Empirical Evaluation of Side-Channel Mitigation on a JVM with
JIT-Compilation


This thesis evaluates program transformations for removing timing
side-channel vulnerabilities wrt. security and overhead. The
evaluation is launched in the steady state of four different JVM
with JIT-compilation. We examine four well-known transformations and
confirm the substantial difference in their performance overhead.
We empirically investigate the channel bandwidth and propose some
novel findings about the effectiveness of the transformation. We
observe that some transformations still effectively remove timing
side channel despite the optimization yielded by the JIT-compilation.
Furthermore, we show that our findings are consistent across
different JVM. Based on the experimental results we also provide a
guidance for choosing a suitable transformation for removing timing
side-channel vulnerabilities under different JVM wrt. the trade-off
between security and performance overhead.