{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T13:52:13Z","timestamp":1774965133624,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":71,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690183","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"183-197","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Principled Microarchitectural Isolation on Cloud CPUs"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-9183-1595","authenticated-orcid":false,"given":"Stavros","family":"Volos","sequence":"first","affiliation":[{"name":"Azure Research, Microsoft, Cambridge, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6929-886X","authenticated-orcid":false,"given":"C\u00e9dric","family":"Fournet","sequence":"additional","affiliation":[{"name":"Azure Research, Microsoft, Cambridge, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1660-2949","authenticated-orcid":false,"given":"Jana","family":"Hofmann","sequence":"additional","affiliation":[{"name":"Azure Research, Microsoft, Cambridge, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8004-0743","authenticated-orcid":false,"given":"Boris","family":"K\u00f6pf","sequence":"additional","affiliation":[{"name":"Azure Research, Microsoft, Cambridge, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-1964-8038","authenticated-orcid":false,"given":"Oleksii","family":"Oleksenko","sequence":"additional","affiliation":[{"name":"Azure Research, Microsoft, Cambridge, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"AMD. 2024. Microarchitectural cache side-channel attacks. https:\/\/www.amd.com\/en\/resources\/product-security\/bulletin\/amd-sb-7025.html."},{"key":"e_1_3_2_1_2_1","unstructured":"Azure. 2019. Hyper-V HyperClear. https:\/\/techcommunity.microsoft.com\/t5\/virtualization\/hyper-v-hyperclear-mitigation-for-l1-terminal-fault\/ba-p\/382429."},{"key":"e_1_3_2_1_3_1","volume-title":"USENIX Conference on Offensive Technologies.","author":"Brasser Ferdinand","year":"2017","unstructured":"Ferdinand Brasser, Urs M\u00fcller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX cache attacks are practical. In USENIX Conference on Offensive Technologies."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/248209.237195"},{"key":"e_1_3_2_1_5_1","volume-title":"USENIX Security Symposium.","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In USENIX Security Symposium."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3593856.3595900"},{"key":"e_1_3_2_1_7_1","volume-title":"SoK: Practical Foundations for Software Spectre Defenses. In IEEE Symposium on Security and Privacy.","author":"Cauligi Sunjay","year":"2022","unstructured":"Sunjay Cauligi, Craig Disselkoen, Daniel Moghimi, Gilles Barthe, and Deian Stefan. 2022. SoK: Practical Foundations for Software Spectre Defenses. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2010.31"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132772"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA52012.2021.00080"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3579371.3589080"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2022.3152788"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2150976.2150982"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132782"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3302424.3303976"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCC.2014.2358236"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3065913.3065915"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00036"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3317550.3321431"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3607199.3607248"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690263"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53140-2_18"},{"key":"e_1_3_2_1_23_1","volume-title":"IEEE Symposium on Security and Privacy.","author":"Irazoqui G.","unstructured":"G. Irazoqui, T. Eisenbarth, and B. Sunar. 2015. SA: A shared cache attack that works across cores and defies VM sandboxing -- and its application to AES. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_24_1","volume-title":"USENIX Security Symposium.","author":"Jattke Patrick","year":"2024","unstructured":"Patrick Jattke, Max Wipfli, Flavien Solt, Michele Marazzi, Matej Bolcskei, and Kaveh Razavi. 2024. ZenHammer: Rowhammer attacks on AMD Zen-based platforms. In USENIX Security Symposium."