Patent attributes
In a virtualization environment, a guest process may protect itself from potential timing side-channel attacks by other guest processes on the same host machine by taking steps to obscure accesses to alternative critical code paths (e.g., alternative paths within cryptographic functions whose selection at runtime is dependent on secret data) that have been designated as potential targets of such attacks. This may include interleaving instructions from multiple alternative code paths so that they land in the same cache lines (e.g., so that all code paths pass through the same set of cache lines). The different code paths may be allocated the same or different numbers of bytes per cache line, and unused allocated locations may be filled with NOPs. Chunks of code for a given code path that fall on different cache lines may be linked using local jumps. Some code chunks may span the boundaries between two cache lines.
