C++Now 2019

C++ is a notoriously difficult language to master and Modern C++ is not far behind it. The language itself is powerful and flexible but does little to protect us from using it incorrectly and the closer a vulnerability is to an attack surface, the more easily it can be exploited. But how do you know where your attack surfaces are?

Threat Modeling is the foundation of everything else we do when securing our code. It tells us where the attack surfaces are, what possible attack vectors there are, where we aren't verifying who we're communicating with, where we're holding data and more importantly where we're holding data we don't use. Threat modeling forces us to analyze our designs & code by focusing our thinking to that of an attacker. Without it we have little to go on when looking for areas of vulnerability.

In this talk, we'll begin by looking at Intrusion Kill Chains, a simple but effective way to describe the process that attackers use to penetrate systems. We'll look at one of the most famous and successful attacks in cyber history through the lens of a kill chain.

Using this knowledge we'll then do a hands-on Threat Modeling exercise against an everyday system designed in Modern C++ using the STRIDE approach (and discuss others as we go). We'll look at:

how Spoofing can be used to gain unauthorized access to data within our system,
how Tampering is used to affect system behavior and how to protect against it,
how Repudiation is used to ensure that all systems behavior is verified,
how Information leaks give an attacker vital information on how to attack our systems,
how to defend against Denial of service attacks, and
how privilege Escalation attacks give attackers access to more than just our systems.


We'll also discuss how we have come to live in a Zero Trust world and how that affects systems design. We'll see how Threat modeling allow us to:

expose attack surfaces,
uncover architectural flaws early,
identify attack vectors,
balance risks and usability, and
document mitigation strategies.


Modern C++ is a powerful, flexible language, but it's not safe for those who have not truly mastered it. And as systems complexity increases, those knowledge gaps leave openings for attackers. Threat Modeling is the first step in sealing those gaps.