[Sanddancer]

A lot of that is dumping cache and then trying to refill it after the context switch. Regarding context switches, one of the things that they suggested is to pin one core to stay in the system context and just handle servicing syscalls, etc. Given a modern server can have up to a few hundred logical cores, that's not as big of a thing to ask for as it was even a few years ago. Even "cheap" servers these days have 8-16, so pinning there might even make sense as well.

[nickpsecurity]

That's what I did in some of my designs. It was more about covert channel mitigation by ensuring the secrets and untrusted stuff used seperate CPU's. Side benefit was performance benefit of less cache flushes. It works.

[hyperpape]

This isn't something I've used, but the low latency people on the Mechanical Sympathy mailing list seem to talk a lot about pinning cores to particular processes. This paper seems to have a lot of the same underlying considerations.