Project Venice: principled design for side-channel protection

Cloud tenants share hardware resources such as CPU cores, caches, memory, and network. A malicious tenant can observe usage patterns in those shared resources to infer information about other tenants. This has been exploited in various side-channel attacks, including Spectre-style attacks that use shared microarchitectural states to exfiltrate information illegitimately obtained during transient execution. Current countermeasures mitigate known vulnerabilities but fail to provide comprehensive guarantees.

Side channels are of particular concern for confidential computing, which ensures the code and data of security-critical applications are systematically encrypted (thereby preventing direct access by other tenants or even the cloud provider) but does not preclude such information leakage. 

The goal of Project Venice is to provide strong end-to-end protection against software side-channel attacks, with confidential cloud computing as its main use case. To achieve this goal, we investigate novel mechanisms for the secure sharing and partitioning of compute resources, together with techniques for specifying and rigorously testing their resilience to side-channel attacks.