Secure coding in C and C++ for medical devices (SECC-CCPPMD) – Outline

Detailed Course Outline

Day 1

  • Cyber security basics
    • What is security?
    • Threat and risk
    • Cyber security threat types – the CIA triad
    • Cyber security threat types – the STRIDE model
    • Consequences of insecure software
  • Regulations and standards
    • Healthcare data protection regulations
    • Regulations for medical devices
  • Cyber security in the healthcare sector
    • Threats to medical devices
    • Attackers and motivation
    • The problem of legacy systems

Memory management vulnerabilities

  • Assembly basics and calling conventions
    • x64 assembly essentials
    • Registers and addressing
    • Most common instructions
    • Calling conventions on x64
  • Buffer overflow
    • Memory management and security
    • Vulnerabilities in the real world
    • Buffer security issues
    • Buffer overflow on the stack

Day 2

Memory management vulnerabilities

  • Best practices and some typical mistakes
    • Unsafe functions
    • Dealing with unsafe functions
    • Lab – Fixing buffer overflow
    • What's the problem with asctime()?
    • Lab – The problem with asctime()
    • Using std::string in C++
  • Some typical mistakes leading to BOF
    • Unterminated strings
    • readlink() and string termination
    • Manipulating C-style strings in C++
    • Malicious string termination
    • Lab – String termination confusion
    • String length calculation mistakes
    • Off-by-one errors
    • Case study – Off-by-one error in VxWorks TCP 'Urgent Data' parsing
    • Allocating nothing

Memory management hardening

  • Securing the toolchain
    • Securing the toolchain in C and C++
    • Compiler warnings and security
    • Using FORTIFY_SOURCE
    • Lab – Effects of FORTIFY
    • AddressSanitizer (ASan)
    • RELRO protection against GOT hijacking
    • Heap overflow protection
    • Stack smashing protection
  • Runtime protections
    • Runtime instrumentation
    • Address Space Layout Randomization (ASLR)
    • Non-executable memory areas

Common software security weaknesses

  • Security features
    • Authentication
    • Authorization

Day 3

Common software security weaknesses

  • Security features (continued)
    • Password management

Common software security weaknesses

  • Input validation
    • Input validation principles
    • Denylists and allowlists
    • Case study – Improper input validation in Natus Xltek NeuroWorks 8
    • What to validate – the attack surface
    • Where to validate – defense in depth
    • When to validate – validation vs transformations
    • Output sanitization
    • Encoding challenges
    • Unicode challenges
    • Validation with regex
    • Regular expression denial of service (ReDoS)
    • Lab – ReDoS in C
    • Dealing with ReDoS
    • Integer handling problems

Day 4

Common software security weaknesses

  • Input validation
    • Injection
    • Process control
    • Files and streams
    • Format string issues

Time and state

  • Race conditions

Errors

  • Error and exception handling principles
  • Error handling
  • Exception handling

Code quality

  • Code quality and security
  • Data handling
  • Object oriented programming pitfalls

Wrap up

  • Secure coding principles
  • And now what?