COMS 6998-11, Fall 2012

mashpeemoveΚινητά – Ασύρματες Τεχνολογίες

24 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

125 εμφανίσεις

Cellular Networks and Mobile
Computing

COMS 6998
-
11, Fall 2012

Instructor: Li Erran Li
(
lierranli@cs.columbia.edu
)

http://www.cs.columbia.edu/~lierranli/coms
6998
-
11Fall2012/

12/11/2012: Course Summary

1

Syllabus


Mobile App
Development (lecture 2,3)


Mobile
operating systems:
iOS

and
Android


Development environments:
Xcode
, Eclipse with Android SDK


Programming: Objective
-
C and android programming


System Support for Mobile App Optimization (lecture 4,7)


Mobile device power models, energy profiling and
ebug

debugging


Core OS topics: virtualization, storage and OS support for power and context
management


Interaction
with Cellular
Networks (lecture 1,5, 8)


Basics of 3G/LTE cellular networks


Mobile application cellular radio resource usage profiling


Measurement
-
based cellular network and traffic
characterization


Interaction
with the
Cloud (lecture 6,9)


Mobile cloud computing platform services: push notification,
iCloud

and Google Cloud
Messaging


Mobile cloud computing architecture and programming models


Mobile Platform Security and
Privacy (lecture 10,11,12)


Mobile platform security: malware
detection and characterization,
attacks and defenses


Mobile data and location privacy: attacks, monitoring tools and defenses

2

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

Mobile App Development: iOS


iOS Overview


Objective C


Xcode


Model
-
View
-
Controller


Blocks and Multithreading


Core Data and Location


iCloud

3

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

Mobile App Development: Android


Android OS Overview


Eclipse and Android SDK


Application Framework


Activity, content provider, broadcast receiver, intent


Networking


Google Cloud Messaging (GCM)

4

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

System Support for Mobile App
Optimization


Mobile device power models, energy profiler
and ebug debugging


Core OS topics:


Virtualization


Storage

5

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

System Calls As Power Triggers

Advantages:


Encapsulates utilization based triggers


Parameters of system calls


Captures power behavior of ones that do not

necessarily imply utilization


Can be traced back to process, thread, function


Eases energy accounting

6

Key observation: System call is the interface through which an
application communicates with the underlying system (hardware)
and outside world (Internet, GPS, etc.)

Key Idea: Use System Calls as triggers in power modeling

Courtesy:
Pathak

et al

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

Finite
-
State
-
Machine (FSM)

as Power Model Representation

Use
Finite
-
State
-
Machine
(FSM
)


Nodes:

Power states


Base State: No activity on phone


Productive state: Actual utilization


Tail state: No
-
useful work


Edges:

Transition rules


System calls (start/completion)


Workload (Ex: 50
pkts
/sec)


Timeout


7

State
1

State
2

State
3

Transitions

Courtesy:
Pathak

et al

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

Linux

Kernel

Power

WiFi

Cell Radio

Framebuffer

GPU

RTC / Alarms

•••

Sensors

Input

Android...

Audio/Video

•••

Virtualization: Device Namespace

safely,
correctly
multiplex
access to
devices

device namespaces

VP 3

VP 2

VP 1

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

Courtesy: Jason
Nieh

et al.

8

How Apps Use Storage?


Exactly what makes web browsing slow on Android?


Key lies in understanding how apps use
SQLite

and FS interface

/data/data/
com.necla.webview

lib (empty)

cache

webviewCache

6aaa3f00, 03051d8d, …

many files (5.5MB)

databases

webview.db

(14KB)

webviewCache.db

(129KB)

These files written to
SQLite

in sync

These files written to FS in
write
-
behind

WebBench
Storage Schema


Apps typically store some data
in
FS (e.g., cache files)
and some
in a
SQLite

database (e.g., cache map)


All data through
SQLite

is written synchronously


slow!


Apps often use
SQLite

oblivious to performance effects

Courtesy:
Nitin

Agrawal

et al.

