Cellular Networks and Mobile Computing COMS 6998-11, Fall 2012

Cellular Networks and Mobile ComputingCOMS 6998-11, Fall 2012

Instructor: Li Erran Li (lierranli@cs.columbia.edu)

http://www.cs.columbia.edu/~lierranli/coms6998-11Fall2012/

12/11/2012: Course Summary

1

Syllabus• Mobile App Development (lecture 2,3)

– Mobile operating systems: iOS and Android – Development environments: Xcode, Eclipse with Android SDK– Programming: Objective-C and android programming

• System Support for Mobile App Optimization (lecture 4,7)– Mobile device power models, energy profiling and ebug debugging– Core OS topics: virtualization, storage and OS support for power and context management

• Interaction with Cellular Networks (lecture 1,5, 8) – Basics of 3G/LTE cellular networks– Mobile application cellular radio resource usage profiling– Measurement-based cellular network and traffic characterization

• Interaction with the Cloud (lecture 6,9)– Mobile cloud computing platform services: push notification, iCloud and Google Cloud

Messaging– Mobile cloud computing architecture and programming models

• Mobile Platform Security and Privacy (lecture 10,11,12)– Mobile platform security: malware detection and characterization, attacks and defenses– Mobile data and location privacy: attacks, monitoring tools and defenses

2

Cellular Networks and Mobile Computing (COMS 6998-11)

Mobile App Development: iOS

• iOS Overview• Objective C• Xcode• Model-View-Controller• Blocks and Multithreading• Core Data and Location• iCloud

3

Cellular Networks and Mobile Computing (COMS 6998-11)

Mobile App Development: Android

• Android OS Overview• Eclipse and Android SDK• Application Framework

– Activity, content provider, broadcast receiver, intent

• Networking• Google Cloud Messaging (GCM)

4

Cellular Networks and Mobile Computing (COMS 6998-11)

System Support for Mobile App Optimization

• Mobile device power models, energy profiler and ebug debugging

• Core OS topics: – Virtualization– Storage

5

Cellular Networks and Mobile Computing (COMS 6998-11)

System Calls As Power Triggers

Advantages:– Encapsulates utilization based triggers

• Parameters of system calls– Captures power behavior of ones that do not

necessarily imply utilization– Can be traced back to process, thread, function

• Eases energy accounting6

Key observation: System call is the interface through which an application communicates with the underlying system (hardware)

and outside world (Internet, GPS, etc.)

Key Idea: Use System Calls as triggers in power modeling

Courtesy: Pathak et alCellular Networks and Mobile Computing

(COMS 6998-11)

Finite-State-Machine (FSM) as Power Model Representation

Use Finite-State-Machine (FSM)•Nodes: Power states

– Base State: No activity on phone– Productive state: Actual utilization– Tail state: No-useful work

•Edges: Transition rules– System calls (start/completion)– Workload (Ex: 50 pkts/sec)– Timeout

7

State 1 State

2

State 3

Transitions

Courtesy: Pathak et alCellular Networks and Mobile Computing

(COMS 6998-11)

LinuxKernelLinuxKernel

Po

we

r

WiF

i

Ce

ll R

ad

io

Fra

meb

uff

er

GP

U

RT

C /

Ala

rms

••••••

Se

ns

ors

Inp

ut

An

dro

id...

Au

dio

/Vid

eo

••••••

Virtualization: Device NamespaceVirtualization: Device Namespacesafely,

correctly multiplex access to devices

safely, correctly multiplex access to devices

device namespacesdevice namespaces

VP 3VP 3VP 2VP 2VP 1VP 1

Cellular Networks and Mobile Computing (COMS 6998-11)

Courtesy: Jason Nieh et al.

8

How Apps Use Storage?• Exactly what makes web browsing slow on Android?

– Key lies in understanding how apps use SQLite and FS interface

/data/data/com.necla.webview

lib (empty)

cache

webviewCache

6aaa3f00, 03051d8d, …many files (5.5MB)

databases

webview.db (14KB)

webviewCache.db (129KB)

These files written to SQLite in sync

These files written to FS in write-behind

WebBench Storage Schema

Apps typically store some data in FS (e.g., cache files) and some in a SQLite database (e.g., cache map)– All data through SQLite is written synchronously slow!– Apps often use SQLite oblivious to performance effects

Courtesy: Nitin Agrawal et al.Cellular Networks and Mobile Computing (COMS 6998-11)

9

Interaction with Cellular Networks

• Basics of 3G/LTE cellular networks• Impact of radio access network on mobile apps

– Radio resource usage profiling (ARO)

• Impact of cellular network core on mobile applications– In-depth study of middleboxes in cellular networks– Cellular network architecture characterization and

Implication to CDN

10

Cellular Networks and Mobile Computing (COMS 6998-11)

