Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks

Amir Naseredini; Amir Naseredini; Stefan Gast; Stefan Gast; Martin Schwarzl; Pedro Bernardo; Amel Smajic; Claudio Canella; Martin Berger; Martin Berger; Daniel Gruss; Daniel Gruss

doi:10.5220/0010779300003120

Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks

Amir Naseredini, Amir Naseredini, Stefan Gast, Stefan Gast, Martin Schwarzl, Pedro Bernardo, Amel Smajic, Claudio Canella, Martin Berger, Martin Berger, Daniel Gruss, Daniel Gruss

2022

Abstract

In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.

Download

Paper Citation

in Harvard Style

Naseredini A., Gast S., Schwarzl M., Bernardo P., Smajic A., Canella C., Berger M. and Gruss D. (2022). Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 48-59. DOI: 10.5220/0010779300003120

in Bibtex Style

@conference{icissp22,
author={Amir Naseredini and Stefan Gast and Martin Schwarzl and Pedro Bernardo and Amel Smajic and Claudio Canella and Martin Berger and Daniel Gruss},
title={Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={48-59},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010779300003120},
isbn={978-989-758-553-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks
SN - 978-989-758-553-1
AU - Naseredini A.
AU - Gast S.
AU - Schwarzl M.
AU - Bernardo P.
AU - Smajic A.
AU - Canella C.
AU - Berger M.
AU - Gruss D.
PY - 2022
SP - 48
EP - 59
DO - 10.5220/0010779300003120