cellular networks and mobile computing coms 6998-11, fall 2012
DESCRIPTION
Cellular Networks and Mobile Computing COMS 6998-11, Fall 2012. Instructor: Li Erran Li ( [email protected] ) http://www.cs.columbia.edu/~lierranli/coms6998-11Fall2012/ 12/11/2012: Course Summary. Syllabus. Mobile App Development (lecture 2,3) - PowerPoint PPT PresentationTRANSCRIPT
Cellular Networks and Mobile ComputingCOMS 6998-11, Fall 2012
Instructor: Li Erran Li ([email protected])
http://www.cs.columbia.edu/~lierranli/coms6998-11Fall2012/
12/11/2012: Course Summary
1
Syllabus• Mobile App Development (lecture 2,3)
– Mobile operating systems: iOS and Android – Development environments: Xcode, Eclipse with Android SDK– Programming: Objective-C and android programming
• System Support for Mobile App Optimization (lecture 4,7)– Mobile device power models, energy profiling and ebug debugging– Core OS topics: virtualization, storage and OS support for power and context management
• Interaction with Cellular Networks (lecture 1,5, 8) – Basics of 3G/LTE cellular networks– Mobile application cellular radio resource usage profiling– Measurement-based cellular network and traffic characterization
• Interaction with the Cloud (lecture 6,9)– Mobile cloud computing platform services: push notification, iCloud and Google Cloud
Messaging– Mobile cloud computing architecture and programming models
• Mobile Platform Security and Privacy (lecture 10,11,12)– Mobile platform security: malware detection and characterization, attacks and defenses– Mobile data and location privacy: attacks, monitoring tools and defenses
2
Cellular Networks and Mobile Computing (COMS 6998-11)
Mobile App Development: iOS
• iOS Overview• Objective C• Xcode• Model-View-Controller• Blocks and Multithreading• Core Data and Location• iCloud
3
Cellular Networks and Mobile Computing (COMS 6998-11)
Mobile App Development: Android
• Android OS Overview• Eclipse and Android SDK• Application Framework
– Activity, content provider, broadcast receiver, intent
• Networking• Google Cloud Messaging (GCM)
4
Cellular Networks and Mobile Computing (COMS 6998-11)
System Support for Mobile App Optimization
• Mobile device power models, energy profiler and ebug debugging
• Core OS topics: – Virtualization– Storage
5
Cellular Networks and Mobile Computing (COMS 6998-11)
System Calls As Power Triggers
Advantages:– Encapsulates utilization based triggers
• Parameters of system calls– Captures power behavior of ones that do not
necessarily imply utilization– Can be traced back to process, thread, function
• Eases energy accounting6
Key observation: System call is the interface through which an application communicates with the underlying system (hardware)
and outside world (Internet, GPS, etc.)
Key Idea: Use System Calls as triggers in power modeling
Courtesy: Pathak et alCellular Networks and Mobile Computing
(COMS 6998-11)
Finite-State-Machine (FSM) as Power Model Representation
Use Finite-State-Machine (FSM)•Nodes: Power states
– Base State: No activity on phone– Productive state: Actual utilization– Tail state: No-useful work
•Edges: Transition rules– System calls (start/completion)– Workload (Ex: 50 pkts/sec)– Timeout
7
State 1 State
2
State 3
Transitions
Courtesy: Pathak et alCellular Networks and Mobile Computing
(COMS 6998-11)
LinuxKernelLinuxKernel
Po
we
r
WiF
i
Ce
ll R
ad
io
Fra
meb
uff
er
GP
U
RT
C /
Ala
rms
••••••
Se
ns
ors
Inp
ut
An
dro
id...
Au
dio
/Vid
eo
••••••
Virtualization: Device NamespaceVirtualization: Device Namespacesafely,
correctly multiplex access to devices
safely, correctly multiplex access to devices
device namespacesdevice namespaces
VP 3VP 3VP 2VP 2VP 1VP 1
Cellular Networks and Mobile Computing (COMS 6998-11)
Courtesy: Jason Nieh et al.
8
How Apps Use Storage?• Exactly what makes web browsing slow on Android?
