At least some of those resources can only deal with encrypted data to reduce the amount of leakage to acceptable levels.
Or maybe we can contain the problem by having a kernel that manages access to all resources, but keeps individual processes on nearly separate hardware.
As you can probably tell, I have no idea what I'm talking about here, but the more of these big side channel attacks that come out, the more I'm feeling that there is no way to securely share a machine among multiple processes without just giving up and letting them all have access to one another.
Or maybe we can contain the problem by having a kernel that manages access to all resources, but keeps individual processes on nearly separate hardware.
As you can probably tell, I have no idea what I'm talking about here, but the more of these big side channel attacks that come out, the more I'm feeling that there is no way to securely share a machine among multiple processes without just giving up and letting them all have access to one another.