pith. sign in

arxiv: 1906.08957 · v1 · pith:ZTJGJ677new · submitted 2019-06-21 · 💻 cs.CR · cs.LG

Quantitative Mitigation of Timing Side Channels

Saeid Tizpaz-Niari , Pavol Cerny , Ashutosh Trivedi This is my paper

Pith reviewed 2026-05-25 19:11 UTC · model grok-4.3

classification 💻 cs.CR cs.LG
keywords timing side channelsquantitative mitigationentropy-based objectivesmin-guess entropyfunctional-observation modelmixed integer-linear programmingperformance overheadShannon mitigation
0
0 comments X

The pith

An optimization approach minimizes entropy leaks from timing side channels while capping performance overhead.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper sets out to show that timing side channel strength, measured by entropy objectives such as min-guess entropy, can be reduced by solving a constrained optimization problem that respects a user-chosen performance bound. This matters in the functional-observation threat model because an attacker who sees execution times for the same secret paired with varying public inputs can exploit leaks that prior methods leave unaddressed with no joint confidentiality or overhead guarantees. The authors prove the deterministic version of the resulting Shannon mitigation problem is NP-hard yet solvable in polynomial time on a restricted program class, then supply entropy-specific solvers such as mixed integer-linear programming for the stochastic version and demonstrate the resulting SCHMIT tool on both micro-benchmarks and real applications.

Core claim

The paper claims that Shannon mitigation—formulated as the task of minimizing an entropy-based leak measure subject to a maximum performance overhead—admits a polynomial-time optimal solution on restricted programs in its deterministic variant and can be solved via tailored optimization such as mixed integer-linear programming for min-guess entropy in its stochastic variant, thereby delivering both confidentiality maximization and performance guarantees for the functional-observation threat model where existing techniques provide neither.

What carries the argument

The Shannon mitigation optimization problem, which minimizes an entropy objective subject to a performance-overhead constraint and is solved with entropy-specific techniques such as mixed integer-linear programming.

If this is right

  • The NP-hardness of deterministic Shannon mitigation implies that exact solutions are feasible only for restricted program classes or via approximation.
  • Entropy-specific solvers such as mixed integer-linear programming enable direct optimization of min-guess entropy rather than proxy measures.
  • In the functional-observation model, the approach supplies joint confidentiality and performance bounds that prior mitigation methods lack.
  • Evaluation results indicate that the method scales to real applications while still reducing measured side-channel strength.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same optimization framing could be tested on side channels other than timing if analogous entropy measures can be defined for them.
  • Programs larger than those in the evaluation might expose scalability boundaries that the current experiments do not reach.
  • Layering the mitigation with hardware-level defenses could be examined to see whether combined techniques exceed what either achieves alone.

Load-bearing premise

The proposed optimization algorithms remain efficient when applied to complex real-world programs beyond the evaluated cases.

What would settle it

Applying the SCHMIT algorithms to a substantially larger real-world program and finding that no solution is returned within reasonable compute time or that the returned solution leaves more entropy than a baseline method would falsify the scalability and superiority claims.

Figures

Figures reproduced from arXiv: 1906.08957 by Ashutosh Trivedi, Pavol Cerny, Saeid Tizpaz-Niari.

