Secure coding in C and C++ for medical devices

Day 1

• Cyber security basics
  • What is security?
  • Threat and risk
  • Cyber security threat types – the CIA triad
  • Cyber security threat types – the STRIDE model
  • Consequences of insecure software
• Regulations and standards
  • Healthcare data protection regulations
  • Regulations for medical devices
• Cyber security in the healthcare sector
  • Threats to medical devices
  • Attackers and motivation
  • The problem of legacy systems

Memory management vulnerabilities

• Assembly basics and calling conventions
  • x64 assembly essentials
  • Registers and addressing
  • Most common instructions
  • Calling conventions on x64
• Buffer overflow
  • Memory management and security
  • Vulnerabilities in the real world
  • Buffer security issues
  • Buffer overflow on the stack

Day 2

Memory management vulnerabilities

• Best practices and some typical mistakes
  • Unsafe functions
  • Dealing with unsafe functions
  • Lab – Fixing buffer overflow
  • What’s the problem with asctime()?
  • Lab – The problem with asctime()
  • Using std::string in C++
• Some typical mistakes leading to BOF
  • Unterminated strings
  • readlink() and string termination
  • Manipulating C-style strings in C++
  • Malicious string termination
  • Lab – String termination confusion
  • String length calculation mistakes
  • Off-by-one errors
  • Case study – Off-by-one error in VxWorks TCP ‚Urgent Data‘ parsing
  • Allocating nothing

Memory management hardening

• Securing the toolchain
  • Securing the toolchain in C and C++
  • Compiler warnings and security
  • Using FORTIFY_SOURCE
  • Lab – Effects of FORTIFY
  • AddressSanitizer (ASan)
  • RELRO protection against GOT hijacking
  • Heap overflow protection
  • Stack smashing protection
• Runtime protections
  • Runtime instrumentation
  • Address Space Layout Randomization (ASLR)
  • Non-executable memory areas

Common software security weaknesses

• Security features
  • Authentication
  • Authorization

Day 3

Common software security weaknesses

• Security features (continued)
  • Password management

Common software security weaknesses

• Input validation
  • Input validation principles
  • Denylists and allowlists
  • Case study – Improper input validation in Natus Xltek NeuroWorks 8
  • What to validate – the attack surface
  • Where to validate – defense in depth
  • When to validate – validation vs transformations
  • Output sanitization
  • Encoding challenges
  • Unicode challenges
  • Validation with regex
  • Regular expression denial of service (ReDoS)
  • Lab – ReDoS in C
  • Dealing with ReDoS
  • Integer handling problems

Day 4

Common software security weaknesses

• Input validation
  • Injection
  • Process control
  • Files and streams
  • Format string issues

Time and state

• Race conditions

Errors

• Error and exception handling principles
• Error handling
• Exception handling

Code quality

• Code quality and security
• Data handling
• Object oriented programming pitfalls

Wrap up

• Secure coding principles
• And now what?