Date of Award


Document Type


Degree Name

Master of Science


Department of Electrical and Computer Engineering

First Advisor

Scott R. Graham, PhD


From facial recognition on cell phones to vehicle traffic modeling for city planning, integrating ML models can be an expensive investment in resources. Protecting that investment is difficult, as information about the model and how it was built can be leaked through multiple channels, such as timing and memory access. In this thesis, one method of extracting data through a timing side-channel is examined across multiple hardware and software configurations to determine its reliability for general use. While attempting to determine the layer count of a target model solely from its inference time, the research determined that it is not reliable under all circumstances primarily due to hardware and software optimizations. These optimizations tend to change the variance of inference times for models of a given layer count, which obscures the expected monotonic relationship between the two variables.

AFIT Designator



Approved for public release: 88ABW-2023-0286

A 12-month embargo was observed.