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

9

Interaction with Cellular Networks


Basics of 3G/LTE cellular networks


Impact of radio access network on mobile apps


Radio resource usage profiling (ARO)


Impact of cellular network core on mobile
applications


In
-
depth study of middleboxes in cellular networks


Cellular network architecture characterization and
Implication to CDN


10

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

Cellular Core Network

eNodeB 3

S
-
GW 2

P
-
GW

11

S
-
GW 1

eNodeB 1

eNodeB 2

Internet and

Other IP Networks

GTP Tunnels

UE 2

UE 1

LTE Infrastructure

MME/PCRF/HSS


UE: user equipment


eNodeB
: base station


S
-
GW: serving
gateway


P
-
GW: packet data
network gateway


MME: mobility
management entity


HSS: home subscriber
server


PCRF: policy charging
and rule function

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

12

LTE Architecture (Cont’d)


eNodeB, S
-
GW and P
-
GW are involved in
session setup, handoff,
routing

User
Equipme
nt (UE)



Gateway
(S
-
GW)

Mobility
Management
Entity
(MME)


Network
Gateway

(P
-
GW)

Home
Subscriber
Server
(HSS)

Policy Control and
Charging Rules
Function (
PCRF)




Station
(
eNodeB
)

Base

Serving

Packet Data

Control Plane

Data Plane

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

Power Management: LTE


UE runs radio resource
control (RRC) state
machine


Two states: IDLE,
CONNECTED


Discontinuous reception
(DRX): monitor one
subframe

per DRX
cylce
;
receiver sleeps in other
subframes

13

Courtesy:Morley Mao

Power Management: UMTS


State promotions have
promotion delay


State demotions incur
tail times


Tail Time

Tail Time

Delay: 1.5s

Delay: 2s

Channel

Radio

Power

IDLE

Not
allocated

Almost


zero

CELL_FACH

Shared,
Low Speed

Low

CELL_DCH

Dedicated,
High Speed

High

14

Example
: RRC State Machine

for a Large Commercial 3G Network

Promo Delay: 2 Sec

DCH Tail: 5 sec

FACH Tail: 12 sec

DCH
:

High Power State (high throughput and power consumption)

FACH
:

Low Power State (low throughput and power consumption)

IDLE
:

No radio resource allocated

Tail Time

Waiting inactivity timers to expire

Courtesy: Feng Qian

15

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

ARO: Mobile
A
pplication
R
esource
O
ptimizer


Motivations:


Are developers aware of the RRC state machine and its
implications on radio resource / energy?
NO.


Do they need a tool for automatically profiling their prototype
applications?
YES.


If we provide that visibility, would developers optimize their
applications and reduce the network impact?
Hopefully YES.


ARO: Mobile Application Resource Optimizer


Provide visibility of radio resource and energy utilization.


Benchmark efficiencies of cellular radio resource and battery
life for a specific application

16

Courtesy: Feng Qian et al
.

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

RRC State Machine Inference


State promotion inference


Determine one of the two promotion procedures


P1: IDLE

FACH

DCH;

P2:IDLE

DCH








State
demotion and inactivity time inference


See paper for details








A packet of
min

bytes
never

triggers FACH

DCH promotion (we use 28B)

A packet of
max

bytes
always

triggers FACH

DCH promotion (we use 1KB)

P1: IDLE

FACH, P2:IDLE

DCH

P1: FACH

DCH, P2:Keep on DCH

Normal RTT < 300ms

RTT w/ Promo > 1500ms

17

Cellular Networks and Mobile Computing (COMS
6998
-
11)

ARO System Architecture

18

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

Example: Pandora Music

Problem
: High resource overhead of periodic audience measurements (every 1
min)

Recommendation
: Delay transfers and batch them with delay
-
sensitive transfers

Courtesy: Feng Qian

19

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

Impact of Middleboxes

Firewall

IP spoofing creates

security vulnerability

IP spoofing should be disabled

Small

TCP timeout timers waste user device energy

Timer should be longer than 30 minutes

Out
-
of
-
order packet buffering hurts TCP performance

Consider

interaction with application carefully

NAT

One NAT mapping linearly increases port # with time

Port prediction is feasible

20

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

Impact of Architecture


Observation


All 4
major carriers
cover the U.S. with only 4
-
8
clusters


Cellular DNS resolvers are placed at the same level
as GGSN data
centers



Implication


Mobile content providers should place their content
close to GGSNs


Mobile content providers should select the content
server closest to the GGSN


21

Cellular Networks and Mobile Computing (COMS
6998
-
11)

Interaction with Cloud


Mobile cloud platform services: push
notification, iCloud and Google Cloud
Messaging


