DeepAI AI Chat
Log In Sign Up

Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks

by   Amir Naseredini, et al.

In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.


page 1

page 2

page 3

page 4


FSE/CACM Rebuttal^2: Correcting A Large-Scale Study of Programming Languages and Code Quality in GitHub

Ray, Devanbu and Filkov issued a rebuttal of our TOPLAS paper "On the Im...

Spectre is here to stay: An analysis of side-channels and speculative execution

The recent discovery of the Spectre and Meltdown attacks represents a wa...

Architecture of a Flexible and Cost-Effective Remote Code Execution Engine

Oftentimes, there is a need to experiment with different programming lan...

Adding Interactive Visual Syntax to Textual Code

Many programming problems call for turning geometrical thoughts into cod...

Triclustering in Big Data Setting

In this paper, we describe versions of triclustering algorithms adapted ...

DOVE: A Data-Oblivious Virtual Environment

Users can improve the security of remote communications by using Trusted...

SoK: Sanitizing for Security

The C and C++ programming languages are notoriously insecure yet remain ...