Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
ISA 673 Operating Systems Security Exploring the Android Platform The Problem • Resource monitoring mostly done in usermode – Relies on system services and system calls for data – Kernel-mode malware can easily subvert it • Malware power usage largely unstudied – Studies limited – Full system instrumentation not available 5/23/2017 ISA673 - Operating Systems Security 2 Battery Utilization Monitoring • Project Goals – Track usage by resource and process – Modify resource scheduling to ensure fairness • Approach – Low-level (kernel level) – High enough to associate processes to resource requests 5/23/2017 ISA673 - Operating Systems Security 3 Development Process Instrument Kernel Drivers Collect Battery Usage Data Modify Kernel Scheduler Analyze Data/Identify Trends 5/23/2017 ISA673 - Operating Systems Security 4 System Approach Kernel Instrumentation Services Table Hooking Wake Lock Monitoring Data Collection Data Analysis Kernel-mode Collection Module Statistical Analysis Real-time Power Monitor Procfs Bridge to User-mode Charts & Graphs Process Queuing Changes Identify Trends Security vs. Battery Life Trade-offs Driver Modification Other (Undiscovered ) 5/23/2017 Modify Scheduler Upload to PC for Analysis ISA673 - Operating Systems Security 5 Design Philosophy • System changes are dangerous without data • Iterative approach allows for intelligent refinement • Modular design for flexibility • Analysis built into the design – Demonstrates success/failure of system changes 5/23/2017 ISA673 - Operating Systems Security 6 Progress to Date Kernel Instrumentation Services Table Hooking Wake Lock Monitoring Data Collection Data Analysis Modify Scheduler Kernel-mode Collection Module Statistical Analysis Real-time Power Monitor Procfs Bridge to User-mode Charts & Graphs Process Queuing Changes Identify Trends Security vs. Battery Life Trade-offs Driver Modification Upload to PC for Analysis Other (Undiscovered) 5/23/2017 ISA673 - Operating Systems Security 7 System Architecture Android Phone Desktop PC Data Collection Batterymine Daemon Analysis Engine User Mode proc_fs Kernel Mode Batterymine Scheduling Data Audio WiFi Video 5/23/2017 3G Bluetooth ISA673 - Operating Systems Security 8 Kernel Module • • • • Records per-process usage of resources Records per-interval usage of battery Writes tab-separated data to proc_fs Interface allows easy instrumentation of kernel • Supports multiple instrumentation strategies 5/23/2017 ISA673 - Operating Systems Security 9 Instrumentation Strategy • Build Batterymine into Android kernel • Modify code for most-used drivers • Attribute device usage to process where possible • Attribute to “Idle” otherwise. • Pros: Simple, allows for iterative development • Cons: – Requires intimate knowledge of driver code – Hardware dependent – Process ID not always available 5/23/2017 ISA673 - Operating Systems Security 10 Module Interface enum power_consumer_type { idle = 0, wifi, bluetooth, audio, threeG, video }; void bm_logDeviceUsage(enum power_consumer_type devType, struct timespec usageTime); void bm_logProcDeviceUsage(enum power_consumer_type devType, pid_t processID, struct timespec usageTime); #define BM_GET_START_TIME struct timespec ts = current_kernel_time() #define BM_GET_DIFF_TIME timespec_sub(current_kernel_time(), ts) 5/23/2017 ISA673 - Operating Systems Security 11 Sample Instrumentation void myAudioDeviceFunc(char *szPointer) { BM_GET_START_TIME(); if(NULL != szPointer) { bm_logDeviceUsage(audio, BM_GET_DIFF_TIME); return; } // ...driver code... bm_logDeviceUsage(audio, BM_GET_DIFF_TIME); } 5/23/2017 ISA673 - Operating Systems Security 12 Statistical Analysis • Problem • Approach • Multiple Regression • Output 5/23/2017 ISA673 - Operating Systems Security 13 Problem We need to figure it out how much battery is used for each device. 5/23/2017 ISA673 - Operating Systems Security 14 Approach • Collect the device usage data for each process for every time interval. • For each time interval, device usage is collected with battery reduction. • Execute Multiple Regression 5/23/2017 ISA673 - Operating Systems Security 15 Multiple Regression Y = a + b1*X1 + b2*X2 + ... + bn * Xn where Y : Battery Usage N: Number of devices bi: Coefficient of each device Xi: usage(process time) of device Xi 5/23/2017 ISA673 - Operating Systems Security 16 Output 5/23/2017 ISA673 - Operating Systems Security 17 Project Successes • Wins – Complete data collection and analysis engine • Supports any instrumentation strategy • Capable of comparing/contrasting instrumentation techniques – Partial instrumentation of kernel drivers • Real-time data collection • Minimal driver code change – Gained knowledge of kernel architecture 5/23/2017 ISA673 - Operating Systems Security 18 Project Failures • Picked infeasible approach to kernel instrumentation – Requires too many driver changes – Requires intimate knowledge of each driver – Hardware dependent • Cannot validate analysis – Did not collect enough data • Have not approached scheduler changes – Last step in process 5/23/2017 ISA673 - Operating Systems Security 19 How to Find More Info. • Project hosted on Google Code – http://code.google.com/p/batterymine • Code – Subversion support – Full source of modified kernel • Wiki – Build and Install instructions – Culmination of research • Downloads – Latest build of binaries – Slides 5/23/2017 ISA673 - Operating Systems Security 20