Transient execution vulnerabilities are a structural risk in modern cloud environments despite years of mitigations and risk reassessment. Subtle interactions between speculative execution, caching behavior and virtualization boundaries continue to expose attack paths that bypass traditional isolation guarantees. By chaining previously disclosed CPU flaws, attackers can construct reliable memory disclosure primitives that operate under realistic cloud conditions, including noisy, multi-tenant systems. The results challenge assumptions that such attacks are impractical outside controlled environments and underscore the need for architectural defenses that address root causes rather than individual symptoms.

This session, led by Mathé Hertogh, Ph.D. student, VU Amsterdam, will cover:

• Limits of existing mitigations for speculative and transient execution flaws;
• Techniques for identifying co-located workloads without prior targeting;
• Reliability of leakage under heavy system noise and contention.