An Information Theoretic Study of Timing Side Channels in Two-user Schedulers

Timing side channels in two-user schedulers are studied. When two users share a scheduler, one user may learn the other user's behavior from patterns of service timings. We measure the information leakage of the resulting timing side channel in schedulers serving a legitimate user and a malicious attacker, using a privacy metric defined as the Shannon equivocation of the user's job density. We show that the commonly used first-come-first-serve (FCFS) scheduler provides no privacy as the attacker is able to to learn the user's job pattern completely. Furthermore, we introduce an scheduling policy, accumulate-and-serve scheduler, which services jobs from the user and attacker in batches after buffering them. The information leakage in this scheduler is mitigated at the price of service delays, and the maximum privacy is achievable when large delays are added.

[1]  Todd P. Coleman,et al.  Characterizing the Efficacy of the NRL Network Pump in Mitigating Covert Timing Channels , 2012, IEEE Transactions on Information Forensics and Security.

[2]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[3]  Ira S. Moskowitz,et al.  An analysis of the timed Z-channel , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[4]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[5]  Ove Frank,et al.  Entropy of sums of random digits , 1994 .

[6]  V. Anantharam,et al.  Information Theory of Covert Timing Channels 1 , 2006 .

[7]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[8]  Ira S. Moskowitz,et al.  A Network Pump , 1996, IEEE Trans. Software Eng..

[9]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[10]  Ira S. Moskowitz,et al.  A pump for rapid, reliable, secure communication , 1993, CCS '93.

[11]  Nikita Borisov,et al.  Website Detection Using Remote Traffic Analysis , 2011, Privacy Enhancing Technologies.

[12]  L. Goddard Information Theory , 1962, Nature.

[13]  Peter Green,et al.  Markov chain Monte Carlo in Practice , 1996 .

[14]  Xun Gong,et al.  Information theoretic analysis of side channel information leakage in FCFS schedulers , 2011, 2011 IEEE International Symposium on Information Theory Proceedings.

[15]  Jonathan K. Millen Finite-state noiseless covert channels , 1989, Proceedings of the Computer Security Foundations Workshop II,.

[16]  Sergio Verdú,et al.  Bits through queues , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[17]  Bruce E. Hajek,et al.  An information-theoretic and game-theoretic study of timing channels , 2002, IEEE Trans. Inf. Theory.

[18]  Neri Merhav,et al.  Relations between entropy and error probability , 1994, IEEE Trans. Inf. Theory.

[19]  Negar Kiyavash,et al.  Delay optimal policies offer very little privacy , 2013, 2013 Proceedings IEEE INFOCOM.

[20]  Colin Percival CACHE MISSING FOR FUN AND PROFIT , 2005 .

[21]  Parv Venkitasubramaniam,et al.  Mitigating timing based information leakage in shared schedulers , 2012, 2012 Proceedings IEEE INFOCOM.

[22]  Nikita Borisov,et al.  A Low-Cost Side Channel Traffic Analysis Attack in Packet Networks , 2009 .

[23]  J. McFadden The Entropy of a Point Process , 1965 .

[24]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[25]  F. G. Foster On the Stochastic Matrices Associated with Certain Queuing Processes , 1953 .