Cellular Core Network

eNodeB 3 S-GW 2P-GW

11

S-GW 1

eNodeB 1

eNodeB 2

Internet andOther IP Networks

GTP Tunnels

UE 2

UE 1

LTE Infrastructure

MME/PCRF/HSS

• UE: user equipment• eNodeB: base station• S-GW: serving

gateway• P-GW: packet data

network gateway• MME: mobility

management entity• HSS: home

subscriber server• PCRF: policy charging

and rule function

Cellular Networks and Mobile Computing (COMS 6998-11)

12

LTE Architecture (Cont’d)

• eNodeB, S-GW and P-GW are involved in session setup, handoff, routing

User Equipment (UE) Gateway

(S-GW)

Mobility Management

Entity (MME)

Network Gateway (P-GW)

Home Subscriber

Server (HSS)

Policy Control and Charging

Rules Function (PCRF)

Station

(eNodeB)

BaseBase ServingServing Packet Data Packet Data

Control Plane

Data Plane

Cellular Networks and Mobile Computing (COMS 6998-11)

Power Management: LTE• UE runs radio resource

control (RRC) state machine

• Two states: IDLE, CONNECTED

• Discontinuous reception (DRX): monitor one subframe per DRX cylce; receiver sleeps in other subframes

13

Courtesy:Morley Mao

Power Management: UMTS

• State promotions have promotion delay• State demotions incur tail times

Tail Time

Tail Time

Delay: 1.5sDelay: 2s

Channel Radio Power

IDLE Not allocated

Almost zero

CELL_FACH Shared, Low Speed

Low

CELL_DCH Dedicated, High Speed

High

14

Example: RRC State Machinefor a Large Commercial 3G Network

Promo Delay: 2 SecDCH Tail: 5 sec

FACH Tail: 12 sec

DCH: High Power State (high throughput and power consumption)FACH: Low Power State (low throughput and power consumption)

IDLE: No radio resource allocated

Tail TimeWaiting inactivity timers to expire

Courtesy: Feng Qian

15

Cellular Networks and Mobile Computing (COMS 6998-11)

ARO: Mobile Application Resource Optimizer

• Motivations:– Are developers aware of the RRC state machine and its

implications on radio resource / energy? NO.– Do they need a tool for automatically profiling their prototype

applications? YES.– If we provide that visibility, would developers optimize their

applications and reduce the network impact? Hopefully YES.

• ARO: Mobile Application Resource Optimizer– Provide visibility of radio resource and energy utilization.– Benchmark efficiencies of cellular radio resource and battery

life for a specific application

16

Courtesy: Feng Qian et al.Cellular Networks and Mobile Computing

(COMS 6998-11)

RRC State Machine Inference • State promotion inference

– Determine one of the two promotion procedures– P1: IDLEFACHDCH; P2:IDLEDCH

• State demotion and inactivity time inference– See paper for details

A packet of min bytes never triggers FACHDCH promotion (we use 28B)A packet of max bytes always triggers FACHDCH promotion (we use 1KB)

P1: IDLEFACH, P2:IDLEDCHP1: FACHDCH, P2:Keep on DCH

Normal RTT < 300msRTT w/ Promo > 1500ms

17Cellular Networks and Mobile Computing (COMS 6998-11)

ARO System Architecture18

Cellular Networks and Mobile Computing (COMS 6998-11)

Example: Pandora Music

Problem: High resource overhead of periodic audience measurements (every 1 min)

Recommendation: Delay transfers and batch them with delay-sensitive transfers

Problem: High resource overhead of periodic audience measurements (every 1 min)

Recommendation: Delay transfers and batch them with delay-sensitive transfers

Courtesy: Feng Qian

19

Cellular Networks and Mobile Computing (COMS 6998-11)

Impact of Middleboxes

Firewall

IP spoofing creates security vulnerabilityIP spoofing should be disabled

Small TCP timeout timers waste user device energyTimer should be longer than 30 minutes

Out-of-order packet buffering hurts TCP performanceConsider interaction with application carefully

NAT One NAT mapping linearly increases port # with timePort prediction is feasible

20

Cellular Networks and Mobile Computing (COMS 6998-11)

Impact of Architecture

• Observation– All 4 major carriers cover the U.S. with only 4-8

clusters– Cellular DNS resolvers are placed at the same level

as GGSN data centers

• Implication– Mobile content providers should place their content

close to GGSNs– Mobile content providers should select the content

server closest to the GGSN

21Cellular Networks and Mobile Computing (COMS 6998-11)

Interaction with Cloud

• Mobile cloud platform services: push notification, iCloud and Google Cloud Messaging

• Mobile cloud computing architecture and programming models

22

Cellular Networks and Mobile Computing (COMS 6998-11)

Mobile Cloud Platform Services

• Social network services– Demo: add social feature to the calculator app

• iCloud service – Demo: add iCloud feature to the calculator app

• Push notification service– Apple push notification service

• Demo: add push notification to the calculator app– Google GCM

• Demo: add push notification to the calculator app– Thialfi: reliable push notification system

