Computer systems often provide hardware support for isolation mechanisms like privilege levels, virtual memory, or enclaved execution. Over the past few years, several successful software-based side-channel attacks have been developed that break, or at least significantly weaken, the isolation that these mechanisms offer. Extending a processor with new (micro)architectural features brings a risk of enabling new such side-channel attacks.

Here, we summarize our work in extending a processor with new features \emph{without} weakening the security of the isolation mechanisms that it offers.

For that, we first argue that a sensible formal criterion for proving the security of a processor extension is \emph{full abstraction}. Then, we sketch the proof that our carefully designed extension of a microprocessor supports interruptibility of enclaved executions in a secure manner.