Execution context isolation is a key security requirement in personal computers, edge devices, and more importantly on multitenant computing environments such as the Cloud. It is vital that data belonging to one context (e.g., a process, enclave, or virtual machine) cannot be accessed or modified by another context without explicit permission, particularly in consideration of a remote adversary. However, the level of context isolation provided by today’s systems is not well aligned with the security needs of personal users, cloud providers, and customers of cloud computing services alike. Current hardware enforces isolation at the architectural level. However recent high-profile attacks demonstrated that isolation guarantees are weak at the microarchitectural-level. To make matters worse, a lot of the defenses against microarchitectural defenses aim to protect specific side-channels rather than providing a more comprehensive solution. In this paper we describe our recent and ongoing efforts in providing holistic defenses against microarchitectural attacks.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.