ITSEC Newsletter 2024-03-14

To talk about C++’s current safety problems and solutions well, I need to include the context of the broad landscape of security and safety threats facing all software. I chair the ISO C++ standards committee and I work for Microsoft, but these are my personal opinions and I hope they will invite more dialog across programming language and security communities.

Race conditions arise when multiple threads attempt to access a shared resource without proper synchronization, often leading to vulnerabilities such as concurrent use-after-free. To mitigate their occurrence, operating systems rely on synchronization primitives such as mutexes, spinlocks, etc. In this work, we present GhostRace, the first security analysis of these primitives on speculatively executed code paths.

In part one of this series, we constructed a virtual factory using a simulation and training platform called factory.io. We included all the components needed to build a real-world assembly line in a virtual setting. To conclude this series, we’ll come to our factory from an attacker’s perspective and explain the attacks and techniques at their disposal to disrupt automation processes.