loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Amir Naseredini 1 ; 2 ; Stefan Gast 1 ; 3 ; Martin Schwarzl 1 ; Pedro Miguel Sousa Bernardo 4 ; Amel Smajic 1 ; Claudio Canella 1 ; Martin Berger 5 ; 2 and Daniel Gruss 1 ; 3

Affiliations: 1 Graz University of Technology, Austria ; 2 University of Sussex, U.K. ; 3 Lamarr Security Research, Austria ; 4 Instituto Superior Técnico, Universidade de Lisboa, Portugal ; 5 Turing Core, Huawei 2012 Labs, London, U.K.

Keyword(s): Speculative Execution, Spectre Attacks, Programming Languages, Execution Environment.

Abstract: In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.117.192.205

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Naseredini, A. ; Gast, S. ; Schwarzl, M. ; Bernardo, P. ; Smajic, A. ; Canella, C. ; Berger, M. and Gruss, D. (2022). Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-553-1; ISSN 2184-4356, SciTePress, pages 48-59. DOI: 10.5220/0010779300003120

@conference{icissp22,
author={Amir Naseredini and Stefan Gast and Martin Schwarzl and Pedro Miguel Sousa Bernardo and Amel Smajic and Claudio Canella and Martin Berger and Daniel Gruss},
title={Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP},
year={2022},
pages={48-59},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010779300003120},
isbn={978-989-758-553-1},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP
TI - Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks
SN - 978-989-758-553-1
IS - 2184-4356
AU - Naseredini, A.
AU - Gast, S.
AU - Schwarzl, M.
AU - Bernardo, P.
AU - Smajic, A.
AU - Canella, C.
AU - Berger, M.
AU - Gruss, D.
PY - 2022
SP - 48
EP - 59
DO - 10.5220/0010779300003120
PB - SciTePress