Methods and systems for side channel analysis detection and protection

What is claimed is: 1. A method of detecting side channel attacks in a computing device, comprising: receiving a full classifier model that includes a plurality of decision nodes; monitoring an activity of the computing device over a time period to collect behavior information; using the collected behavior information to generate a behavior vector information structure that includes a plurality of numerical values that characterize the monitored activity; culling the received full classifier model to generate a lean classifier model; applying the generated behavior vector information structure to the lean classifier model, the lean classifier model including a plurality of decision nodes that collectively test a plurality of different conditions in the computing device, each decision node including a weight value and a corresponding test condition, each weight value indicating a likelihood that an answer to the corresponding test condition will allow the computing device to determine whether a side channel attack is underway; and determining whether the side channel attack is underway based on analysis results generated by applying the generated behavior vector information structure to the lean classifier model. 2. The method of claim 1 , wherein determining whether the side channel attack is underway based on the analysis results generated by applying the generated behavior vector information structure to the lean classifier model comprises determining two or more of: whether the computing device is in airplane mode; whether a battery of the computing device the battery has been replaced with a stable DC power supply; whether a touch-screen display of the computing device has been disconnected; and whether there are repeated calls to a cipher application programming interface (API) within the time period. 3. The method of claim 2 , further comprising: performing an obfuscation operation in response to determining that the side channel attack is underway. 4. The method of claim 2 , further comprising: terminating the monitored activity in response to determining that the side channel attack is underway. 5. The method of claim 2 , wherein monitoring the activity of the computing device over the time period to collect behavior information comprises: determining a feature that is to be observed in the computing device in order to identify the side channel attack; and collecting the behavior information from a hardware component associated with the determined feature. 6. The method of claim 5 , wherein collecting the behavior information from the hardware component associated with the feature comprises collecting information from a log of API calls that stores API call information for use of the hardware component by software applications of the computing device. 7. The method of claim 2 , further comprising: applying machine learning techniques to generate a first family of classifier models that describe a cloud corpus of behavior vectors; determining which factors in the first family of classifier models have a high probability of enabling the computing device to conclusively determine whether a behavior is indicative of a side channel attack; generating a second family of classifier models that identify fewer factors and data points as being relevant for enabling the computing device to determine whether the behavior is indicative of a side channel attack; and generating the lean classifier model based on the second family of classifier models. 8. A computing device, comprising: means for receiving a full classifier model that includes a plurality of decision nodes; means for monitoring an activity of the computing device over a time period to collect behavior information; means for using the collected behavior information to generate a behavior vector information structure that includes a plurality of numerical values that characterize the monitored activity; means for culling the received full classifier model to generate a lean classifier model; means for applying the generated behavior vector information structure to the lean classifier model, the lean classifier model including a plurality of decision nodes that collectively test a plurality of different conditions in the computing device, each decision node including a weight value and a corresponding test condition, each weight value indicating a likelihood that an answer to the corresponding test condition will allow the computing device to determine whether a side channel attack is underway; and means for determining whether the side channel attack is underway based on analysis results generated by applying the generated behavior vector information structure to the lean classifier model. 9. The computing device of claim 8 , wherein means for determining whether the side channel attack is underway based on the analysis results generated by applying the generated behavior vector information structure to the lean classifier model comprises means for determining two or more of: whether the computing device is in airplane mode; whether a battery of the computing device the battery has been replaced with a stable DC power supply; whether a touch-screen display of the computing device has been disconnected; and whether there are repeated calls to a cipher application programming interface (API) within the time period. 10. The computing device of claim 9 , further comprising: means for performing an obfuscation operation in response to determining that the side channel attack is underway. 11. The computing device of claim 9 , further comprising: means for terminating the monitored activity in response to determining that the side channel attack is underway. 12. The computing device of claim 9 , wherein means for monitoring the activity of the computing device over the time period to collect behavior information comprises: means for determining a feature that is to be observed in the computing device in order to identify the side channel attack; and means for collecting the behavior information from a hardware component associated with the determined feature. 13. The computing device of claim 12 , wherein means for collecting the behavior information from the hardware component associated with the feature comprises means for collecting information from a log of API calls that stores API call information for use of the hardware component by software applications of the computing device. 14. The computing device of claim 9 , wherein means for culling the received full classifier model to generate a lean classifier model comprises: means for applying machine learning techniques to generate a first family of classifier models that describe a cloud corpus of behavior vectors; means for determining which factors in the first family of classifier models have a high probability of enabling the computing device to conclusively determine whether a behavior is indicative of a side channel attack; means for generating a second family of classifier models that identify fewer factors and data points as being relevant for enabling the computing device to determine whether the behavior is indicative of a side channel attack; and means for generating the lean classifier model based on the second family of classifier models. 15. A computing device, comprising: a memory; a processor coupled to the memory, wherein the processor is configured with processor-executable instructions to perform operations further comprising: receiving a full classifier model that includes a plurality of decision nodes; monitoring an activity of the c