Kostya Serebryany, Software Engineer, Google
The Sanitizers (AddressSanitizer and friends) is a family of dynamic testing tools for C and C++ based on compile-time instrumentation. They find bugs like use-after-free, buffer overflows, data races, uses of uninitialized memory, integer overflows, and many other kinds of bugs both in the user space and in the kernel. These tools are only as good as your test coverage, and so we’ll also discuss libFuzzer, a library for in-process contol- and data-flow guided fuzzing. Finally, even if these tools miss some of the bugs there is one more line of defense: security hardening of production binaries using compiler instrumentation. Control Flow Integrity will halt the program if a VPTR or an indirect function pointer looks corrupt, and Safe Stack will protect the return address from stack buffer overflow.
Sign up to find out more about Enigma conferences:
Watch all Enigma 2016 videos at: