Documente Academic
Documente Profesional
Documente Cultură
TrustCom/BigDataSE/ISPA
Abstract—Smart mobile devices have become ubiquitous, and circumstances. Sometimes, users choose to check the confiden-
people prefer to choose smartphone in daily life rather than tial information online, instead of saving it in local storage, but
use traditional personal computer. However, due to the hard- attackers can still steal information from memory and cache
ware capability, performance of smartphones varies greatly and
sometimes it cannot meet the demand of users. Furthermore, if while users are reading it.
smartphone is attacked by malicious application, the local private Desktop virtualization [4], which combines virtualization
sensitive information will be leaked which in turn will cause and remote desktop [5], has attracted more attention in recent
huge losses. This paper proposes VSP, a Virtual Smartphone years and has been used in organizations and companies to
Platform. It offers a new way to enhance the capability of physical ease the burden of maintaining computers and improve the
smartphone by providing virtual smartphone (VS) deployed in
cloud. Users operate VS remotely through the thin-client of resource utilization. By deploying virtual machine (VM) in
VSP on physical smartphones, and ignore the limits of physical cloud, users can connect to their virtual desktop as long as they
mobile devices. The isolation of VS in cloud platform guarantees have Internet access, which is flexible and convenient. With
the security between VSes, and also prevents access to private virtualization technology, it’s easier to create a new instance
sensitive information on physical devices. The evaluation indicates and manage physical resources. Therefore, it is of profound
that average bandwidth cost with zlib is about 80 kBps and it is
suitable for use in practice. significance to research how to apply this architecture to mo-
Index Terms—Virtualization, Android, Remote Display, Cloud bile platform and provide a unified experience for mobile users
Computing, Ant Colony Optimization. with convenient management. Different from the traditional
VM, VS is much more lightweight. So with the same resource,
I. I NTRODUCTION VSP can provide more VSes than VMs that general desktop
virtualization or cloud provides, which is an obvious advantage
With the portability, connectivity and increasing popularity of VSP.
of smart mobile device, smartphone has become a better In this paper, we choose ant colony optimization [6] to
choice for general work and entertainment than laptop and solve VS assignment problem on this multi-tenant platform
desktop computer. Mobile devices become more powerful [1], and improve resource utilization of servers. With more detailed
and some applications are developed with high resource con- and efficient design, VSP is more suitable for use in practice.
sumption, like 3D games, which may not function well with VSP creates VSes for end users according to their con-
low-end devices. Due to the limits of hardware resources of figuration, and users control remote VS through a thin-client
smartphones, such as central processing unit (CPU), memory, application on their physical mobile devices. VSes are running
storage and battery, mobile application developers have to take in cloud and transfer screen data to physical devices. Then,
these constraints into consideration and sacrifice performance even the low-end device can provide an experience of complex
to guarantee the usability. Currently, there are various mobile applications with high quality. Currently, the prototype of VSP
operating systems (OS), such as iOS, Android, Windows, etc. just supports Android VS, and we have left other mobile OSes
Different OSes lead to different user experiences, but not to future work.
every application has the corresponding version to specific The isolation between VSes guarantees that different ap-
mobile OSes. Some related work provided a cross-compilation plications in different VSes won’t disturb each other. It also
approach where the applications are cross-compiled to several prevents applications in VS from the access of physical devices
programming languages, like C for iOS and C# for Windows by just transferring screen data to users. In other words, even
Phone 7 [2], or using a software compatibility layer to run the application deployed in remote VS is malicious [7], it
applications of other mobile OSes [3], but the performance cannot access to user’s private sensitive information on the
of running applications on corresponding mobile OSes is still physical smartphone. The security mechanism of cloud service
much better. [8] provides a safer environment than before. Furthermore,
The security of private sensitive information in the smart- users can put sensitive applications such as enterprise applica-
phone is also of great significance for current users. Once the tions on remote VS to prevent the attack from physical devices,
smartphone is corrupted by malicious applications, attackers since the sensitive content could not be cached locally and
can abuse the personal information easily and lead to terrible there are only screen data in physical memory.