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3664293"},{"key":"e_1_3_2_1_26_1","volume-title":"Filed Dec. 18th, 2017","author":"Kalyanasundharam Vydhyanathan","year":"2021","unstructured":"Vydhyanathan Kalyanasundharam, Kevin M. Lepak, Amit P. Apte, Ganesh Balakrishnan, Eric C. Morton, Elizabeth M. Cooper, and Ravindra N. Bhargava. 2021. Region based directory scheme to adapt to large cache sizes. Patent No. US11119926B2, Filed Dec. 18th, 2017, Issued Sep. 14th, 2021."},{"key":"e_1_3_2_1_27_1","first-page":"1","article-title":"Hardware VM isolation in the cloud","volume":"67","author":"Kaplan David","year":"2023","unstructured":"David Kaplan. 2023. Hardware VM isolation in the cloud. Commun. ACM, Vol. 67, 1 (Dec. 2023), 54--59.","journal-title":"Commun. ACM"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2968478.2968480"},{"key":"e_1_3_2_1_29_1","volume-title":"IEEE Symposium on Security and Privacy.","author":"Kim T.","unstructured":"T. Kim, H. Park, S. Lee, S. Shin, J. Hur, and Y. Shin. 2023. DEVIOUS: Device-driven side-channel attacks on the IOMMU. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_30_1","volume-title":"USENIX Security Symposium.","author":"Kim Taesoo","year":"2012","unstructured":"Taesoo Kim, Marcus Peinado, and Glria Mainar-Ruiz. 2012. STEALTHMEM: System-level protection against cache-based side-channel attacks in the cloud. In USENIX Security Symposium."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3508352.3549340"},{"key":"e_1_3_2_1_33_1","volume-title":"USENIX Security Symposium.","author":"Li Mengyuan","year":"2021","unstructured":"Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, and Yueqiang Cheng. 2021. CIPHERLEAKS: Breaking constant-time cryptography on AMD SEV via the ciphertext side channel. In USENIX Security Symposium."},{"key":"e_1_3_2_1_34_1","volume-title":"USENIX Security Symposium.","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading kernel memory from user space. In USENIX Security Symposium."},{"key":"e_1_3_2_1_35_1","volume-title":"IEEE Symposium on Security and Privacy.","author":"Liu Fangfei","unstructured":"Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-level cache side-channel attacks are practical. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3600006.3613143"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3470496.3527427"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_3"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23294"},{"key":"e_1_3_2_1_40_1","volume-title":"USENIX Annual Technical Conference.","author":"Oleksenko Oleksii","year":"2018","unstructured":"Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. 2018. Varys: Protecting SGX eEnclaves from practical side-channel attacks. In USENIX Annual Technical Conference."},{"key":"e_1_3_2_1_41_1","volume-title":"USENIX Security Symposium.","author":"Paccagnella Riccardo","unstructured":"Riccardo Paccagnella, Licheng Luo, and Christopher W. Fletcher. 2021. Lord of the Ring(s): Side channel attacks on the CPU on-chip ring interconnect are practical. In USENIX Security Symposium."},{"key":"e_1_3_2_1_42_1","volume-title":"USENIX Security Symposium.","author":"Pessl Peter","year":"2016","unstructured":"Peter Pessl, Daniel Gruss, Cl\u00e9mentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM addressing for cross-CPU attacks. In USENIX Security Symposium."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2018.00068"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3307650.3322246"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354252"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3472883.3487006"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSNW.2011.5958812"},{"key":"e_1_3_2_1_48_1","volume-title":"USENIX Security Symposium.","author":"Shusterman Anatoly","year":"2019","unstructured":"Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek Mittal, Yossi Oren, and Yuval Yarom. 2019. Robust website fingerprinting through the cache occupancy channel. In USENIX Security Symposium."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-27481-7_8"},{"key":"e_1_3_2_1_50_1","volume-title":"Filed June 23rd, 2016","author":"Srinivasan Sriram","year":"2018","unstructured":"Sriram Srinivasan and William L. Walker. 2018. Shadow tag memory to monitor state of cachelines at different cache level. Patent No. US10073776B2, Filed June 23rd, 2016, Issued Sep. 11th, 2018."