Title: Transforming Out Timing Leaks, More or Less


We experimentally evaluate program transformations for removing timing 
side-channel vulnerabilities wrt. security and overhead. Our study of 
four well-known transformations confirms that their performance 
overhead differs substantially. A novelty of our work is the empirical 
investigation of channel bandwidths, which clarifies that the 
transformations also differ wrt. how much security they add to a 
program. Interestingly, we observe such differences even between 
transformations that have been proven to establish timing-sensitive 
noninterference. Beyond clarification, our findings provide guidance 
for choosing a suitable transformation for removing timing 
side-channel vulnerabilities. Such guidance is needed because there is 
a trade-off between security and overhead, which makes choosing a 
suitable transformation non-trivial.