!
"# $
%
%
performance server can even support hundreds of VSes. Due to
%
the scalability of NFS, there is sufficient disk storage for VSes &%
% *+ % %
%
and storage cannot be the limit of usability. All the VSes and &%, &%, &%,
&%,
%
servers are controlled by management node and more details
%
%,
) %,
are introduced below.
%%
1435
1436
and input device are implemented at the virtual layer. Without Application Trial
any change to natural OS, VS could handle screen display and There are various applications in the application store. If
input events. The client is composed of event controller which users want to try an application, they need to download
controls the operation events of users and screen controller the installation package and install it. Sometimes, it’s time-
that responds to update screen. The data of events and screen consuming to download a big application. Users may take the
are packaged to deliver through TCP socket, and the detail of risk to install an application which is not suitable for them.
protocol rule will be discussed in Section III-B. Also, due to the limit of physical devices, some smartphones
cannot install some specific applications. However, with VSP,
D. SCENARIOS ANALYSIS developers can put the applications on remote VS, and users
VSP can be deployed in many scenarios with better user can connect to it and try the application before downloading
experience. Some common scenarios are described below. it. In this way, users can prevent installing the application
Data Protection they don’t want and save time. It’s a better experience for
In the enterprise, there are many internal materials that users of application store and it’s more efficient to promote
should be protected from the outside. Generally, staff access applications.
these materials through devices that are managed by IT
department to guarantee the security of confidential business III. IMPLEMENTATION
information. Furthermore, most enterprises also have their In this section, we describe the prototype of VSP, and the
official mobile application to allow staff working with their OS of VS is Android currently. Android is one of the most
mobile devices. But it’s much more difficult to manage these popular mobile device OS. It is based on Linux and Android
devices than general PC and ensure that they don’t carry Open Source Project (AOSP). Android emulator, which is
malicious application or virus. based on QEMU [10] and also open-source in ASOP, can help
Using VSP to provide mobile working environment, we can developers to run Android on a general PC environment. VS
guarantee the confidentiality of internal business materials. is based on Android emulator, and there is a set of virtual
It ensures that all the access and operation with sensitive hardware. We deployed VSP on Linux server and use KVM
materials are under control of IT department by deploying [11] to improve performance.
VSP on internal servers and running the VSes with a specific
configuration for the explicit working requirement. When staff A. ARM Native Code and libhoudini
want to work with their mobile devices, they can connect to a There are a lot of Android applications and most of them are
remote VS through the client of VSP. All the internal materials written in Java. Java applications can be compiled once and run
will not be cached locally and the attack on physical devices everywhere. When developing Android applications with Java,
cannot affect the remote OS or application in VS. developers can ignore the detailed design of different hardware
Sandbox platform. This is convenient but not always efficient. If we
With the increasing popularity of smartphone, the security want to implement some CPU-intensive applications, like the
of mobile devices has become a hot topic in recent years. game engine, it’s better to use native C/C++ code for better
Although the OS of mobile devices, like Android and iOS, performance and hardware utilization.
provides system-level security scheme and framework, users ARM used to be the only platform that supports Android.
can still obtain the super privilege of OS by root or jailbreak, But now, there is also an Android-x86 which is a unofficial
which leads to potential attacks. platform to run Android on AMD and Intel x86 chips. In
By running VS remotely, virtual OS and local OS are order to run ARM applications on Android-x86, Intel has a
separated completely. Even if the physical smartphone is compatibility layer named libhoudini. It is a binary translator,
attacked, the VS could be safe and run normally. Well, if converting the ARM instructions into corresponding x86 in-
the VS is attacked, we can remove the VS and create a structions. With libhoudini, we can define a new x86 VS to
new one easily. In addition, using VS as a sandbox, we support native ARM applications. BoardConfig.mk is the key
can put different applications into different VSes and provide configuration file which describes the information of device
an isolated environment for them. They will not interfere and we update it to let the x86 VS support ARM instructions.
