Stratus: Clouds with microarchitectural resource management

Kaveh Razavi, Animesh Trivedi

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review


The emerging next generation of cloud services like Granular and Serverless computing are pushing the boundaries of the current cloud infrastructure. In order to meet the performance objectives, researchers are now leveraging low-level microarchitectural resources in clouds. At the same time these resources are also a major source of security problems that can compromise the confidentiality and integrity of sensitive data in multi-tenant shared cloud infrastructures. The core of the problem is the lack of isolation due to the unsupervised sharing of microarchitectural resources across different performance and security boundaries. In this paper, we introduce Stratus clouds that treat the isolation on microarchitectural elements as the key design principle when allocating cloud resources. This isolation improves both performance and security, but at the cost of reducing resource utilization. Stratus captures this trade-off using a novel abstraction that we call isolation credit, and show how it can help both providers and tenants when allocating microarchitectural resources using Stratus's declarative interface. We conclude by discussing the challenges of realizing Stratus clouds today.

Original languageEnglish
Title of host publicationHotCloud '20 - 12th USENIX Workshop on Hot Topics in Cloud Computing
Subtitle of host publication[Proceedings]
Number of pages12
Publication statusPublished - 2020
Event12th USENIX Workshop on Hot Topics in Cloud Computing, HotCloud 2020, co-located with USENIX ATC 2020 - Virtual, Online
Duration: 13 Jul 202014 Jul 2020


Conference12th USENIX Workshop on Hot Topics in Cloud Computing, HotCloud 2020, co-located with USENIX ATC 2020
CityVirtual, Online


We thank our shepherd, Jon Howell, and the anonymous reviewers for their constructive comments. This work has been supported by NWO 016.Veni.192.262 and by Intel Corporation through the Side Channel Vulnerability ISRA.

FundersFunder number
Nederlandse Organisatie voor Wetenschappelijk Onderzoek


    Dive into the research topics of 'Stratus: Clouds with microarchitectural resource management'. Together they form a unique fingerprint.

    Cite this