Wow, thanks, that's a fascinating paper! Direct link to pdf: [1].
So it turns out that if a transistor is kept on continuously its threshold voltage gradually increases (Negative-Bias Temperature-Instability (NBTI)), increasing the switching delay. This attack targets transistors along the critical path, increasing the path's delay until it exceeds the allowed tolerance (guardband). Turning the transistor off "heals" it; as a workaround they suggest periodically executing certain nop instructions to ensure critical path transistors spend at least 0.05% of their time turned off. They perform simulations using models of 45nm high-k PMOS transistors to produce their results. A good quote about processor reliability:
Guardbanding is the current industrial practice to cope with transistor aging and
voltage droops [Agarwal et al. 2007]. It entails slowing down the clock frequency (i.e.,
adding timing margin during design) based on the worst degradation the transistors
might experience during their lifetime. The guardbands ensure that enough current
passes through the processor to keep it above the threshold voltage and in turn ensure
that the processor functionality is intact for an average period of 5 to 7 years [Tiwari
and Torrellas 2008]. However, inserting wide guardbands degrades performance and
increases energy consumption. Hence, processor design companies usually have small
guardbands, typically 10% [Agarwal et al. 2007]. However, the MAGIC-based attack
can deteriorate the critical path by 11% and cause erroneous results in 1 month.
This also explains why overclocking a CPU may be a bad idea, although they also show that random instructions don't come close to the worst case ageing.