with each other and could be protected from the malicious We add ARM lib and libhoudini to /system/lib and let
application outside. Android system know that the CPU supports ARM instructions
Remote Debug now, otherwise the Android system will reject the installation
Android can run on different hardware architectures. If of native ARM applications when it found that it doesn’t
developers write C/C++ code with Android NDK, they need support ARM instructions.
to compile it for different platforms (eg. different versions of
Android) and debug. In VSP, developers can create various B. Communication
VSes according to the debug requirement and install the VSP uses TCP connection as communication protocol,
corresponding application. Then they can connect to VSes which ensures the reliable transmission of data without pack-
and debug the application remotely, even though there are not age loss. When a client connects to the server, server sends
enough physical devices or some specific devices. current protocol version to the client. If the client supports this
1436
1437
protocol version, it will send back the same information. After which redraws remote screen of server and catches the touch
the handshake, server sends the list of encoding methods to events. In some traditional remote display protocols, client is
the client. Then client shows the list of encoding methods to responsible for handling the screen updates and requesting a
VSP users and sends back the choice. VSP supports raw for new screen image from server frequently. In this situation, the
original data and zlib for compressed data currently. With zlib latency is one Round Trip Time (RTT). But, the server of VSP
encoding method, users can get a better user experience under only sends the update data when the screen is changed which
low bandwidth environment or in a 4G network. Next, the takes only half of one RTT.
server informs client the screen resolution of VS, including
height and width, and client can draw the layout of remote Android implements a virtual hardware platform named
screen according to it. Goldfish and the frame buffer device of Godlfish manages
After the initialization, client catches the touch event of the screen display. In Android emulator, the frame buffer can
user and sends it to server. The main information of touch be further divided into producer and consumer. The frame
event includes X-axis, Y-axis and press status (1 for down buffer device of Goldfish is the producer which simulates
and 0 for up), shown in Table I. According to the proportion hardware layer and updates screen. The regular display screen
in Android system is consumer. When there is any change
TABLE I: Message of Touch Event of screen, the emulator will invoke the callback function
of update screen to get screen data from frame buffer. We
Type Value
implement the screen catch in this callback function, and the
8 unsigned char message type(1) information of updated area includes a start location (x,y),
16 unsigned char X-axis width and height. For better performance, server just sends the
16 unsigned char Y-axis updated data of screen to client for redrawing remote display.
8 unsigned char press status(0/1)
There is a buffer queue for server and client to append and
take the screen update data. However, the user experience will
of local layout of the screen and remote VS, the location of
suffer when the network connection is slow and the producing
touch event is converted to the actual position of VS before
speed of server is faster than the consuming speed of client.
sending. Besides the touch event on screen, hardware key event
In order to avoid the buffer queue becoming too long, each
is also caught and sent to server, shown in Table II. The code
screen update data packet contains a sequence number, and
TABLE II: Message of Hardware Key Event if the client received the specific data, it will send back an
acknowledgement message. When there are too many screen
Type Value update data that client has not responded, these packages will
8 unsigned char message type(2) be dropped to avoid the jam-up in the buffer queue.
16 unsigned char key code
Touch event and keyboard event are the main remote events.
8 unsigned char press status(0/1)
When server receives remote event message, it distinguishes
the type and delivers it to corresponding event handler. Touch
of hardware key is defined in android/linux keycodes.h, for
event handler extracts parameters about X-axis, Y-axis and
example, 158 for back, 229 for menu, etc.
state (up or down), then invokes kbd mouse event to pro-
The server sends screen update message to client when there
cess this event in Android. Similarly, keyboard event handler
is any change of VS, and client updates the screen on the
extracts the key code from remote message and invokes
physical device. Table III shows the screen update message of
user event keycode to respond the remote keyboard input
VS.
event.