Figure 1
Figure 1. Figure 1: (a) The example used in Section 2. (b) The timing functions for each secret value of the program. 2 Overview First, we describe the threat model considered in this paper. Second, we describe our approach on a running example. Third, we compare the results of Schmit with the existing mitigation techniques [29,10,52] and show that Schmit achieves the highest entropy (i.e., best mitigation) for all three entr… view at source ↗
Figure 2
Figure 2. Figure 2: (a)Mitigation policy calculation with deterministic algorithm (left). The ob￾servations x1 and x2 stands for all observations from C2−C5 and from C8−C9, resp.; (b) Leaned discriminant decision tree (center): it characterizes the functional clusters of [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: (a) The execution time after mitigation using the double scheme technique [10]. There are four classes of functional observations after the mitigation. (b) Mitigation with bucketing [29]. All observations require to move to the closet red line. (c) Func￾tional observations distinguish 7 classes of observations after mitigating with bucketing. cret are received in the beginnig of epoch N = 1 [PITH_FULL_IMA… view at source ↗
Figure 4
Figure 4. Figure 4: (a). Example of Shannon mitigation problem with all possible mitigation poli￾cies for 4 classes of observations. (b,c) Two examples of the mitigation policies that results in 2 and 3 classes of observations. merging more than k − 2 clusters is disallowed by keeping performance penalty πA(f, g) = 1 and performance overhead ∆A = k − 2. It is straightforward to verify that an instance of the resulting min-gue… view at source ↗
Figure 5
Figure 5. Figure 5: Computation time for synthesizing mitigation policy over Branch and Loop applications. Computation time for min-guess entropy (a) takes only few seconds. Com￾putation time for the Shannon entropy (b) and guessing entropy (c) are expensive using Stochastic optimization. We set time-out to be 10 hours. 7 Case Study Research Question. Does Schmit scale well and improve the security of ap￾plications (entropy m… view at source ↗
Figure 6
Figure 6. Figure 6: Initial functional observations, decision tree, and the mitigated observations from left to right for Gabfeed, Jetty, and Verbal Expressions from top to bottom. first uses the initial clusterings and specifies their characteristics with program internals that result in the decision tree model shown in Fig 6e. Since the re￾sponse time is in the order of micro-seconds, we transform the source code using the … view at source ↗
Figure 7
Figure 7. Figure 7: Schmit work-flow. Schmit consists of three components. 2) Mitigation policy. We uses the policy algorithms (Section 5) to calculate the mitigation policy given the clusters, their sizes, and their distances. We use two types of algo￾rithms: deterministic and stochastic. The deterministic algorithm is an instance of dynamic programming implemented in Java. The stochastic algorithms have three variants for t… view at source ↗
Figure 8
Figure 8. Figure 8: (a) A program with three functional observations C1, C2 and C3. The dashed curve C1,2,3 is the upper-envelope of functions C1, C2, and C3. (b) All possible resulting combinations of functional observations resulting from adding delays to various clusters [PITH_FULL_IMAGE:figures/full_fig_p021_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Entropy values versus performance overhead bounds on Branch and loop 4. (a) Min-guess entropy, (b) Shannon Entropy, (c) Guessing entropy. method. In the second step, we enforce the mitigation policy. This step can be done either with a monitoring system at run-time automatically or with a source code transformation semi-automatically. The enforcement uses the decision tree model and matches the properties … view at source ↗
read the original abstract

Timing side channels pose a significant threat to the security and privacy of software applications. We propose an approach for mitigating this problem by decreasing the strength of the side channels as measured by entropy-based objectives, such as min-guess entropy. Our goal is to minimize the information leaks while guaranteeing a user-specified maximal acceptable performance overhead. We dub the decision version of this problem Shannon mitigation, and consider two variants, deterministic and stochastic. First, we show the deterministic variant is NP-hard. However, we give a polynomial algorithm that finds an optimal solution from a restricted set. Second, for the stochastic variant, we develop an algorithm that uses optimization techniques specific to the entropy-based objective used. For instance, for min-guess entropy, we used mixed integer-linear programming. We apply the algorithm to a threat model where the attacker gets to make functional observations, that is, where she observes the running time of the program for the same secret value combined with different public input values. Existing mitigation approaches do not give confidentiality or performance guarantees for this threat model. We evaluate our tool SCHMIT on a number of micro-benchmarks and real-world applications with different entropy-based objectives. In contrast to the existing mitigation approaches, we show that in the functional-observation threat model, SCHMIT is scalable and able to maximize confidentiality under the performance overhead bound.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper proposes SCHMIT, a tool for quantitative mitigation of timing side channels under the functional-observation threat model. It defines the Shannon mitigation problem of minimizing entropy-based leakage measures (e.g., min-guess entropy) subject to a user-specified performance overhead bound, proves the deterministic variant NP-hard while giving a polynomial-time algorithm on a restricted subset, reduces the stochastic variant to MILP (or other tailored solvers) for specific entropy objectives, and evaluates on micro-benchmarks plus real-world programs to claim that SCHMIT is scalable and maximizes confidentiality where prior work does not provide guarantees.

Significance. If the empirical scalability claims hold, the work supplies the first quantitative, optimization-based method that gives both confidentiality and performance guarantees in the functional-observation model; the NP-hardness proof and the MILP encoding for min-guess entropy are technically clean contributions that could be reused for other entropy objectives.

major comments (2)
  1. [§5] §5 (Evaluation): the scalability claim for the stochastic/MILP variant rests on results for micro-benchmarks and a handful of real-world programs; no scaling curves, timeout statistics, or size metrics (number of public inputs, paths, or variables) are reported that would show the off-the-shelf solver remains practical once these quantities grow, which is load-bearing for the abstract's central assertion that SCHMIT “is scalable”.
  2. [§3.2] §3.2 (Deterministic variant): the polynomial algorithm solves only a restricted subset of instances; the paper should state explicitly what fraction of realistic programs fall inside this subset and whether the deterministic approach is therefore mainly of theoretical interest.
minor comments (2)
  1. [§2] Notation for the functional-observation model (Definition 2) could be clarified with a small example showing how multiple public inputs are combined with the same secret.
  2. [§1] The abstract states that “existing mitigation approaches do not give confidentiality or performance guarantees” for the functional-observation model; a short related-work paragraph contrasting SCHMIT with the closest prior quantitative mitigations would strengthen this claim.

