"The first capability an adversary needs is to mount a microarchitectural side channel attack against a vulnerable implementation. For that, the adversary needs the ability to execute code on the machine that runs the victim’s implementation."
A few lines below: "For example, a TLS server running
in a virtual machine on a public cloud server, where the
physical server hardware is shared between the victim’s TLS
server and an attacker’s virtual machine."
Just as Spectre and Meltdown were bigger threats for cloud/serverless systems, this is also. A dedicated server is a vast increase in security. I suspect these attacks may be the start of the distributed/centralized pendulum (for hosting) swinging back towards distributed, at least in some areas .
"The first capability an adversary needs is to mount a microarchitectural side channel attack against a vulnerable implementation. For that, the adversary needs the ability to execute code on the machine that runs the victim’s implementation."