Beyond Sanitizers...

Sign in to queue


CppCon 2015: Kostya Serebryany “Beyond Sanitizers: Fuzzing and Hardening your C++ apps for Security & Reliability” Presentation Slides, PDFs, Source Code and other presenter materials are available at: — At CppCon’2014 we presented the Sanitizers, a family of dynamic testing tools for C++. These tools allow you to find many stability and security bugs in C++ code, but they are only as good as your tests are. In this talk we will show how to improve your tests with guided fuzzing and how to protect your applications in production even if some bugs were not found. Fuzzing, or fuzz testing, is a surprisingly effective technique that allows you to discover new interesting test inputs. Coverage-guided fuzzing uses coverage-like code instrumentation to make fuzzing orders of magnitude more efficient. Taint-guided fuzzing goes even further by using taint tracking techniques. The next line of defense may be incorporated directly into production: the Control Flow Integrity instrumentation allows you to protect your program from corrupted function pointers (including pointers to virtual tables) and separating stack variables from the call stack protects from corrupted return addresses -- both with near-zero overhead. We will concentrate on particular tools implemented in the opensource LLVM toolchain (libFuzzer, DataFlowSanitizer, -fsanitize=cfi,safe_stack), but will also discuss several alternatives. — Konstantin (Kostya) Serebryany is a Software Engineer at Google. His team develops and deploys dynamic testing tools, such as AddressSanitizer and ThreadSanitizer. Prior to joining Google in 2007, Konstantin spent 4 years at Elbrus/MCST working for Sun compiler lab and then 3 years at Intel Compiler Lab. Konstantin holds a PhD from and a Master from handle: @kayseesee — Videos Filmed & Edited by Bash Films:









Download this episode

The Discussion

Add Your 2 Cents