Simulated Author's Rebuttal

2 responses · 1 unresolved

We thank the referee for the constructive feedback. We address each major comment below.

read point-by-point responses

  1. Referee: [§5] §5 (Evaluation): the scalability claim for the stochastic/MILP variant rests on results for micro-benchmarks and a handful of real-world programs; no scaling curves, timeout statistics, or size metrics (number of public inputs, paths, or variables) are reported that would show the off-the-shelf solver remains practical once these quantities grow, which is load-bearing for the abstract's central assertion that SCHMIT “is scalable”.

    Authors: We agree that the evaluation would be strengthened by explicit scalability metrics. In the revised manuscript we will add scaling curves for the micro-benchmarks (varying number of paths and variables), report solver timeout statistics, and tabulate size metrics (public inputs, paths, variables) for every evaluated program. These additions will directly support the scalability claim for the instances tested. revision: yes

  2. Referee: [§3.2] §3.2 (Deterministic variant): the polynomial algorithm solves only a restricted subset of instances; the paper should state explicitly what fraction of realistic programs fall inside this subset and whether the deterministic approach is therefore mainly of theoretical interest.

    Authors: The polynomial algorithm applies to the subset of instances whose timing functions admit a linear or monotonic representation that permits the greedy selection procedure. We will revise Section 3.2 to state these structural conditions explicitly and discuss their practical relevance. Determining the precise fraction of realistic programs satisfying the conditions would require a separate large-scale corpus study that lies outside the scope of this work. revision: partial

standing simulated objections not resolved
  • The exact fraction of realistic programs that fall inside the restricted subset solved by the polynomial algorithm.

Circularity Check

0 steps flagged

No significant circularity; derivation relies on independent hardness proofs and external solvers

full rationale

The paper proves NP-hardness of the deterministic Shannon mitigation problem, supplies a separate polynomial algorithm only for a restricted subset, and reduces the stochastic case to MILP using standard entropy objectives and off-the-shelf solvers. These steps are not self-definitional or obtained by fitting then relabeling. The functional-observation threat model and confidentiality/performance guarantees are stated as the optimization target rather than derived from the algorithm itself. Evaluation on micro-benchmarks and real programs supplies empirical support for scalability without reducing any central claim to a tautology or self-citation chain. No load-bearing self-citations or ansatzes imported from prior author work appear in the derivation.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract provides no details on free parameters, axioms, or invented entities; the work appears to build on standard computational complexity and optimization methods.

pith-pipeline@v0.9.0 · 5770 in / 1061 out tokens · 30564 ms · 2026-05-25T19:11:50.285718+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

56 extracted references · 56 canonical work pages

  1. [1]

    Branch and bound algorithm for mip problems, http://www.gurobi.com/ resources/getting-started/mip-basics

    work page

  2. [2]

    Verbal expressions library, https://github.com/VerbalExpressions/ JavaVerbalExpressions

    work page

  3. [3]

    Timing attack in google keyczar library (2009), https://rdist.root.org/2009/ 05/28/timing-attack-in-google-keyczar-library/

    work page 2009

  4. [4]

    Gabfeed application (2016), https://github.com/Apogee-Research/STAC/tree/ master/Engagement_Challenges/Engagement_2/gabfeed_1

    work page 2016

  5. [5]

    Timing side-channel on the length of password in eclipse jetty (May 2017), https://github.com/eclipse/jetty.project/commit/ 2baa1abe4b1c380a30deacca1ed367466a1a62ea

    work page 2017

  6. [6]

    Timing side-channel on the password in eclipse jetty (May 2017), https://github.com/eclipse/jetty.project/commit/ f3751d70787fd8ab93932a51c60514c2eb37cb58

    work page 2017

  7. [7]

    In: Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages

    Agat, J.: Transforming out timing leaks. In: Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages. pp. 40–

    work page

  8. [8]

