Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISA 673 Operating Systems Security Exploring the Android Platform.

Published byClementine Butler Modified over 9 years ago

Similar presentations

Presentation on theme: "ISA 673 Operating Systems Security Exploring the Android Platform."— Presentation transcript:

1 ISA 673 Operating Systems Security Exploring the Android Platform

2 The Problem Resource monitoring mostly done in user- mode – Relies on system services and system calls for data – Kernel-mode malware can easily subvert it Malware power usage largely unstudied – Studies limited – Full system instrumentation not available 1/9/2016ISA673 - Operating Systems Security2

3 Battery Utilization Monitoring Project Goals – Track usage by resource and process – Modify resource scheduling to ensure fairness Approach – Low-level (kernel level) – High enough to associate processes to resource requests 1/9/20163ISA673 - Operating Systems Security

4 Development Process 1/9/20164ISA673 - Operating Systems Security Instrument Kernel Drivers Collect Battery Usage Data Analyze Data/Identify Trends Modify Kernel Scheduler

5 System Approach 1/9/2016ISA673 - Operating Systems Security5 Kernel Instrumentation Services Table Hooking Wake Lock Monitoring Driver Modification Other (Undiscovered ) Data Collection Kernel-mode Collection Module Procfs Bridge to User-mode Upload to PC for Analysis Data Analysis Statistical Analysis Charts & Graphs Identify Trends Modify Scheduler Real-time Power Monitor Process Queuing Changes Security vs. Battery Life Trade-offs

6 Design Philosophy System changes are dangerous without data Iterative approach allows for intelligent refinement Modular design for flexibility Analysis built into the design – Demonstrates success/failure of system changes 1/9/2016ISA673 - Operating Systems Security6

7 1/9/2016ISA673 - Operating Systems Security7 Progress to Date Kernel Instrumentation Services Table Hooking Wake Lock Monitoring Driver Modification Other (Undiscovered) Data Collection Kernel-mode Collection Module Procfs Bridge to User-mode Upload to PC for Analysis Data Analysis Statistical Analysis Charts & Graphs Identify Trends Modify Scheduler Real-time Power Monitor Process Queuing Changes Security vs. Battery Life Trade-offs

8 Desktop PCAndroid Phone System Architecture 1/9/2016ISA673 - Operating Systems Security8 User Mode Kernel Mode Batterymine Audio Video WiFi Bluetooth 3G Batterymine Daemon proc_fs Data Collection Analysis Engine Scheduling Data

9 Kernel Module Records per-process usage of resources Records per-interval usage of battery Writes tab-separated data to proc_fs Interface allows easy instrumentation of kernel Supports multiple instrumentation strategies 1/9/2016ISA673 - Operating Systems Security9

10 Instrumentation Strategy Build Batterymine into Android kernel Modify code for most-used drivers Attribute device usage to process where possible Attribute to “Idle” otherwise. Pros: Simple, allows for iterative development Cons: – Requires intimate knowledge of driver code – Hardware dependent – Process ID not always available 1/9/2016ISA673 - Operating Systems Security10

11 Module Interface enum power_consumer_type { idle = 0, wifi, bluetooth, audio, threeG, video }; void bm_logDeviceUsage(enum power_consumer_type devType, struct timespec usageTime); void bm_logProcDeviceUsage(enum power_consumer_type devType, pid_t processID, struct timespec usageTime); #define BM_GET_START_TIME struct timespec ts = current_kernel_time() #define BM_GET_DIFF_TIME timespec_sub(current_kernel_time(), ts) 1/9/2016ISA673 - Operating Systems Security11

12 Sample Instrumentation void myAudioDeviceFunc(char *szPointer) { BM_GET_START_TIME(); if(NULL != szPointer) { bm_logDeviceUsage(audio, BM_GET_DIFF_TIME); return; } //...driver code... bm_logDeviceUsage(audio, BM_GET_DIFF_TIME); } 1/9/2016ISA673 - Operating Systems Security12

13 Statistical Analysis Problem Approach Multiple Regression Output 1/9/2016ISA673 - Operating Systems Security13

14 Problem We need to figure it out how much battery is used for each device. 1/9/2016ISA673 - Operating Systems Security14

15 Approach Collect the device usage data for each process for every time interval. For each time interval, device usage is collected with battery reduction. Execute Multiple Regression 1/9/2016ISA673 - Operating Systems Security15

16 Multiple Regression Y = a + b 1 *X 1 + b 2 *X 2 +... + b n * X n where Y : Battery Usage N: Number of devices b i : Coefficient of each device X i : usage(process time) of device X i 1/9/2016ISA673 - Operating Systems Security16

