

requirements for a specific intended use or application have been fulfilled" - ISO/IEC 23643:2020Security "Resistance to intentional, unauthorized act(s) designed to cause harm or damage to a system" MeltdownMemory Safety "Memory safety is the state of being protected from various software bugs and security vulnerabilities when dealing with memory access, such as buffer overflows and dangling pointers" quickly and easilyC++ Dangers C++ includes some dangerous features that can introduce bugs and security risks if used improperlyCompile-time Validation CompilerMech Suit or Swim? Choose between safety

test_requires() to define test requirements instead of the legacy self.build_requires(..., force_host_context). • Use self.tool_requires() to define the legacy build_requires. Listing 3: From: from conans build_requirements(self): self.build_requires("nasm/2.15.05") self.build_requires("gtest/0.1", force_host_context=True) 8 Chapter 2. Conan migration guide to 2.0 Conan Documentation, Release 1.56.0 Listing 4: a self.conf object available with the aggregated configuration from all the recipes in the build context: from conan import ConanFile class Pkg(ConanFile): settings = "os", "compiler", "build_type", "arch"

test_requires() to define test requirements instead of the legacy self.build_requires(..., force_host_context). • Use self.tool_requires() to define the legacy build_requires. Listing 3: From: from conans build_requirements(self): self.build_requires("nasm/2.15.05") self.build_requires("gtest/0.1", force_host_context=True) 8 Chapter 2. Conan migration guide to 2.0 Conan Documentation, Release 1.55.0 Listing 4: a self.conf object available with the aggregated configuration from all the recipes in the build context: from conan import ConanFile class Pkg(ConanFile): settings = "os", "compiler", "build_type", "arch"

test_requires() to define test requirements instead of the legacy self.build_requires(..., force_host_context). • Use self.tool_requires() to define the legacy build_requires. Listing 3: From: from conans build_requirements(self): self.build_requires("nasm/2.15.05") self.build_requires("gtest/0.1", force_host_context=True) 8 Chapter 2. Conan migration guide to 2.0 Conan Documentation, Release 1.54.0 Listing 4: a self.conf object available with the aggregated configuration from all the recipes in the build context: from conan import ConanFile class Pkg(ConanFile): settings = "os", "compiler", "build_type", "arch"

Description: A toolkit for the Transport Layer Security (TLS) and Secure Sockets␣ ˓→Layer (SSL) protocols Topics: conan, openssl, ssl, tls, encryption, security Recipe: Cache Binary: Cache Binary remote: also: There are two generators, cmake_multi and visual_studio_multi that could help to avoid the context switch and using Debug and Release configurations simultaneously. Read more about them in cmake_multi method source() in the recipe (if defined). As SCM attributes are evaluated in the local directory context (see scm attribute), you can write more complex functions to retrieve the proper values, this source

test_requires() to define test requirements instead of the legacy self.build_requires(..., force_host_context). • Use self.tool_requires() to define the legacy build_requires. Listing 3: From: from conans build_requirements(self): self.build_requires("nasm/2.15.05") self.build_requires("gtest/0.1", force_host_context=True) 8 Chapter 2. Conan migration guide to 2.0 Conan Documentation, Release 1.53.0 Listing 4: a self.conf object available with the aggregated configuration from all the recipes in the build context: from conan import ConanFile class Pkg(ConanFile): settings = "os", "compiler", "build_type", "arch"

test_requires() to define test requirements instead of the legacy self.build_requires(..., force_host_context). • Use self.tool_requires() to define the legacy build_requires. Listing 3: From: from conans build_requirements(self): self.build_requires("nasm/2.15.05") self.build_requires("gtest/0.1", force_host_context=True) Listing 4: To: from conan import ConanFile class Pkg(Conanfile): ... def build_requirements(self): a self.conf object available with the aggregated configuration from all the recipes in the build context: from conan import ConanFile class Pkg(ConanFile): settings = "os", "compiler", "build_type", "arch"

8 Python 2 Removal Notice From version 1.49, Conan will not work with Python 2. This is because security vulnerabilities of Conan dependencies that haven’t been addressed in Python 2, so the only alternative supported. Extra blockers have been added in previous Conan releases to make everyone aware. Now the security vulnerabilities that are out of our scope, makes impossible to move forward support for Python 2 compiler >= 5.1, Conan will set the compiler.libcxx to the old ABI for backwards compatibility. In the context of this getting started example, this is a bad choice though: Recent gcc versions will compile the