University of Sussex
Browse

Systematic analysis of programming languages and their execution environments for spectre attacks

Download (496.58 kB)
conference contribution
posted on 2023-06-10, 02:39 authored by Seyed Amir Hossain Naseredini, Stefan Gast, Martin Schwarzl, Pedro Bernardo, Amel Smajic, Claudio Canella, Martin Berger, Daniel Gruss
In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.

History

Publication status

  • Published

File Version

  • Published version

Journal

Proceedings of the 8th International Conference on Information Systems Security and Privacy

ISSN

2184-4356

Publisher

SCITEPRESS - Science and Technology Publications

Page range

48-59

Event name

8th International Conference on Information Systems Security and Privacy

Event location

Online

Event type

conference

Event date

9 - 11 Feb 2022

ISBN

9789897585531

Department affiliated with

  • Informatics Publications

Full text available

  • Yes

Peer reviewed?

  • Yes

Legacy Posted Date

2022-02-17

First Open Access (FOA) Date

2022-02-17

First Compliant Deposit (FCD) Date

2022-02-17

Usage metrics

    University of Sussex (Publications)

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC