Delay-Privacy Tradeoff in the Design of Scheduling Policies

Traditionally, scheduling policies have been optimized to perform well on metrics, such as throughput, delay, and fairness. In the context of shared event schedulers, where a common processor is shared among multiple users, one also has to consider the privacy offered by the scheduling policy. The privacy offered by a scheduling policy measures how much information about the usage pattern of one user of the system can be learned by another as a consequence of sharing the scheduler. We introduced an estimation error-based metric to quantify this privacy. We showed that the most commonly deployed scheduling policy, the first-come-first-served offers very little privacy to its users. We also proposed a parametric nonwork conserving policy, which traded off delay for improved privacy. In this paper, we ask the question, is a tradeoff between delay and privacy fundamental to the design to scheduling policies? In particular, is there a work conserving, possibly randomized, and scheduling policy that scores high on the privacy metric? Answering the first question, we show that there does exist a fundamental limit on the privacy performance of a work-conserving scheduling policy. We quantify this limit. Furthermore, answering the second question, we demonstrate that the round-robin scheduling policy (deterministic policy) is privacy optimal within the class of work-conserving policies.

[1]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[2]  Dan Page,et al.  Partitioned Cache Architecture as a Side-Channel Defence Mechanism , 2005, IACR Cryptology ePrint Archive.

[3]  Ruby B. Lee,et al.  Covert and Side Channels Due to Processor Architecture , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[4]  E. L. Hahne,et al.  Round-Robin Scheduling for Max-Min Fairness in Data Networks , 1991, IEEE J. Sel. Areas Commun..

[5]  Parvathinathan Venkitasubramaniam,et al.  On the anonymity of Chaum mixes , 2008, 2008 IEEE International Symposium on Information Theory.

[6]  Xun Gong,et al.  Low-Cost Side Channel Remote Traffic Analysis Attack in Packet Networks , 2010, 2010 IEEE International Conference on Communications.

[7]  Johan Agat,et al.  Transforming out timing leaks , 2000, POPL '00.

[8]  Ira S. Moskowitz,et al.  The channel capacity of a certain noisy timing channel , 1992, IEEE Trans. Inf. Theory.

[9]  Charles M. Grinstead,et al.  Introduction to probability , 1999, Statistics for the Behavioural Sciences.

[10]  M. R. Leadbetter Poisson Processes , 2011, International Encyclopedia of Statistical Science.

[11]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[12]  Nikita Borisov,et al.  Website Detection Using Remote Traffic Analysis , 2011, Privacy Enhancing Technologies.

[13]  Colin Percival CACHE MISSING FOR FUN AND PROFIT , 2005 .

[14]  Parv Venkitasubramaniam,et al.  Mitigating timing based information leakage in shared schedulers , 2012, 2012 Proceedings IEEE INFOCOM.

[15]  R. Srikant,et al.  Towards a Theory of Anonymous Networking , 2010, 2010 Proceedings IEEE INFOCOM.

[16]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[17]  T. V. Narayana,et al.  Lattice Path Combinatorics With Statistical Applications , 1979 .

[18]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[19]  Xun Gong,et al.  Designing Router Scheduling Policies: A Privacy Perspective , 2012, IEEE Transactions on Signal Processing.

[20]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[21]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[22]  Parv Venkitasubramaniam,et al.  Scheduling with privacy constraints , 2012, 2012 IEEE Information Theory Workshop.

[23]  Wade Trappe,et al.  BIT-TRAPS: Building Information-Theoretic Traffic Privacy Into Packet Streams , 2011, IEEE Transactions on Information Forensics and Security.

[24]  T. V. Narayana Lattice Path Combinatorics with Statistical Applications; Mathematical Expositions 23 , 1979 .

[25]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[26]  Roger Dingledine,et al.  A Practical Congestion Attack on Tor Using Long Paths , 2009, USENIX Security Symposium.