This page on VM side channel attack mitigations is scary: https://github.com/firecracker-microvm/firecracker/blob/master/docs/prod-host-setup.md
Using the Linux KVM API seems easy enough, but we have all this hidden danger now.
@kosinus Not really surprising to me. If Spectre/Meltdown communicates anything to us it's that software sandboxes don't really work. Not that we really have anything better in many circumstances.
You could design it so the only thing you can Time is the input (the Functional Reactive Paradigm). Or you can schedule the output.
As for caches I'm not really clear what would help or hurt. But I think keeping the young generation entirely in per-core caches would help.