    Machine Learning 75(2), 245–248 (May 2009)

    Aloise, D., Deshpande, A., Hansen, P., Popat, P.: Np-hardness of euclidean sum- of-squares clustering. Machine Learning 75(2), 245–248 (May 2009)

    work page 2009

  9. [9]

    In: PLDI

    Antonopoulos, T., Gazzillo, P., Hicks, M., Koskinen, E., Terauchi, T., Wei, S.: De- composition instead of self-composition for proving the absence of timing channels. In: PLDI. pp. 362–375. ACM (2017)

    work page 2017

  10. [10]

    In: Proceedings of the 17th ACM conference on Computer and commu- nications security

    Askarov, A., Zhang, D., Myers, A.C.: Predictive black-box mitigation of timing channels. In: Proceedings of the 17th ACM conference on Computer and commu- nications security. pp. 297–307. ACM (2010)

    work page 2010

  11. [11]

    In: Security and Privacy, 2009 30th IEEE Symposium on

    Backes, M., K¨ opf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: Security and Privacy, 2009 30th IEEE Symposium on. pp. 141–153. IEEE (2009)

    work page 2009

  12. [12]

    athena scientific, 2016

    Bertsekas, D.P.: Nonlinear programming. athena scientific, 2016. Tech. rep., ISBN 978-1-886529-05-2

    work page 2016

  13. [13]

    Wadsworth: Belmont, CA (1984)

    Breiman, L., Friedman, J., Olshen, R., Stone, C.: Classification and regression trees. Wadsworth: Belmont, CA (1984)

    work page 1984

  14. [14]

    Computer Networks 48(5), 701–716 (2005)

    Brumley, D., Boneh, D.: Remote timing attacks are practical. Computer Networks 48(5), 701–716 (2005)

    work page 2005

  15. [15]

    Chen, J., Feng, Y., Dillig, I.: Precise detection of side-channel vulnerabilities using quantitative cartesian hoare logic. In: CCS. pp. 875–890 (2017)

    work page 2017

  16. [16]

    In: Pro- ceedings of OOPSLA’98 Workshop on Reflective Programming in C++ and Java

    Chiba, S.: Javassist - a reflection-based programming wizard for java. In: Pro- ceedings of OOPSLA’98 Workshop on Reflective Programming in C++ and Java. vol. 174 (1998)

    work page 1998

  17. [17]

    In: International Conference on Smart Card Research and Advanced Applications

    Dhem, J.F., Koeune, F., Leroux, P.A., Mestr´ e, P., Quisquater, J.J., Willems, J.L.: A practical implementation of the timing attack. In: International Conference on Smart Card Research and Advanced Applications. pp. 167–182. Springer (1998)

    work page 1998

  18. [18]

    In: International Conference on Computer Aided Verification

    Eldib, H., Wang, C.: Synthesis of masking countermeasures against side channel attacks. In: International Conference on Computer Aided Verification. pp. 114–130. Springer (2014)

    work page 2014

  19. [19]

    In: 2010 IEEE 18th International Workshop on Quality of Service (IWQoS)

    Fallgren, M.: On the complexity of maximizing the minimum shannon capacity in wireless networks by joint channel assignment and power allocation. In: 2010 IEEE 18th International Workshop on Quality of Service (IWQoS). pp. 1–7 (2010) 18 Tizpaz-Niari, ˇCern´ y, and Trivedi

    work page 2010

  20. [20]

    Springer Science & Business Media (2006)

    Ferraty, F., Vieu, P.: Nonparametric functional data analysis: theory and practice. Springer Science & Business Media (2006)

    work page 2006

  21. [21]

    gurobi.com

    Gurobi Optimization, L.: Gurobi optimizer reference manual (2018), http://www. gurobi.com

    work page 2018

  22. [22]

    In: Proceed- ings of the 26th Annual Computer Security Applications Conference

    Heusser, J., Malacaria, P.: Quantifying information leaks in software. In: Proceed- ings of the 26th Annual Computer Security Applications Conference. pp. 261–269. ACM (2010)

    work page 2010

  23. [23]

    Advances in Data Analysis and Classification 8(3), 231–255 (2014)

    Jacques, J., Preda, C.: Functional data clustering: a survey. Advances in Data Analysis and Classification 8(3), 231–255 (2014)

    work page 2014

  24. [24]

    Psychometrika 32(3), 241–254 (1967)

    Johnson, S.C.: Hierarchical clustering schemes. Psychometrika 32(3), 241–254 (1967)

    work page 1967

  25. [25]

