ISA 673Operating Systems Security

Exploring the Android Platform

Battery Utilization Monitoring

• Project Goals– Track usage by resource and process– Modify resource scheduling to ensure fairness

• Approach– Low-level (kernel level)– High enough to associate processes to resource

requests

04/18/23 2ISA673 - Operating Systems Security

The Problem

• Resource monitoring mostly done in user-mode– Relies on system services and system calls for data– Kernel-mode malware can easily subvert it

• Malware power usage largely unstudied– Studies limited– Full system instrumentation not available

04/18/23 ISA673 - Operating Systems Security 3

System Approach

04/18/23 ISA673 - Operating Systems Security 4

Kernel Instrumentation

Services Table Hooking

Wake Lock Monitoring

Driver Modification

Other(Undiscovered)

Data Collection

Kernel-mode Collection Module

Procfs Bridge to User-mode

Upload to PC for Analysis

Data Analysis

Statistical Analysis

Charts & Graphs

Identify Trends

Modify Scheduler

Real-time Power

Monitor

Process Queuing Changes

Security vs. Battery Life Trade-offs

04/18/23 ISA673 - Operating Systems Security 5

Progress to DateKernel Instrumentation

Services Table Hooking

Wake Lock Monitoring

Driver Modification

Other(Undiscovered)

Data Collection

Kernel-mode Collection Module

Procfs Bridge to User-mode

Upload to PC for Analysis

Data Analysis

Statistical Analysis

Charts & Graphs

Identify Trends

Modify Scheduler

Real-time Power

Monitor

Process Queuing Changes

Security vs. Battery Life Trade-offs

Design Philosophy

• System changes are dangerous without data• Iterative approach allows for intelligent

refinement• Modular design for flexibility• Analysis built into the design

– Demonstrates success/failure of system changes

04/18/23 ISA673 - Operating Systems Security 6

Development Process

04/18/23 7ISA673 - Operating Systems Security

Instrument Kernel Drivers

Collect Battery Usage Data

Analyze Data/Identify

Trends

Modify Kernel

Scheduler

Desktop PCAndroid Phone

System Architecture

04/18/23 ISA673 - Operating Systems Security 8

User Mode

Kernel Mode

Batterymine

Audio

Video

WiFi

Bluetooth

3G

Batterymine Daemon

proc_fs

DataCollection

AnalysisEngine

Scheduling Data

Kernel Module

• Records per-process usage of resources• Records per-interval usage of battery• Writes tab-separated data to proc_fs• Interface allows easy instrumentation of

kernel• Supports multiple instrumentation strategies

04/18/23 ISA673 - Operating Systems Security 9

Instrumentation Strategy• Build Batterymine into Android kernel• Modify code for most-used drivers• Attribute device usage to process where

possible• Attribute to “Idle” otherwise.• Pros: Simple, allows for iterative development

• Cons: – Requires intimate knowledge of driver code– Hardware dependent– Process ID not always available

04/18/23 ISA673 - Operating Systems Security 10

Module Interfaceenum power_consumer_type{ idle = 0, wifi, bluetooth, audio, threeG, video};

void bm_logDeviceUsage(enum power_consumer_type devType, struct timespec usageTime);

void bm_logProcDeviceUsage(enum power_consumer_type devType, pid_t processID, struct timespec usageTime); #define BM_GET_START_TIME struct timespec ts = current_kernel_time()

#define BM_GET_DIFF_TIME timespec_sub(current_kernel_time(), ts)

04/18/23 ISA673 - Operating Systems Security 11

Sample Instrumentationvoid myAudioDeviceFunc(char *szPointer){

BM_GET_START_TIME();

if(NULL != szPointer) { bm_logDeviceUsage(audio, BM_GET_DIFF_TIME); return; }

// ...driver code...

bm_logDeviceUsage(audio, BM_GET_DIFF_TIME);}

04/18/23 ISA673 - Operating Systems Security 12

Statistical Analysis

• How much battery is used for each device?

• Collect device usage per process at a time interval

• Execute Multiple Regression

04/18/23 ISA673 - Operating Systems Security 13

Raw Battery Data

04/18/23 ISA673 - Operating Systems Security 14

Resource Usage Stats

04/18/23 ISA673 - Operating Systems Security 15

Power Consumption Per Resource

04/18/23 ISA673 - Operating Systems Security 16

Multiple Regression

• Y = a + b1*X1 + b2*X2 + ... + bn * Xn where Y : Battery Usage N: Number of devices bi: Coefficient of each device Xi: usage(process time) of device Xi

04/18/23 ISA673 - Operating Systems Security 17

Output  Coefficients

Intercept 2151.587317

Audio 256.8419143

Wifi 1017.472706

04/18/23 ISA673 - Operating Systems Security 18

Audio Line Fit Plot

0

2000

4000

6000

0 1 2 3

Audio

char

ge chargePredicted charge

Wifi Output

Wifi Line Fit Plot

0

2000

4000

6000

0 0.5 1 1.5

Wifi

ch

arg

e

chargePredicted charge

Project Successes

• Wins– Complete data collection and analysis engine

• Supports any instrumentation strategy• Capable of comparing/contrasting instrumentation

techniques

– Partial instrumentation of kernel drivers• Real-time data collection• Minimal driver code change

– Gained knowledge of kernel architecture

04/18/23 ISA673 - Operating Systems Security 20

Project Shortcomings

• Picked infeasible approach to kernel instrumentation– Requires too many driver changes– Requires intimate knowledge of each driver– Hardware dependent

• Cannot validate analysis– Did not collect enough data

• Have not approached scheduler changes– Last step in process

04/18/23 ISA673 - Operating Systems Security 21

How to Find More Info

• Project hosted on Google Code– http://code.google.com/p/batterymine

• Code– Subversion support– Full source of modified kernel

• Wiki– Build and Install instructions– Culmination of research

• Downloads– Latest build of binaries– Slides

04/18/23 ISA673 - Operating Systems Security 22