• Track service

23Cellular Networks and Mobile Computing (COMS 6998-11)

mCloud Programming Model

• MAUI: RPC based offloading architecture• CloneCloud: tight synchronization between cloud and

phone• Odessa: data-flow graph to exploit parallelism in

perception applications• COMET: distributed shared memory• MAUI, CloneCloud , Odessa all have profiler, solver

24

MAUI CloneCloud Odessa COMET

Remote execution unit

Methods (RMI)

Threads (method entry/exit)

Tasks Threads (any place)

Cellular Networks and Mobile Computing (COMS 6998-11)

25

Distributed Shared Memory

COMET is offloading + DSM Offloading bridges computation disparity DSM provides logically shared address space

DSM usually applied to cluster environments Low latency, high throughput

Mobile relies on wireless communication

Courtesy: Mark Gordon et. al. Cellular Networks and Mobile Computing (COMS

6998-11)

Cellular Networks and Mobile Computing (COMS 6998-11) 26

Java Memory Model

Dictates which writes a read can observe Specifies 'happens-before' partial order

Access in single thread totally ordered Lazy Release Consistency locking

Fundamental memory unit is the field Known alignment, known width

Cellular Networks and Mobile Computing (COMS 6998-11) 27

Field DSM

Track dirty fields locally Need 'happens-before' established?

Transmit dirty fields! (mark fields clean)

Not clear it scales well past two endpoints Not important to our motivation Use classic cluster DSM on server

Cellular Networks and Mobile Computing (COMS 6998-11)

28

VM-Synchronization

Used to establish ‘happen-before’ relation Directed operation between pusher and

puller Synchronizes

Bytecode sources Java thread stacks Java heap

Mobile Security• DroidRanger: Non-virtualization-based malware

detection– Behavioral footprint matching for known malware– Dynamic execution monitoring for unknown malware

• DroidScope Virtualization-based malware detection– Reconstruct OS, Dalvik VM and native view

• Malware characterization– Installation– Activation– Malicious payloads– Evolution

29

Cellular Networks and Mobile Computing (COMS 6998-11)

Mobile Privacy

Data privacy•Detecting and preventing privacy leaks

– PiOS for iOS– TaintDroid for Android

•Limiting mobile data exposure with idle eviction [assume device prone to loss]

– CleanOS

•Stealthy information leaks through covert channels and prevention– Soundcomber

Location privacy [after-class reading] – Quantifying location privacy

30

Cellular Networks and Mobile Computing (COMS 6998-11)

PiOS: Analysis (CFG)• Most iOS apps are written in Objective-C

• Cornerstone: objc_msgSend dispatch function

• Task: Resolve type of receiver and value of selector for

objc_msgSend calls– Backwards slicing– Forward propagation of constants and types

• Result: Inter and intra procedural CFG is constructed

from successfully resolved objc_msgSend calls

31

Cellular Networks and Mobile Computing (COMS 6998-11)

PiOS: Finding Privacy Leaks• Inter and intra procedural Control Flow

Graph

• Reachability Analysis (find paths)– From interesting sources– To network sinks

• Implicit interruption of CFG for user-input (e.g., dialog boxes, etc.)

– Touch events are generated by the OS not in the developer's code

32

Courtesy: Egele et. alCellular Networks and Mobile Computing

(COMS 6998-11)

PiOS: Example ObjC to ASM• 1 LDR R0, =off_24C58• 2 LDR R1, =off_247F4• 3 LDR R0, [R0]• 4 LDR R1, [R1]• 5 BLX _objc_msgSend • 6 LDR R1, =off_247F0• 7 LDR R1, [R1]• 8 BLX _objc_msgSend• …

r0? r1?

UIDevice

UIDevice

currentDevice

::currentDevice

UIDevice r1?uniqueIdentifier

::uniqueIdentifier

9 STR R0, [SP,#0x60+var_34] 10 LDR R3, [SP,#0x60+var_34]

…11 BLX _objc_msgSend NSString ::initWithFormat:(fmt: "uniqueid=%@&username=%@&country=%@&email=%@")

… 12 BLX _objc_msgSend POSTScore ::startPostingData:toURL:

(0x1b478)

33

Cellular Networks and Mobile Computing (COMS 6998-11)

TaintDroidLeverage Android Platform Virtualization

native system libraries

Virtual machine

Application code

Virtual machine

Application code

Variable-level tracking

Method-level tracking

Message-level tracking

msg

Network interface

Secondary storage

File-level tracking

34

Courtesy: Byung-Gon et. alCellular Networks and Mobile Computing

(COMS 6998-11)

TaintDroid Android Architecture in Detail

35

The End

• Questions and comments?

36

Cellular Networks and Mobile Computing (COMS 6998-11)