Cellular Networks and Mobile Computing COMS 6998-11, Fall 2012 Instructor: Li Erran Li
advertisement
1 Cellular Networks and Mobile Computing COMS 6998-11, Fall 2012 Instructor: Li Erran Li (lierranli@cs.columbia.edu) http://www.cs.columbia.edu/~lierranli/coms 6998-11Fall2012/ 12/11/2012: Course Summary 2 Syllabus • Mobile App Development (lecture 2,3) – Mobile operating systems: iOS and Android – Development environments: Xcode, Eclipse with Android SDK – Programming: Objective-C and android programming • System Support for Mobile App Optimization (lecture 4,7) – Mobile device power models, energy profiling and ebug debugging – Core OS topics: virtualization, storage and OS support for power and context management • Interaction with Cellular Networks (lecture 1,5, 8) – Basics of 3G/LTE cellular networks – Mobile application cellular radio resource usage profiling – Measurement-based cellular network and traffic characterization • Interaction with the Cloud (lecture 6,9) – Mobile cloud computing platform services: push notification, iCloud and Google Cloud Messaging – Mobile cloud computing architecture and programming models • Mobile Platform Security and Privacy (lecture 10,11,12) – Mobile platform security: malware detection and characterization, attacks and defenses – Mobile data and location privacy: attacks, monitoring tools and defenses Cellular Networks and Mobile Computing (COMS 6998-11) 3 Mobile App Development: iOS • • • • • • • iOS Overview Objective C Xcode Model-View-Controller Blocks and Multithreading Core Data and Location iCloud Cellular Networks and Mobile Computing (COMS 6998-11) 4 Mobile App Development: Android • Android OS Overview • Eclipse and Android SDK • Application Framework – Activity, content provider, broadcast receiver, intent • Networking • Google Cloud Messaging (GCM) Cellular Networks and Mobile Computing (COMS 6998-11) System Support for Mobile App Optimization • Mobile device power models, energy profiler and ebug debugging • Core OS topics: – Virtualization – Storage Cellular Networks and Mobile Computing (COMS 6998-11) 5 System Calls As Power Triggers Key observation: System call is the interface through which an application communicates with the underlying system (hardware) and outside world (Internet, GPS, etc.) Key Idea: Use System Calls as triggers in power modeling Advantages: – Encapsulates utilization based triggers • Parameters of system calls – Captures power behavior of ones that do not necessarily imply utilization – Can be traced back to process, thread, function • Eases energy accounting Cellular Networks and Mobile Computing (COMS 6998-11) Courtesy: Pathak et al 6 Finite-State-Machine (FSM) as Power Model Representation 7 Use Finite-State-Machine (FSM) • Nodes: Power states – Base State: No activity on phone – Productive state: Actual utilization – Tail state: No-useful work • Edges: Transition rules – System calls (start/completion) – Workload (Ex: 50 pkts/sec) – Timeout Cellular Networks and Mobile Computing (COMS 6998-11) State 1 Transitions State 3 Courtesy: Pathak et al State 2 8 Virtualization: Device Namespace safely, correctly multiplex access to devices VP 1 VP 2 VP 3 ••• Cellular Networks and Mobile Computing (COMS 6998-11) ••• Android... RTC / Alarms Audio/Video Sensors Input Power Framebuffer Cell Radio WiFi GPU device namespaces Linux Kernel Courtesy: Jason Nieh et al. 9 How Apps Use Storage? • Exactly what makes web browsing slow on Android? – Key lies in understanding how apps use SQLite and FS interface /data/data/com.necla.webview WebBench Storage Schema lib (empty) cache webviewCache databases These files written to SQLite in sync These files written to FS in write-behind 6aaa3f00, 03051d8d, … many files (5.5MB) webview.db (14KB) webviewCache.db (129KB) Apps typically store some data in FS (e.g., cache files) and some in a SQLite database (e.g., cache map) – All data through SQLite is written synchronously slow! – Apps often use SQLite oblivious to performance effects Cellular Networks and Mobile Computing (COMS 6998-11) Courtesy: Nitin Agrawal et al. 10 Interaction with Cellular Networks • Basics of 3G/LTE cellular networks • Impact of radio access network on mobile apps – Radio resource usage profiling (ARO) • Impact of cellular network core on mobile applications – In-depth study of middleboxes in cellular networks – Cellular network architecture characterization and Implication to CDN Cellular Networks and Mobile Computing (COMS 6998-11) 11 LTE