    Jones, E., Oliphant, T., Peterson, P., et al.: SciPy: Open source scientific tools for Python (2001–), http://www.scipy.org/

    work page 2001

  26. [26]

    In: Infocom, 2012 Proceedings IEEE

    Kadloor, S., Kiyavash, N., Venkitasubramaniam, P.: Mitigating timing based in- formation leakage in shared schedulers. In: Infocom, 2012 Proceedings IEEE. pp. 1044–1052. IEEE (2012)

    work page 2012

  27. [27]

    In: Annual International Cryptology Conference

    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Annual International Cryptology Conference. pp. 104–113. Springer (1996)

    work page 1996

  28. [28]

    In: Proceedings of the 14th ACM Conference on Computer and Communi- cations Security

    K¨ opf, B., Basin, D.: An information-theoretic model for adaptive side-channel at- tacks. In: Proceedings of the 14th ACM Conference on Computer and Communi- cations Security. pp. 286–296. CCS ’07, ACM, New York, NY, USA (2007)

    work page 2007

  29. [29]

    In: Computer Security Foundations Symposium, 2009

    K¨ opf, B., D¨ urmuth, M.: A provably secure and efficient countermeasure against timing attacks. In: Computer Security Foundations Symposium, 2009. CSF’09. 22nd IEEE. pp. 324–335. IEEE (2009)

    work page 2009

  30. [30]

    International Journal of Information Security6(2-3), 107–131 (2007)

    K¨ opf, B., Mantel, H.: Transformational typing and unification for automatically correcting insecure programs. International Journal of Information Security6(2-3), 107–131 (2007)

    work page 2007

  31. [31]

    AI 106, 181– 203 (1998)

    Korf, R.E.: A complete anytime algorithm for number partitioning. AI 106, 181– 203 (1998)

    work page 1998

  32. [32]

    Communications of the ACM 16(10), 613–615 (1973)

    Lampson, B.W.: A note on the confinement problem. Communications of the ACM 16(10), 613–615 (1973)

    work page 1973

  33. [33]

    In: European Symposium on Research in Computer Security

    Mantel, H., Starostin, A.: Transforming out timing leaks, more or less. In: European Symposium on Research in Computer Security. pp. 447–467. Springer (2015)

    work page 2015

  34. [34]

    In: International Conference on Information Security and Cryptology

    Molnar, D., Piotrowski, M., Schultz, D., Wagner, D.: The program counter security model: Automatic detection and removal of control-flow side channel attacks. In: International Conference on Information Security and Cryptology. pp. 156–168. Springer (2005)

    work page 2005

  35. [35]

    Wiley, Chichester

    Nemhauser, G.L., Wolsey, L.A.: Integer programming and combinatorial optimiza- tion. Wiley, Chichester. GL Nemhauser, MWP Savelsbergh, GS Sigismondi (1992). Constraint Classification for Mixed Integer Programming Formulations. COAL Bulletin 20, 8–12 (1988)

    work page 1992

  36. [36]

    Nocedal, J., Wright, S.J.: Numerical optimization 2nd (2006)

    work page 2006

  37. [37]

    Springer (2006)

    Nocedal, J., Wright, S.J.: Sequential quadratic programming. Springer (2006)

    work page 2006

  38. [38]

    Padlipsky, M., Snow, D., Karger, P.: Limitations of end-to-end encryption in secure computer networks. Tech. rep., MITRE CORP BEDFORD MA (1978)

    work page 1978

  39. [39]

    Courier Corporation (1998)

    Papadimitriou, C.H., Steiglitz, K.: Combinatorial optimization: algorithms and complexity. Courier Corporation (1998)

    work page 1998

  40. [40]

    In: Computer Security Foundations Symposium (CSF), 2017 IEEE 30th

    Phan, Q.S., Bang, L., Pasareanu, C.S., Malacaria, P., Bultan, T.: Synthesis of adap- tive side-channel attacks. In: Computer Security Foundations Symposium (CSF), 2017 IEEE 30th. pp. 328–342. IEEE (2017) Quantitative Mitigation of Timing Side Channels 19

    work page 2017

  41. [41]

    Springer Science & Business Media (2009)

    Ramsay, J., Hooker, G., Graves, S.: Functional data analysis with R and MATLAB. Springer Science & Business Media (2009)

    work page 2009

  42. [42]

    Wiley Online Library (2006)

    Ramsay, J.O.: Functional data analysis. Wiley Online Library (2006)

    work page 2006

  43. [43]

