In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.
翻译:在本文中,我们分析了与Spectre攻击有关的编程语言及其执行环境(编程员和口译员)的安全性,分析表明,42个执行环境中,只有16个对至少一个Spectre变异物有缓解作用,即26个没有减缓作用。我们使用我们的新颖工具Specontor,用8种编程语言和11个执行环境生成的代码开发了Spectre概念攻击证据,而这些语言以前并不知道会受到影响。我们的结果突出了一些用于实施安全关键代码的编程语言,但即使在发现Spectre三年后,这些语言仍然完全得不到保护。
相关内容
微信扫码咨询专知VIP会员