107793.pdf (496.58 kB)
Systematic analysis of programming languages and their execution environments for spectre attacks
conference contribution
posted on 2023-06-10, 02:39 authored by Seyed Amir Hossain Naseredini, Stefan Gast, Martin Schwarzl, Pedro Bernardo, Amel Smajic, Claudio Canella, Martin Berger, Daniel GrussIn this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.
History
Publication status
- Published
File Version
- Published version
Journal
Proceedings of the 8th International Conference on Information Systems Security and PrivacyISSN
2184-4356Publisher
SCITEPRESS - Science and Technology PublicationsExternal DOI
Page range
48-59Event name
8th International Conference on Information Systems Security and PrivacyEvent location
OnlineEvent type
conferenceEvent date
9 - 11 Feb 2022ISBN
9789897585531Department affiliated with
- Informatics Publications
Full text available
- Yes
Peer reviewed?
- Yes
Legacy Posted Date
2022-02-17First Open Access (FOA) Date
2022-02-17First Compliant Deposit (FCD) Date
2022-02-17Usage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC