@inproceedings{volos2024principled,
author = {Volos, Stavros and Fournet, Cédric and Hofmann, Jana and Köpf, Boris and Oleksenko, Oleksii},
title = {Principled Microarchitectural Isolation on Cloud CPUs},
booktitle = {ACM Conference on Computer and Communications Security (CCS)},
year = {2024},
month = {October},
abstract = {We present Marghera, a system design that prevents cross-VM microarchitectural side-channel attacks in the cloud. Marghera is based on isolation contracts which, for a given CPU, describe partitions of physical threads and memory that prevent information leakage through shared microarchitectural resources.

We develop isolation contracts for the AMD EPYC 7543P, a modern cloud CPU. To this end, we first identify how microarchitectural resources are shared between its physical threads, including caches, cache-coherence directories, and DRAM banks. We then develop coloring schemes---that comprehensively partition these resources---using previously unknown, reverse-engineered indexing functions.

We implement Marghera in Microsoft Hyper-V and evaluate it using cloud benchmarks. Our results show that our approach effectively eliminates side-channels caused by shared microarchitectural resources with small performance overheads.},
url = {http://approjects.co.za/?big=en-us/research/publication/principled-microarchitectural-isolation-on-cloud-cpus/},
}