    Communications of the ACM21(2), 120–126 (1978)

    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM21(2), 120–126 (1978)

    work page 1978

  44. [44]

    In: 2nd International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE) (2011)

    Schinzel, S.: An efficient mitigation method for timing side channels on the web. In: 2nd International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE) (2011)

    work page 2011

  45. [45]

    In: International Conference on Foundations of Software Science and Computational Structures

    Smith, G.: On the foundations of quantitative information flow. In: International Conference on Foundations of Software Science and Computational Structures. pp. 288–302. Springer (2009)

    work page 2009

  46. [46]

    In: Proceedings of the 2014 ACM International Conference on Object Oriented Pro- gramming Systems Languages & Applications

    Song, L., Lu, S.: Statistical debugging for real-world performance problems. In: Proceedings of the 2014 ACM International Conference on Object Oriented Pro- gramming Systems Languages & Applications. pp. 561–578. OOPSLA ’14 (2014), http://doi.acm.org/10.1145/2660193.2660234

    work page doi:10.1145/2660193.2660234 2014

  47. [47]

    In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems

    Tizpaz-Niari, S., ˇCern´ y, P., Chang, B.Y.E., Sankaranarayanan, S., Trivedi, A.: Dis- criminating traces with time. In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems. pp. 21–37. Springer (2017)

    work page 2017

  48. [48]

    In: 32nd AAAI Conference on Artificial Intelligence (AAAI)

    Tizpaz-Niari, S., ˇCern´ y, P., Chang, B.E., Trivedi, A.: Differential performance de- bugging with discriminant regression trees. In: 32nd AAAI Conference on Artificial Intelligence (AAAI). pp. 2468–2475 (2018)

    work page 2018

  49. [49]

    arXiv preprint arXiv:1808.10502 (2018)

    Tizpaz-Niari, S., ˇCern´ y, P., Trivedi, A.: Data-driven debugging for functional side channels. arXiv preprint arXiv:1808.10502 (2018)

    work page arXiv 2018

  50. [50]

    In: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis

    Wu, M., Guo, S., Schaumont, P., Wang, C.: Eliminating timing side-channel leaks using program repair. In: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis. pp. 15–26. ACM (2018)

    work page 2018

  51. [51]

    Journal of Cryptographic Engineering 7(2), 99–112 (2017)

    Yarom, Y., Genkin, D., Heninger, N.: Cachebleed: a timing attack on openssl constant-time rsa. Journal of Cryptographic Engineering 7(2), 99–112 (2017)

    work page 2017

  52. [52]

    In: Proceedings of the 18th ACM conference on Computer and communications security

    Zhang, D., Askarov, A., Myers, A.C.: Predictive mitigation of timing channels in interactive systems. In: Proceedings of the 18th ACM conference on Computer and communications security. pp. 563–574. ACM (2011)

    work page 2011

  53. [53]

    PLDI 47(6), 99–110 (2012) 20 Tizpaz-Niari, ˇCern´ y, and Trivedi 9 Appendix 9.1 Overview of Schmit Schmit consists of three components:

    Zhang, D., Askarov, A., Myers, A.C.: Language-based control and mitigation of timing channels. PLDI 47(6), 99–110 (2012) 20 Tizpaz-Niari, ˇCern´ y, and Trivedi 9 Appendix 9.1 Overview of Schmit Schmit consists of three components:

    work page 2012

  54. [54]

    Initial Security Analysis. Inspired by [49], for each secret value, we use B-spline basis [42] in general to model arbitrary timing functions of secret values in the domain of public inputs, but we also allow simpler functional models such as polynomial functions. We use the non-parametric functional clustering [20] with hierarchal algorithms [24] to obta...

    work page

  55. [55]

    We uses the policy algorithms (Section 5) to calculate the mitigation policy given the clusters, their sizes, and their distances

    Mitigation policy. We uses the policy algorithms (Section 5) to calculate the mitigation policy given the clusters, their sizes, and their distances. We use two types of algo- rithms: deterministic and stochastic. The deterministic algorithm is an instance of dynamic programming implemented in Java. The stochastic algorithms have three variants for three ...

    work page

  56. [56]

    In the first step, we characterize each class of observation with program inter- nal properties

    Enforcement of mitigation policy. In the first step, we characterize each class of observation with program inter- nal properties. We use decision tree algorithms [13] to characterize each class of observation with corresponding program internal features. Fig 2(b) in Section 2 is an example of decision tree model that characterizes each class of observatio...

    work page