We investigate techniques for general black-box mitigation of timing channels. The source of events is wrapped by a timing mitigator that delays output events so that they contain only a bounded amount of information. We introduce a general class of timing mitigators that can achieve any given bound on timing channel leakage, with a tradeoff in system performance. We show these mitigators compose well with other mechanisms for information flow control, and demonstrate they are effective against some known timing attacks. Categories and Subject Descriptors: C.2.0 [Computer Communication Networks]: General--Security and protection General Terms: Security
Aslan Askarov, Danfeng Zhang, Andrew C. Myers