Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks

Amir Naseredini; Stefan Gast; Martin Schwarzl; Pedro Miguel Sousa Bernardo; Amel Smajic; Claudio Canella.; Martin Berger; Daniel Gruss.

doi:10.5220/0010779300003120

Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks

Amir Naseredini, Stefan Gast, Martin Schwarzl, Pedro Miguel Sousa Bernardo, Amel Smajic, Claudio Canella., Martin Berger, Daniel Gruss.

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.

Originalsprache	englisch
Titel	ICISSP 2022 - Proceedings of the 8th International Conference on Information Systems Security and Privacy
Herausgeber (Verlag)	SciTePress
Seiten	48-59
ISBN (elektronisch)	978-989-758-553-1
DOIs	https://doi.org/10.5220/0010779300003120
Publikationsstatus	Veröffentlicht - 9 Feb. 2022
Veranstaltung	8th International Conference on Information Systems Security and Privacy: ICISSP 2022 - Virtuell, Großbritannien / Vereinigtes Königreich Dauer: 9 Feb. 2022 → 11 Feb. 2022

Konferenz

Konferenz	8th International Conference on Information Systems Security and Privacy
Kurztitel	ICISSP 2022
Land/Gebiet	Großbritannien / Vereinigtes Königreich
Ort	Virtuell
Zeitraum	9/02/22 → 11/02/22

Zugriff auf Dokument

10.5220/0010779300003120

spectre_plAkzeptiertes Autorenmanuskript, 395 KB

Dieses zitieren

Naseredini, A., Gast, S., Schwarzl, M., Bernardo, P. M. S., Smajic, A., Canella., C., Berger, M., & Gruss., D. (2022). Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks. in ICISSP 2022 - Proceedings of the 8th International Conference on Information Systems Security and Privacy (S. 48-59). SciTePress. https://doi.org/10.5220/0010779300003120

Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks. / Naseredini, Amir; Gast, Stefan ; Schwarzl, Martin et al.
ICISSP 2022 - Proceedings of the 8th International Conference on Information Systems Security and Privacy. SciTePress, 2022. S. 48-59.

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Naseredini, A, Gast, S , Schwarzl, M, Bernardo, PMS, Smajic, A, Canella., C, Berger, M & Gruss., D 2022, Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks. in ICISSP 2022 - Proceedings of the 8th International Conference on Information Systems Security and Privacy. SciTePress, S. 48-59, 8th International Conference on Information Systems Security and Privacy, Virtuell, Großbritannien / Vereinigtes Königreich, 9/02/22. https://doi.org/10.5220/0010779300003120

@inproceedings{27fd04458caf44899587c6ffa0335c34,

title = "Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks",

abstract = "In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.",

author = "Amir Naseredini and Stefan Gast and Martin Schwarzl and Bernardo, {Pedro Miguel Sousa} and Amel Smajic and Claudio Canella. and Martin Berger and Daniel Gruss.",

year = "2022",

month = feb,

day = "9",

doi = "10.5220/0010779300003120",

language = "English",

pages = "48--59",

booktitle = "ICISSP 2022 - Proceedings of the 8th International Conference on Information Systems Security and Privacy",

publisher = "SciTePress",

address = "Portugal",

note = "8th International Conference on Information Systems Security and Privacy : ICISSP 2022, ICISSP 2022 ; Conference date: 09-02-2022 Through 11-02-2022",

}

TY - GEN

T1 - Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks

AU - Naseredini, Amir

AU - Gast, Stefan

AU - Schwarzl, Martin

AU - Bernardo, Pedro Miguel Sousa

AU - Smajic, Amel

AU - Canella., Claudio

AU - Berger, Martin

AU - Gruss., Daniel

PY - 2022/2/9

Y1 - 2022/2/9

N2 - In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.

AB - In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.

U2 - 10.5220/0010779300003120

DO - 10.5220/0010779300003120

M3 - Conference paper

SP - 48

EP - 59

BT - ICISSP 2022 - Proceedings of the 8th International Conference on Information Systems Security and Privacy

PB - SciTePress

T2 - 8th International Conference on Information Systems Security and Privacy

Y2 - 9 February 2022 through 11 February 2022

ER -

Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks

Abstract

Konferenz

Zugriff auf Dokument

Fingerprint

Dieses zitieren