– Key lies in understanding how apps use SQLite and FS interface
/data/data/com.necla.webview
lib (empty)
cache
webviewCache
6aaa3f00, 03051d8d, …many files (5.5MB)
databases
webview.db (14KB)
webviewCache.db (129KB)
These files written to SQLite in sync
These files written to FS in write-behind
WebBench Storage Schema
Apps typically store some data in FS (e.g., cache files) and some in a SQLite database (e.g., cache map)– All data through SQLite is written synchronously slow!– Apps often use SQLite oblivious to performance effects
Courtesy: Nitin Agrawal et al.Cellular Networks and Mobile Computing (COMS 6998-11)
9
Interaction with Cellular Networks
• Basics of 3G/LTE cellular networks• Impact of radio access network on mobile apps
– Radio resource usage profiling (ARO)
• Impact of cellular network core on mobile applications– In-depth study of middleboxes in cellular networks– Cellular network architecture characterization and
Implication to CDN
10
Cellular Networks and Mobile Computing (COMS 6998-11)
Cellular Core Network
eNodeB 3 S-GW 2P-GW
11
S-GW 1
eNodeB 1
eNodeB 2
Internet andOther IP Networks
GTP Tunnels
UE 2
UE 1
LTE Infrastructure
MME/PCRF/HSS
• UE: user equipment• eNodeB: base station• S-GW: serving
gateway• P-GW: packet data
network gateway• MME: mobility
management entity• HSS: home
subscriber server• PCRF: policy charging
and rule function
Cellular Networks and Mobile Computing (COMS 6998-11)
12
LTE Architecture (Cont’d)
• eNodeB, S-GW and P-GW are involved in session setup, handoff, routing
User Equipment (UE) Gateway
(S-GW)
Mobility Management
Entity (MME)
Network Gateway (P-GW)
Home Subscriber
Server (HSS)
Policy Control and Charging
Rules Function (PCRF)
Station
(eNodeB)
BaseBase ServingServing Packet Data Packet Data
Control Plane
Data Plane
Cellular Networks and Mobile Computing (COMS 6998-11)
Power Management: LTE• UE runs radio resource
control (RRC) state machine
• Two states: IDLE, CONNECTED
• Discontinuous reception (DRX): monitor one subframe per DRX cylce; receiver sleeps in other subframes
13
Courtesy:Morley Mao
Power Management: UMTS
• State promotions have promotion delay• State demotions incur tail times
Tail Time
Tail Time
Delay: 1.5sDelay: 2s
Channel Radio Power
IDLE Not allocated
Almost zero
CELL_FACH Shared, Low Speed
Low
CELL_DCH Dedicated, High Speed
High
14
Example: RRC State Machinefor a Large Commercial 3G Network
Promo Delay: 2 SecDCH Tail: 5 sec
FACH Tail: 12 sec
DCH: High Power State (high throughput and power consumption)FACH: Low Power State (low throughput and power consumption)
IDLE: No radio resource allocated
Tail TimeWaiting inactivity timers to expire
Courtesy: Feng Qian
15
Cellular Networks and Mobile Computing (COMS 6998-11)
ARO: Mobile Application Resource Optimizer
• Motivations:– Are developers aware of the RRC state machine and its
implications on radio resource / energy? NO.– Do they need a tool for automatically profiling their prototype
applications? YES.– If we provide that visibility, would developers optimize their
applications and reduce the network impact? Hopefully YES.
• ARO: Mobile Application Resource Optimizer– Provide visibility of radio resource and energy utilization.– Benchmark efficiencies of cellular radio resource and battery
life for a specific application
16
Courtesy: Feng Qian et al.Cellular Networks and Mobile Computing
(COMS 6998-11)
RRC State Machine Inference • State promotion inference
– Determine one of the two promotion procedures– P1: IDLEFACHDCH; P2:IDLEDCH
• State demotion and inactivity time inference– See paper for details
A packet of min bytes never triggers FACHDCH promotion (we use 28B)A packet of max bytes always triggers FACHDCH promotion (we use 1KB)
P1: IDLEFACH, P2:IDLEDCHP1: FACHDCH, P2:Keep on DCH
Normal RTT < 300msRTT w/ Promo > 1500ms
17Cellular Networks and Mobile Computing (COMS 6998-11)
ARO System Architecture18
Cellular Networks and Mobile Computing (COMS 6998-11)
Example: Pandora Music
Problem: High resource overhead of periodic audience measurements (every 1 min)
Recommendation: Delay transfers and batch them with delay-sensitive transfers
Problem: High resource overhead of periodic audience measurements (every 1 min)
Recommendation: Delay transfers and batch them with delay-sensitive transfers
Courtesy: Feng Qian
19
Cellular Networks and Mobile Computing (COMS 6998-11)
Impact of Middleboxes
Firewall
IP spoofing creates security vulnerabilityIP spoofing should be disabled
Small TCP timeout timers waste user device energyTimer should be longer than 30 minutes
Out-of-order packet buffering hurts TCP performanceConsider interaction with application carefully
NAT One NAT mapping linearly increases port # with timePort prediction is feasible
20
Cellular Networks and Mobile Computing (COMS 6998-11)
Impact of Architecture
• Observation– All 4 major carriers cover the U.S. with only 4-8
clusters– Cellular DNS resolvers are placed at the same level
as GGSN data centers
• Implication– Mobile content providers should place their content
close to GGSNs– Mobile content providers should select the content