TABLE III: Message of Screen Update
We choose SDL library to implement the key functions
Type Value about drawing remote screen. SDL is a C code library and
8 unsigned char message type(0) convenient to use on different platforms. We write PC client
16 unsigned char X-axis with Python and PySDL2, and mobile client with NDK and
16 unsigned char Y-axis C code.
16 unsigned char width There is a main loop to listen the socket port after a
16 unsigned char height client connects to remote VS. According to SDL, client puts
32 unsigned char package length the screen data in a texture. When client receives update
binary data package data message of screen, it updates texture and delivers it to the
renderer, then according to the renderer result to display
remote screen on client physical screen. Furthermore, we also
C. Server & Client add FLAG SECURE, the security flag of Android application,
The server is responsible for updating screen and enforcing to ensure that other applications can not get the view of VSP
the remote events of client. And the client is a thin-client client through screenshot.
1437
1438
IV. VIRTUAL SMARTPHONE ASSIGNMENT 1 1
ηij = m × m (9)
Similar to virtual machine assignment (VMA) [12], the j=1 Wpj j=1 Wmj
assignment of VS is also important where a set of VSes is
assigned to a set of physical servers. In order to guarantee a Fij = α × τij + (1 − α) × ηij (10)
high utilization of server resources, VSP needs to figure out q0 ∈ [0, 1] is a fixed value that is set at the beginning and
an explicit assignment scheme in a short time with least waste. q ∈ [0, 1] is a random variable. If q < q0 , ant chooses a best
In this paper, we choose ant colony optimization which can path from a set of visited paths; if q ≥ q0 , ant tries a new
figure out a solution to assign 1000 VSes within 9 minutes. path and compares it with others. When getting Ωj , the set of
VS assignment problem is a multi-dimensional bin-packing available VSes for server j, VSP chooses one with max Fij to
problem. Each server can be regarded as a d-dimensional put on the server (see Eq.11).
vector, and each dimension represents a kind of resource, like
CPU, memory, network, etc. In this prototype, we focus on argmaxs∈Ωj Fsj , q < q0
i= (11)
two dimensions, CPU and memory. Wpj represents the CPU s , otherwise
waste of the j-th server, and Wmj represents memory waste of According to the analysis above, probability Pij is defined
the j-th server. Tpj and Tmj are the threshold values of CPU like Eq. 12
and memory. Upj and Umj show the actual values. F
ij , i ∈ Ωj
Pij = s∈Ωj Fsj
Tpj − Upj (12)
Wpj = (1) 0 , otherwise
100
After each iteration, VSP updates the local trail level τijlocal .
Tmj − Umj Δτijk (t) represents trail level of ant k on this path, and it is
Wmj = (2)
100 calculated according to Eq. 14
We assume that there are n VSes, m servers and we need N
oA
to put the n VSes on the m servers. Average value of CPU τijlocal = (1 − ρ) × τij (t) + Δτijk (t) (13)
and memory that the i-th VS needs are Rpi and Rmi . The k=1
binary variable yj is the status value to show whether the j-th
1
server is using. When the i-th VS is put on j-th server, we set m
Wpj × m , (i, j) ∈ Sk (t)
Δτijk (t) = j=1 Wmj (14)
xij = 1. So, we can describe this problem as the following j=1
0 , (i, j) ∈
/ Sk (t)
formulas:
Sk (t) is the solution from ant k. If (i, j) ∈ Sk (t), we can
m
Tpj − n (x ·R )
j=1 yj ×
n i=1 ij pi
(x ·R )
put VS i on server j. It’s observed that if waste of CPU and
ij pi
Min m i=1 (3) memory becomes less after putting VS i on server j, the trail
j=1 (yj ) level on this path will increase.
m
Tmj − n (x ·R )
Similar to τijlocal , VSP also needs to update global trail level.
