Companies are employing virtual machines (VMs) as a cost-efficient solution for maintaining legacy operating systems (OSs) that are compatible with their software ecosystem. However, legacy OSs often lack mitigations for modern microarchitectural threats, such as speculative execution attacks (SEAs). This thesis focuses on the bounds check bypass attack, a type of SEA, and examines how processor configurations, the complexity of data structures used to architect the attack, and the attack execution time influence the attack's accuracy in virtualized environments. Experiments were conducted across four VM configurations with 8, 16, 24, and 32 virtual central processing units (vCPUs), using implementations in C and C++ with different data structures used in the attack's architecture.

The results show a direct relationship between the number of vCPUs and attack accuracy. The VM with 32 vCPUs consistently achieved the highest attack accuracy, exceeding 90%, highlighting that increased processor availability reduces timing interference from context switching and shared cache contention. Additionally, the study found that longer execution times, often introduced by memory overhead or various types of system noise (e.g., context switching), decrease attack accuracy by increasing the likelihood of cache pollution before performing cache timing analysis, a key step in the attack. These results suggest that implementation simplicity, reduced memory overhead, and increased vCPU counts improve the attack's reliability. This research provides a framework for understanding how hardware resource allocation and system noise influence the bounds check bypass attack while highlighting opportunities for developing mitigations in modern and legacy systems.