Systematic analysis of programming languages and their execution environments for spectre attacks

Naseredini, Amir, Gast, Stefan, Schwarzl, Martin, Bernardo, Pedro, Smajic, Amel, Canella, Claudio, Berger, Martin and Gruss, Daniel (2022) Systematic analysis of programming languages and their execution environments for spectre attacks. 8th International Conference on Information Systems Security and Privacy, Online, 9 - 11 Feb 2022. Published in: Proceedings of the 8th International Conference on Information Systems Security and Privacy. 48-59. SCITEPRESS - Science and Technology Publications ISSN 2184-4356 ISBN 9789897585531

[img] PDF - Published Version
Available under License Creative Commons Attribution-NonCommercial No Derivatives.

Download (508kB)

Abstract

In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.

Item Type: Conference Proceedings
Schools and Departments: School of Engineering and Informatics > Informatics
SWORD Depositor: Mx Elements Account
Depositing User: Mx Elements Account
Date Deposited: 17 Feb 2022 08:37
Last Modified: 17 Feb 2022 11:41
URI: http://sro.sussex.ac.uk/id/eprint/104415

View download statistics for this item

📧 Request an update