17 Output 1/9/2016ISA673 - Operating Systems Security17 Coefficients Intercept 2151.587317 Audio 256.8419143 Wifi 1017.472706

18 Wifi Output

19 Project Successes Wins – Complete data collection and analysis engine Supports any instrumentation strategy Capable of comparing/contrasting instrumentation techniques – Partial instrumentation of kernel drivers Real-time data collection Minimal driver code change – Gained knowledge of kernel architecture 1/9/2016ISA673 - Operating Systems Security19

20 Project Failures Picked infeasible approach to kernel instrumentation – Requires too many driver changes – Requires intimate knowledge of each driver – Hardware dependent Cannot validate analysis – Did not collect enough data Have not approached scheduler changes – Last step in process 1/9/2016ISA673 - Operating Systems Security20

21 How to Find More Info. Project hosted on Google Code – http://code.google.com/p/batterymine http://code.google.com/p/batterymine Code – Subversion support – Full source of modified kernel Wiki – Build and Install instructions – Culmination of research Downloads – Latest build of binaries – Slides 1/9/2016ISA673 - Operating Systems Security21

Download ppt "ISA 673 Operating Systems Security Exploring the Android Platform."

Similar presentations

Operating Systems Manage system resources –CPU scheduling –Process management –Memory management –Input/Output device management –Storage device management.

Operating Systems Manage system resources –CPU scheduling –Process management –Memory management –Input/Output device management –Storage device management.
Test Case Management and Results Tracking System October 2008 D E L I V E R I N G Q U A L I T Y (Short Version) www.megalith-solutions.com.

Test Case Management and Results Tracking System October 2008 D E L I V E R I N G Q U A L I T Y (Short Version)
Guard4Life Advanced GPS

Guard4Life Advanced GPS
1 SOFTWARE TESTING Przygotował: Marcin Lubawski. 2 Testing Process AnalyseDesignMaintainBuildTestInstal Software testing strategies Verification Validation.

1 SOFTWARE TESTING Przygotował: Marcin Lubawski. 2 Testing Process AnalyseDesignMaintainBuildTestInstal Software testing strategies Verification Validation.
Chorus and other Microkernels Presented by: Jonathan Tanner and Brian Doyle Articles By: Jon Udell Peter D. Varhol Dick Pountain.

Chorus and other Microkernels Presented by: Jonathan Tanner and Brian Doyle Articles By: Jon Udell Peter D. Varhol Dick Pountain.
CS 345 Computer System Overview

CS 345 Computer System Overview
Experience, Technology and Focus in Mid Market CRM Soffront Asset management: An Overview.

Experience, Technology and Focus in Mid Market CRM Soffront Asset management: An Overview.
Operating System (O.S.) Objectives & Functions

Operating System (O.S.) Objectives & Functions
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.

Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
I/O Devices and Drivers

I/O Devices and Drivers
Measuring Performance Chapter 12 CSE807. Performance Measurement To assist in guaranteeing Service Level Agreements For capacity planning For troubleshooting.

Measuring Performance Chapter 12 CSE807. Performance Measurement To assist in guaranteeing Service Level Agreements For capacity planning For troubleshooting.
Remote Surveillance System Presented by: Robarin Holdings Limited Telephone: +44-870-729-7837 Facsimile: +44-870-922-3-222 -

Remote Surveillance System Presented by: Robarin Holdings Limited Telephone: Facsimile:
Energy Model for Multiprocess Applications Texas Tech University.

Energy Model for Multiprocess Applications Texas Tech University.
Hands-On Microsoft Windows Server 2008 Chapter 11 Server and Network Monitoring.

Hands-On Microsoft Windows Server 2008 Chapter 11 Server and Network Monitoring.
CH 13 Server and Network Monitoring. Hands-On Microsoft Windows Server 20082 Objectives Understand the importance of server monitoring Monitor server.

CH 13 Server and Network Monitoring. Hands-On Microsoft Windows Server Objectives Understand the importance of server monitoring Monitor server.
Windows Server 2008 Chapter 11 Last Update 2012.06.07 1.0.0.

Windows Server 2008 Chapter 11 Last Update
Logitrac Advanced GPS THE FUTURE OF GPS TECHNOLOGY.

Logitrac Advanced GPS THE FUTURE OF GPS TECHNOLOGY.
Mobile Inspections Rebecca Wenner Kansas DHE Guy Outred Windsor Solutions.

Mobile Inspections Rebecca Wenner Kansas DHE Guy Outred Windsor Solutions.
MD-EXPERT Designed with doctors for doctors. One solution for multiple platforms 248-464- 2959.

MD-EXPERT Designed with doctors for doctors. One solution for multiple platforms
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

Similar presentations

Ads by Google