Security in C++ - Hardening Techniques From the Trenches

Explore memory safety and security hardening techniques for C++ applications in this conference talk from C++Now 2024. Dive deep into two specific mitigation approaches implemented as Clang and libc++ toolchain extensions: Standard Library hardening for catching undefined behavior like out-of-bounds memory access, and typed memory allocation that leverages compiler-inferred type information to protect against type confusion attacks. Learn from real-world implementation experiences in performance-critical production environments, understand the evolutionary challenges faced, and discover proposed changes to the C++ Standard that could elevate these security measures. Led by Louis Dionne, head of libc++ development at Apple, gain practical insights into improving C++ application security without extensive code modifications.