Mobile cloud computing architecture and
programming models

22

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

Mobile Cloud Platform Services


Social network services


Demo: add social feature to the calculator app


iCloud

service


Demo: add
iCloud

feature to the calculator app


Push notification service


Apple push notification service


Demo: add push notification to the calculator app


Google GCM


Demo: add push notification to the calculator app


Thialfi
: reliable push notification system


Track service

23

Cellular Networks and Mobile Computing (COMS
6998
-
11)

mCloud Programming Model


MAUI: RPC based offloading architecture


CloneCloud: tight synchronization between cloud and
phone


Odessa: data
-
flow graph to exploit parallelism in
perception applications


COMET: distributed shared memory


MAUI, CloneCloud , Odessa all have profiler, solver

24

MAUI

CloneCloud

Odessa

COMET

Remote

execution
unit

Methods
(RMI)

Threads
(method
entry/exit)

Tasks

Threads
(
any place)

Cellular Networks and Mobile Computing (COMS
6998
-
11)

25

Distributed Shared Memory


COMET is offloading + DSM


Offloading bridges computation disparity


DSM provides logically shared address space


DSM usually applied to cluster environments


Low latency, high throughput


Mobile relies on wireless communication

Courtesy: Mark Gordon et. al.

Cellular Networks and Mobile Computing (COMS
6998
-
11)

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

26


Java Memory Model


Dictates which writes a read can observe


Specifies 'happens
-
before' partial order


Access in single thread totally ordered


Lazy Release Consistency locking



Fundamental memory unit is the field


Known alignment, known width

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

27


Field DSM



Track dirty fields locally


Need 'happens
-
before' established?


Transmit dirty fields! (mark fields clean)



Not clear it scales well past two endpoints


Not important to our motivation


Use classic cluster DSM on server

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

28


VM
-
Synchronization



Used to establish ‘happen
-
before’ relation


Directed operation between pusher and
puller


Synchronizes


Bytecode sources


Java thread stacks


Java heap

Mobile Security


DroidRanger
: Non
-
virtualization
-
based malware
detection


Behavioral footprint matching for known malware


Dynamic execution monitoring for unknown malware


DroidScope

Virtualization
-
based malware
detection


Reconstruct OS,
Dalvik

VM and native view


Malware characterization


Installation


Activation


Malicious payloads


Evolution

29

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

Mobile Privacy

Data privacy


Detecting and preventing privacy leaks


PiOS

for
iOS


TaintDroid

for Android



Limiting mobile data exposure with idle
eviction [assume device
prone to loss]


CleanOS



Stealthy information leaks through covert channels and prevention


Soundcomber


Location privacy [after
-
class reading]


Quantifying location privacy

30

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

PiOS: Analysis (CFG)


Most
iOS

apps are written in Objective
-
C


Cornerstone:
objc_msgSend

dispatch function


Task: Resolve type of receiver and value of selector for
objc_msgSend

calls


Backwards slicing


Forward propagation of constants and types


Result: Inter and intra procedural CFG is constructed
from successfully resolved
objc_msgSend

calls

31

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

PiOS: ?Finding Privacy Leaks


Inter and intra procedural Control Flow
Graph


Reachability Analysis (find paths)


From interesting
sources


To network

sinks


Implicit interruption of CFG for user
-
input
(e.g., dialog boxes, etc.)


Touch events are generated by the OS not in the
developer's code

32

Courtesy:
Egele et. al

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

PiOS: Example ObjC to ASM


1 LDR R0, =off_24C58


2 LDR R1, =off_247F4


3 LDR R0, [R0]


4 LDR R1, [R1]


5 BLX _objc_msgSend


6 LDR R1, =off_247F0


7 LDR R1, [R1]


8 BLX _objc_msgSend






r0?

r1?

UIDevice

UIDevice

currentDevice

::
currentDevice

UIDevice

r1?

uniqueIdentifier

::
uniqueIdentifier

9 STR R0, [SP,#0x60+var_34]

10 LDR R3, [SP,#0x60+var_34]



11 BLX _objc_msgSend
NSString

::
initWithFormat:
(fmt:
"
uniqueid=%@&username=%@&country=%@&email=%@
")



12 BLX _objc_msgSend
POSTScore

::
startPostingData:toURL:

(0x1b478)

33

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

TaintDroid

Leverage Android Platform Virtualization

native system libraries

Virtual
machine

Application
code

Virtual
machine

Application
code

Variable
-
level

tracking

Method
-
level

tracking

Message
-
level tracking

msg

Network interface

Secondary storage

File
-
level

tracking

34

Courtesy:
Byung
-
Gon

et. al

Cellular Networks and Mobile Computing
(COMS 6998
-
11)

TaintDroid

Android Architecture in
Detail

35

The End


Questions and comments?

36

Cellular Networks and Mobile Computing
(COMS 6998
-
11)