4 comments

[ 1.1 ms ] story [ 14.7 ms ] thread
that's quite a constraint:

"The first capability an adversary needs is to mount a microarchitectural side channel attack against a vulnerable implementation. For that, the adversary needs the ability to execute code on the machine that runs the victim’s implementation."

A few lines below: "For example, a TLS server running in a virtual machine on a public cloud server, where the physical server hardware is shared between the victim’s TLS server and an attacker’s virtual machine."
blimey! that makes it too realistic indeed :(
Just as Spectre and Meltdown were bigger threats for cloud/serverless systems, this is also. A dedicated server is a vast increase in security. I suspect these attacks may be the start of the distributed/centralized pendulum (for hosting) swinging back towards distributed, at least in some areas .