CppCon 2015: Kostya Serebryany “Beyond Sanitizers...”





The interactive transcript could not be loaded.


Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Oct 9, 2015


CppCon 2015: Kostya Serebryany “Beyond Sanitizers: Fuzzing and Hardening your C++ apps for Security & Reliability”

Presentation Slides, PDFs, Source Code and other presenter materials are available at: https://github.com/cppcon/cppcon2015

At CppCon’2014 we presented the Sanitizers, a family of dynamic testing tools for C++. These tools allow you to find many stability and security bugs in C++ code, but they are only as good as your tests are. In this talk we will show how to improve your tests with guided fuzzing and how to protect your applications in production even if some bugs were not found. Fuzzing, or fuzz testing, is a surprisingly effective technique that allows you to discover new interesting test inputs. Coverage-guided fuzzing uses coverage-like code instrumentation to make fuzzing orders of magnitude more efficient. Taint-guided fuzzing goes even further by using taint tracking techniques. The next line of defense may be incorporated directly into production: the Control Flow Integrity instrumentation allows you to protect your program from corrupted function pointers (including pointers to virtual tables) and separating stack variables from the call stack protects from corrupted return addresses -- both with near-zero overhead. We will concentrate on particular tools implemented in the opensource LLVM toolchain (libFuzzer, DataFlowSanitizer, -fsanitize=cfi,safe_stack), but will also discuss several alternatives.

Konstantin (Kostya) Serebryany is a Software Engineer at Google. His team develops and deploys dynamic testing tools, such as AddressSanitizer and ThreadSanitizer. Prior to joining Google in 2007, Konstantin spent 4 years at Elbrus/MCST working for Sun compiler lab and then 3 years at Intel Compiler Lab. Konstantin holds a PhD from mesi.ru and a Master from msu.ru.Twitter handle: @kayseesee

Videos Filmed & Edited by Bash Films: http://www.BashFilms.com


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...