j=1 yj ×
n i=1 ij mi
m i=1
(x ij ·R mi ) N oS is the number of solution, and Δτijs (t) is the trail level
Min (4)
j=1 (yj ) number of solution s on the path (i, j) (see Eq.16).
where: N
oS
m
τij (t + 1) = τijlocal + Δτijs (t) (15)
xij = 1, ∀i ∈ I (5) s=1
j=1
1
n
m
Wpj × m , (i, j) ∈ Ss (t)
Δτijs (t) = j=1 j=1 Wmj (16)
Rpi · xij ≤ Tpj · yj , ∀j ∈ J (6) 0 , (i, j) ∈
/ Ss (t)
i=1
n The trail level of next iteration is calculated with τijlocal and
Rmi · xij ≤ Tmj · yj , ∀j ∈ J (7) sum of Δτijs (t). It is also obvious that if the utilization rate of
i=1 CPU and memory increases after the assignment of VS, trail
level will increase correspondingly.
yj , xij ∈ {0, 1} , ∀i ∈ I ∧ ∀j ∈ J (8)
1438
1439
A. CPU Utilization !
describe CPU utilization of servers with different number of
VSes. The average CPU utilization of these four situations
are 2.67%, 5.17%, 9.03% and 12.07%. When we add VS, the
utilization increases 3.04%, 3.31% and 3.04% separately. We
can discover that the CPU utilization increases linearly as the
number of VS grows. This indicates that a high-performance
server can run numerous VSes, and VSP is feasible in the real
environment.
another server with zlib encoding method. We test five times
and calculate the average value of each CPU utilization. The
result shows that the former’s CPU utilization is 2.72% and
the latter one is 2.79%. This indicates that the compression
process doesn’t consume much CPU resources, and there is
only 2.5% overhead.
B. Bandwidth
Fig. 4: CPU Utilization of Server with One VS Running VS on the remote server whose CPU is considered
more powerful can reduce the CPU burden of the physical
mobile device. However, screen update date still should be
!
Fig. 5: CPU Utilization of Server with Two VSes
!
1439
1440
transferred through the network and we need to consider the !()
bandwidth carefully.
!()
compress the screen update data and reduce the burden of
bandwidth. In the bandwidth experiment, we record the band-
width with raw and zlib separately. In Figure 8, we don’t
compress screen update data and send the original data to
client. The highest bandwidth cost is 8542.59 kBps and the
average value is about 1200 kBps. When we use zlib, in Figure
)
$0&
1#2/3#
4#$1#2/3#
"2/3#
4#$"2/3#
,
%
Fig. 10: Battery Consumption
First, we run some applications on the physical mobile -%.#/ !
device and execute the predesigned operations for 40 minutes.
Fig. 12: CPU Waste
The predesigned operations include playing video, running
a benchmark and visiting the website. At the meanwhile,
the same operations are executed on VSP client to control
remote VS. The result is shown in Figure 10. These operations )
$0&
1#2/3#
is much higher than using VS where the real operations are
consumption of battery.
D. SLA Analysis
As a cloud service provider, VSP needs to guarantee the
-%.#/ !
SLA with enough resource, but also needs to reserve some
resource for server and prevent wasting resource. We define Fig. 13: Memory Waste
different CPU reservation to observe the rate of SLA violation
in VSP. Figure 11 shows that the rate of SLA violation is less Compared to First-fit and Best-fit which consume less time,
than 5% when the CPU reservation is 10%. So we set the ant colony optimization is a large-scale computing process
CPU reservation of server to 10% and this is also used in ant with longer time. But in Figure 14, we can observe that
colony optimization to solve VS assignment problem. ant colony optimization can figure out a solution to assign
1440
1441
1000 VSes within 9 minutes, which is still suitable for use in ACKNOWLEDGEMENT
practice. This work was supported by NSFC (No. 61272101,
6152504), National Infrastructure Development Program (No.
)
$)5#'
2013FY111900), and Shanghai Key Laboratory of Scalable
Computing and Systems.
R EFERENCES
1441
1442