Quantitative Mitigation of Timing Side Channels
Saeid Tizpaz-Niari, Pavol Cerny, Ashutosh Trivedi

TL;DR
This paper introduces a novel approach called SCHMIT for mitigating timing side channels by reducing information leaks through entropy-based objectives, while maintaining user-defined performance overhead, applicable to real-world applications.
Contribution
It formulates the problem of timing side channel mitigation as Shannon mitigation, providing polynomial algorithms for deterministic cases and optimization-based solutions for stochastic cases, addressing a gap in existing methods.
Findings
SCHMIT effectively reduces timing side channels in benchmarks
The approach guarantees confidentiality within performance bounds
It scales to real-world applications with functional timing observations
Abstract
Timing side channels pose a significant threat to the security and privacy of software applications. We propose an approach for mitigating this problem by decreasing the strength of the side channels as measured by entropy-based objectives, such as min-guess entropy. Our goal is to minimize the information leaks while guaranteeing a user-specified maximal acceptable performance overhead. We dub the decision version of this problem Shannon mitigation, and consider two variants, deterministic and stochastic. First, we show the deterministic variant is NP-hard. However, we give a polynomial algorithm that finds an optimal solution from a restricted set. Second, for the stochastic variant, we develop an algorithm that uses optimization techniques specific to the entropy-based objective used. For instance, for min-guess entropy, we used mixed integer-linear programming. We apply the…
Click any figure to enlarge with its caption.
Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10
Figure 11
Figure 12
Figure 13
Figure 14
Figure 15
Figure 16
Figure 17
Figure 18
Figure 19
Figure 20
Figure 21
Figure 22
Figure 23
Figure 24
Figure 25
Figure 26
Figure 27
Figure 28Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