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2020.2974217"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSE.2013.106"},{"key":"e_1_3_2_1_53_1","volume-title":"IEEE International Solid-State Circuits Conference.","author":"Tam Simon M.","year":"2018","unstructured":"Simon M. Tam, Harry Muljono, Min Huang, Sitaraman Iyer, Kalapi Royneogi, Nagmohan Satti, Rizwan Qureshi, Wei Chen, Tom Wang, Hubert Hsieh, Sujal Vora, and Eddie Wang. 2018. SkyLake-SP: A 14nm 28-Core Xeon processor. In IEEE International Solid-State Circuits Conference."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45238-6_6"},{"key":"e_1_3_2_1_55_1","volume-title":"IEEE Symposium on Security and Privacy.","author":"Bulck Jo Van","year":"2020","unstructured":"Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, Frank Piessens, and Ku Leuven. 2020. LVI: Hijacking transient execution through microarchitectural load value injection. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_56_1","volume-title":"USENIX Security Symposium.","author":"Bulck Jo Van","year":"2017","unstructured":"Jo Van Bulck, Nico Weichbrodt, R\u00fcdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling Your Secrets Without Page Faults: Stealthy page table-based attacks on enclaved execution. In USENIX Security Symposium."},{"key":"e_1_3_2_1_57_1","volume-title":"IEEE Symposium on Security and Privacy.","author":"Vila Pepe","unstructured":"Pepe Vila, Boris K\u00f6pf, and Jos\u00e9 F. Morales. 2019. Theory and practice of finding eviction sets. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2014.44"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833794"},{"key":"e_1_3_2_1_60_1","volume-title":"ACM Conference on Computer and Communications Security.","author":"Wang Wenhao","unstructured":"Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter. 2017. Leaky Cauldron on the Dark Land: Understanding memory side-channel hazards in SGX. In ACM Conference on Computer and Communications Security."},{"key":"e_1_3_2_1_61_1","volume-title":"International Symposium on Computer Architecture.","author":"Wang Zhenghong","unstructured":"Zhenghong Wang and Ruby B. Lee. 2007. New cache designs for thwarting software cache-based side channel attacks. In International Symposium on Computer Architecture."},{"key":"e_1_3_2_1_62_1","volume-title":"Euromicro Conference on Real-Time Systems.","author":"Ward Bryan C.","unstructured":"Bryan C. Ward, Jonathan L. Herman, Christopher J. Kenna, and James H. Anderson. 2013. Making shared caches more predictable on multicore platforms. In Euromicro Conference on Real-Time Systems."},{"key":"e_1_3_2_1_63_1","volume-title":"USENIX Security Symposium.","author":"Wu Zhenyu","year":"2012","unstructured":"Zhenyu Wu, Zhang Xu, and Haining Wang. 2012. Whispers in the Hyper-space: High-bandwidth and reliable covert channel attacks inside the cloud. In USENIX Security Symposium."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833726"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00004"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3307650.3326635"},{"key":"e_1_3_2_1_67_1","volume-title":"USENIX Security Symposium.","author":"Yarom Yuval","year":"2014","unstructured":"Yuval Yarom and Katrina Falkner. 2014. FlushReload: A high resolution, low noise, L3 cache side-channel attack. In USENIX Security Symposium."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS.2014.6925999"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3617232.3624867"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3620665.3640403"},{"key":"e_1_3_2_1_71_1","volume-title":"Core Slicing: Closing the gap between leaky confidential VMs and bare-metal cloud. In USENIX Operating Systems Design and Implementation.","author":"Zhou Ziqiao","year":"2023","unstructured":"Ziqiao Zhou, Yizhou Shan, Weidong Cui, Xinyang Ge, Marcus Peinado, and Andrew Baumann. 2023. Core Slicing: Closing the gap between leaky confidential VMs and bare-metal cloud. In USENIX Operating Systems Design and Implementation."}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690183","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690183","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:55:46Z","timestamp":1755842146000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690183"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":71,"alternative-id":["10.1145\/3658644.3690183","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690183","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}