Alex Voulimneas | Building Secure and Trustworthy Systems

C and C++ have long been the languages of choice for systems programming thanks to their unique feature sets and performance characteristics. Over the years, developers all around the world have built up huge code bases without fully realizing that C/C++’s loose language specifications and lack of safety checks make even the most carefully written programs rife with undefined behavior and memory errors. Hackers routinely exploit these memory errors to infiltrate systems or to force them to leak confidential information. For this talk, I will focus on two classes of memory-error defenses, N-Variant eXecution (NVX) and compartmentalization. NVX is an orthogonal defense that amplifies the effectiveness of traditional exploit mitigations such as software diversity, while compartmentalization splits programs into trusted and untrusted components, and isolates trusted components from the untrusted ones.