[Back]


Contributions to Proceedings:

A. Naseredini, S. Gast, M. Schwarzl, Pedro Sousa Bernardo, A. Smajic, C. Canella, D. Gruss:
"Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks";
in: "Proceedings of the 8th International Conference on Information Systems Security and Privacy", SciTePress, 2022, ISBN: 978-989-758-553-1, 48 - 59.



English abstract:
In this paper, we analyze the security of programming languages and their execution environments (compilers
and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution envi-
ronments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre
variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming
languages and on code generated by 11 execution environments that were previously not known to be affected.
Our results highlight some programming languages that are used to implement security-critical code, but re-
main entirely unprotected, even three years after the discovery of Spectre.

Keywords:
Speculative Execution, Spectre Attacks, Programming Languages, Execution Environment


"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
http://dx.doi.org/10.5220/0000157000003120

Electronic version of the publication:
https://publik.tuwien.ac.at/files/publik_304458.pdf


Created from the Publication Database of the Vienna University of Technology.