Infrastructure • • • eNodeB 1 • Cellular Core Network • MME/PCRF/HSS • eNodeB 2 S-GW 1 UE 1 P-GW eNodeB 3 • S-GW 2 UE 2 GTP Tunnels Cellular Networks and Mobile Computing (COMS 6998-11) UE: user equipment eNodeB: base station S-GW: serving gateway P-GW: packet data network gateway MME: mobility management entity HSS: home subscriber server PCRF: policy charging and rule function Internet and Other IP Networks 12 LTE Architecture (Cont’d) Control Plane Data Plane Mobility Management Entity (MME) User Equipme nt (UE) Home Subscriber Server (HSS) • eNodeB, S-GW and PGW are involved in session setup, handoff, routing Policy Control and Charging Rules Function (PCRF) Base Serving Station (eNodeB) Gateway (S-GW) Cellular Networks and Mobile Computing (COMS 6998-11) Packet Data Network Gateway (P-GW) 13 Power Management: LTE • UE runs radio resource control (RRC) state machine • Two states: IDLE, CONNECTED • Discontinuous reception (DRX): monitor one subframe per DRX cylce; receiver sleeps in other subframes Courtesy:Morley Mao 14 Power Management: UMTS • State promotions have promotion delay • State demotions incur tail times Tail Time Delay: 1.5s Delay: 2s Tail Time Channel Radio Power IDLE Not allocated Almost zero CELL_FACH Shared, Low Speed Low CELL_DCH Dedicated, High Speed High Example: RRC State Machine for a Large Commercial 3G Network DCH Tail: 5 sec Promo Delay: 2 Sec FACH Tail: 12 sec Tail Time Waiting inactivity timers to expire DCH: High Power State (high throughput and power consumption) FACH: Low Power State (low throughput and power consumption) IDLE: No radio resource allocated Cellular Networks and Mobile Computing (COMS 6998-11) Courtesy: Feng Qian 15 16 ARO: Mobile Application Resource Optimizer • Motivations: – Are developers aware of the RRC state machine and its implications on radio resource / energy? NO. – Do they need a tool for automatically profiling their prototype applications? YES. – If we provide that visibility, would developers optimize their applications and reduce the network impact? Hopefully YES. • ARO: Mobile Application Resource Optimizer – Provide visibility of radio resource and energy utilization. – Benchmark efficiencies of cellular radio resource and battery life for a specific application Cellular Networks and Mobile Computing (COMS 6998-11) Courtesy: Feng Qian et al. RRC State Machine Inference • State promotion inference – Determine one of the two promotion procedures – P1: IDLEFACHDCH; P2:IDLEDCH P1: IDLEFACH, P2:IDLEDCH P1: FACHDCH, P2:Keep on DCH Normal RTT < 300ms RTT w/ Promo > 1500ms A packet of min bytes never triggers FACHDCH promotion (we use 28B) A packet of max bytes always triggers FACHDCH promotion (we use 1KB) • State demotion and inactivity time inference – See paper for details Cellular Networks and Mobile Computing (COMS 6998-11) 17 18 ARO System Architecture Cellular Networks and Mobile Computing (COMS 6998-11) Example: Pandora Music Problem: High resource overhead of periodic audience measurements (every 1 min) Recommendation: Delay transfers and batch them with delay-sensitive transfers Cellular Networks and Mobile Computing (COMS 6998-11) Courtesy: Feng Qian 19 20 Impact of Middleboxes IP spoofing creates security vulnerability IP spoofing should be disabled Small TCP timeout timers waste user device energy Firewall Timer should be longer than 30 minutes Out-of-order packet buffering hurts TCP performance Consider interaction with application carefully NAT One NAT mapping linearly increases port # with time Port prediction is feasible Cellular Networks and Mobile Computing (COMS 6998-11) Impact of Architecture • Observation – All 4 major carriers cover the U.S. with only 4-8 clusters – Cellular DNS resolvers are placed at the same level as GGSN data centers • Implication – Mobile content providers should place their content close to GGSNs – Mobile content providers should select the content server closest to the GGSN Cellular Networks and Mobile Computing (COMS 6998-11) 21 22 Interaction with Cloud • Mobile cloud platform services: push notification, iCloud and Google Cloud Messaging • Mobile cloud computing architecture and programming models Cellular Networks and Mobile Computing (COMS 6998-11) Mobile Cloud Platform Services • Social network services – Demo: add social feature to the calculator app • iCloud service – Demo: add iCloud feature to the calculator app • Push notification service – Apple push notification service • Demo: add push notification