Non-constant-time programs in shared-memory systems remain vulnerable to transient-execution side-channel attacks (e.g., Spectre), due to speculative access to shared memory. Method: This paper proposes the Relaxed Microarchitectural Isolation (RMI) security model—the first formalization of the “leaks only non-speculative information” property—and implements it via a hybrid approach: enclave-level microarchitectural isolation augmented with lightweight hardware mechanisms. On an FPGA-based multicore platform, we realize two execution modes—Safe Mode (disabling speculative accesses to shared memory) and Burst Mode (speculation optimization guided by fine-grained code analysis). Contribution/Results: Our end-to-end prototype, Citadel, integrates seamlessly into Linux and supports cryptographic libraries and private inference applications. It incurs <5% average performance overhead, strictly satisfies the RMI security guarantee, and effectively mitigates Spectre-V1 and Spectre-V2–class attacks—achieving a rigorous balance between high security and low overhead.

Transient execution side-channel attacks, such as Spectre, have been shown to break almost all isolation primitives. We introduce a new security property we call relaxed microarchitectural isolation (RMI) that allows sensitive programs that are not-constant-time to share memory with an attacker while restricting the information leakage to that of non-speculative execution. Although this type of speculative security property is typically challenging to enforce, we show that we can leverage the enclave setup to achieve it. In particular, we use microarchitectural isolation to restrict attacker's observations in conjunction with straightforward hardware mechanisms to limit speculation. This new design point presents a compelling trade-off between security, usability, and performance, making it possible to efficiently enforce RMI for any program. We demonstrate our approach by implementing and evaluating two simple defense mechanisms that satisfy RMI: (1) Safe mode, which disables speculative accesses to shared memory, and (2) Burst mode, a localized performance optimization that requires simple program analysis on small code snippets. Our end-to-end prototype, Citadel, consists of an FPGA-based multicore processor that boots Linux and runs secure applications, including cryptographic libraries and private inference, with less than 5% performance overhead.