Risks and challenges exist for virtual machines (VMs) processing sensitive information. Namely, risks can include side-channel attacks whereby information is extracted from resources affected by a relevant code path. For example, side-channel attacks can include attempts to leverage various memory timing and inspection capabilities to piece together targeted sensitive information. By way of further example, a malicious virtual machine (VM) can attempt to extract a private key utilized in commonly-used cryptographic libraries.
Existing approaches for protecting against these types of attacks include reserving and isolating particular sets of cores (and the Level 1 (L1) instruction caches associated therewith) or even physical machines to particular sets of VMs (for example, sensitive or vulnerable VMs). However, such approaches include a number of limitations. For example, in implementing such an approach, a cloud provider loses significant flexibility in utilizing cores according to customer demand. Instead, one or more sets of cores are precluded, potentially for long periods of time, from load balancing and efficient migration of workloads among physical central processing units (CPUs) and cores. Accordingly, customer costs may increase, additional infrastructure may be needed, and margins may be lowered.
Consequently, a need exists for protecting sensitive information from side-channel attacks without requiring restriction of a VM to a particular set of cores.