to the calculator app – Google GCM • Demo: add push notification to the calculator app – Thialfi: reliable push notification system • Track service Cellular Networks and Mobile Computing (COMS 6998-11) 23 mCloud Programming Model • MAUI: RPC based offloading architecture • CloneCloud: tight synchronization between cloud and phone • Odessa: data-flow graph to exploit parallelism in perception applications • COMET: distributed shared memory • MAUI, CloneCloud , Odessa all have profiler, solver Remote execution unit MAUI CloneCloud Odessa COMET Methods (RMI) Threads (method entry/exit) Tasks Threads (any place) Cellular Networks and Mobile Computing (COMS 6998-11) 24 Distributed Shared Memory COMET is offloading + DSM DSM usually applied to cluster environments Offloading bridges computation disparity DSM provides logically shared address space Low latency, high throughput Mobile relies on wireless communication Cellular Networks and Mobile Computing (COMS 6998-11) Courtesy: Mark Gordon et. al. 25 Java Memory Model Dictates which writes a read can observe Specifies 'happens-before' partial order Access in single thread totally ordered Lazy Release Consistency locking Fundamental memory unit is the field Known alignment, known width Cellular Networks and Mobile Computing (COMS 6998-11) 26 Field DSM Track dirty fields locally Need 'happens-before' established? Transmit dirty fields! (mark fields clean) Not clear it scales well past two endpoints Not important to our motivation Use classic cluster DSM on server Cellular Networks and Mobile Computing (COMS 6998-11) 27 VM-Synchronization Used to establish ‘happen-before’ relation Directed operation between pusher and puller Synchronizes Bytecode sources Java thread stacks Java heap Cellular Networks and Mobile Computing (COMS 6998-11) 28 29 Mobile Security • DroidRanger: Non-virtualization-based malware detection – Behavioral footprint matching for known malware – Dynamic execution monitoring for unknown malware • DroidScope Virtualization-based malware detection – Reconstruct OS, Dalvik VM and native view • Malware characterization – – – – Installation Activation Malicious payloads Evolution Cellular Networks and Mobile Computing (COMS 6998-11) 30 Mobile Privacy Data privacy • Detecting and preventing privacy leaks – PiOS for iOS – TaintDroid for Android • Limiting mobile data exposure with idle eviction [assume device prone to loss] – CleanOS • Stealthy information leaks through covert channels and prevention – Soundcomber Location privacy [after-class reading] – Quantifying location privacy Cellular Networks and Mobile Computing (COMS 6998-11) 31 PiOS: Analysis (CFG) • Most iOS apps are written in Objective-C • Cornerstone: objc_msgSend dispatch function • Task: Resolve type of receiver and value of selector for objc_msgSend calls – Backwards slicing – Forward propagation of constants and types • Result: Inter and intra procedural CFG is constructed from successfully resolved objc_msgSend calls Cellular Networks and Mobile Computing (COMS 6998-11) 32 PiOS: Finding Privacy Leaks • Inter and intra procedural Control Flow Graph • Reachability Analysis (find paths) – From interesting sources – To network sinks • Implicit interruption of CFG for user-input (e.g., dialog boxes, etc.) – Touch events are generated by the OS not in the developer's code Cellular Networks and Mobile Computing (COMS 6998-11) Courtesy: Egele et. al 33 PiOS: Example ObjC to ASM • • • • • • • • • 1 LDR 2 LDR 3 LDR 4 LDR 5 BLX 6 LDR 7 LDR 8 BLX … R0, =off_24C58 R1, =off_247F4 R0, [R0] R1, [R1] _objc_msgSend R1, =off_247F0 R1, [R1] _objc_msgSend UIDevice currentDevice r0? UIDevice r1? ::currentDevice uniqueIdentifier r1? UIDevice ::uniqueIdentifier 9 STR 10 LDR R0, [SP,#0x60+var_34] R3, [SP,#0x60+var_34] … 11 BLX _objc_msgSend NSString ::initWithFormat:(fmt: "uniqueid=%@&username=%@&country=%@&email=%@") … 12 BLX _objc_msgSend POSTScore ::startPostingData:toURL: (0x1b478) Cellular Networks and Mobile Computing (COMS 6998-11) 34 TaintDroid Leverage Android Platform Virtualization Message-level tracking Application code Virtual machine msg Application code Virtual machine native system libraries Network interface Secondary storage Cellular Networks and Mobile Computing (COMS 6998-11) Variable-level tracking Method-level tracking File-level tracking Courtesy: Byung-Gon et. al TaintDroid Android Architecture in Detail 35 36 The End • Questions and comments? Cellular Networks and Mobile Computing (COMS 6998-11)