server closest to the GGSN
21Cellular Networks and Mobile Computing (COMS 6998-11)
Interaction with Cloud
• Mobile cloud platform services: push notification, iCloud and Google Cloud Messaging
• Mobile cloud computing architecture and programming models
22
Cellular Networks and Mobile Computing (COMS 6998-11)
Mobile Cloud Platform Services
• Social network services– Demo: add social feature to the calculator app
• iCloud service – Demo: add iCloud feature to the calculator app
• Push notification service– Apple push notification service
• Demo: add push notification to the calculator app– Google GCM
• Demo: add push notification to the calculator app– Thialfi: reliable push notification system
• Track service
23Cellular Networks and Mobile Computing (COMS 6998-11)
mCloud Programming Model
• MAUI: RPC based offloading architecture• CloneCloud: tight synchronization between cloud and
phone• Odessa: data-flow graph to exploit parallelism in
perception applications• COMET: distributed shared memory• MAUI, CloneCloud , Odessa all have profiler, solver
24
MAUI CloneCloud Odessa COMET
Remote execution unit
Methods (RMI)
Threads (method entry/exit)
Tasks Threads (any place)
Cellular Networks and Mobile Computing (COMS 6998-11)
25
Distributed Shared Memory
COMET is offloading + DSM Offloading bridges computation disparity DSM provides logically shared address space
DSM usually applied to cluster environments Low latency, high throughput
Mobile relies on wireless communication
Courtesy: Mark Gordon et. al. Cellular Networks and Mobile Computing (COMS
6998-11)
Cellular Networks and Mobile Computing (COMS 6998-11) 26
Java Memory Model
Dictates which writes a read can observe Specifies 'happens-before' partial order
Access in single thread totally ordered Lazy Release Consistency locking
Fundamental memory unit is the field Known alignment, known width
Cellular Networks and Mobile Computing (COMS 6998-11) 27
Field DSM
Track dirty fields locally Need 'happens-before' established?
Transmit dirty fields! (mark fields clean)
Not clear it scales well past two endpoints Not important to our motivation Use classic cluster DSM on server
Cellular Networks and Mobile Computing (COMS 6998-11)
28
VM-Synchronization
Used to establish ‘happen-before’ relation Directed operation between pusher and
puller Synchronizes
Bytecode sources Java thread stacks Java heap
Mobile Security• DroidRanger: Non-virtualization-based malware
detection– Behavioral footprint matching for known malware– Dynamic execution monitoring for unknown malware
• DroidScope Virtualization-based malware detection– Reconstruct OS, Dalvik VM and native view
• Malware characterization– Installation– Activation– Malicious payloads– Evolution
29
Cellular Networks and Mobile Computing (COMS 6998-11)
Mobile Privacy
Data privacy•Detecting and preventing privacy leaks
– PiOS for iOS– TaintDroid for Android
•Limiting mobile data exposure with idle eviction [assume device prone to loss]
– CleanOS
•Stealthy information leaks through covert channels and prevention– Soundcomber
Location privacy [after-class reading] – Quantifying location privacy
30
Cellular Networks and Mobile Computing (COMS 6998-11)
PiOS: Analysis (CFG)• Most iOS apps are written in Objective-C
• Cornerstone: objc_msgSend dispatch function
• Task: Resolve type of receiver and value of selector for
objc_msgSend calls– Backwards slicing– Forward propagation of constants and types
• Result: Inter and intra procedural CFG is constructed
from successfully resolved objc_msgSend calls
31
Cellular Networks and Mobile Computing (COMS 6998-11)
PiOS: Finding Privacy Leaks• Inter and intra procedural Control Flow
Graph
• Reachability Analysis (find paths)– From interesting sources– To network sinks
• Implicit interruption of CFG for user-input (e.g., dialog boxes, etc.)
– Touch events are generated by the OS not in the developer's code
32
Courtesy: Egele et. alCellular Networks and Mobile Computing
(COMS 6998-11)
PiOS: Example ObjC to ASM• 1 LDR R0, =off_24C58• 2 LDR R1, =off_247F4• 3 LDR R0, [R0]• 4 LDR R1, [R1]• 5 BLX _objc_msgSend • 6 LDR R1, =off_247F0• 7 LDR R1, [R1]• 8 BLX _objc_msgSend• …
r0? r1?
UIDevice
UIDevice
currentDevice
::currentDevice
UIDevice r1?uniqueIdentifier
::uniqueIdentifier
9 STR R0, [SP,#0x60+var_34] 10 LDR R3, [SP,#0x60+var_34]
…11 BLX _objc_msgSend NSString ::initWithFormat:(fmt: "uniqueid=%@&username=%@&country=%@&email=%@")
… 12 BLX _objc_msgSend POSTScore ::startPostingData:toURL:
(0x1b478)
33
Cellular Networks and Mobile Computing (COMS 6998-11)
TaintDroidLeverage Android Platform Virtualization
native system libraries
Virtual machine
Application code
Virtual machine
Application code
Variable-level tracking
Method-level tracking
Message-level tracking
msg
Network interface
Secondary storage
File-level tracking
34
Courtesy: Byung-Gon et. alCellular Networks and Mobile Computing
(COMS 6998-11)
TaintDroid Android Architecture in Detail
35
The End
• Questions and comments?
36
Cellular Networks and Mobile Computing (COMS 6998-11)