Sandia Thinks Big About Android
October 2, 2012

Sandia Thinking Big For Android Security Research

Lee Rannals for — Your Universe Online

Sandia National Laboratories has built a network based on Android smartphones to find ways to make the devices more reliable and secure.

Android-based smartphones feature an open source operating system, making them more susceptible to hackers and viruses. Sandia researchers linked together 300,000 virtual hand-held devices running the operating system in an attempt to study large networks of smartphones and find ways to make them more stable in fighting off viruses and cyber attacks.

"Smartphones are now ubiquitous and used as general-purpose computing devices as much as desktop or laptop computers," Sandia's David Fritz said in a statement. "But even though they are easy targets, no one appears to be studying them at the scale we're attempting."

The MegaDroid project will help researchers at Sandia and other places who struggle to understand large-scale networks. Sandia said it expects to complete a sophisticated demonstration of the MegaDroid project that could be presented to potential industry or government collaborators.

John Floren, a computer scientist, said the virtual Android network at Sandia is carefully insulated from other networks at the Labs and the outside world.

He said a key element to the project is a "spoof" Global Positioning System (GPS).  The researchers created simulated GPS data of smartphone users in an urban environment, which is important to the study because features on the devices are location-dependent and could easily be controlled and manipulated by attackers.

The team then fed that data into the GPS input of an Android virtual machine. The software on the virtual machine treats the location data as indistinguishable from real GPS data, which offers the scientists a more accurate emulation environment to study what hackers can do to smartphone networks.

Sandia's latest development represents a significant step for those wanting to understand and limit the damage from network disruptions due to glitches in software or protocols. These disruptions can cause economic and other losses for individual consumers, as well as companies.

"You can't defend against something you don't understand," Floren said in the statement. He said the larger the scale, the better, because more computer nodes offer more data for researchers.

The latest project builds upon the Megatux project that started in 2009, in which Sandia scientists ran a million virtual Linux machines. Sandia ran another project later on that focused on Microsoft's Windows operating system called MegaWin.

The researchers said the challenge in studying Android-based machines is the complexity of the software. Google wrote about 14 million lines of code into the software, and the system runs on top of a Linux kernel, which doubles the amount of code.

"It's possible for something to go wrong on the scale of a big wireless network because of a coding mistake in an operating system or an application, and it's very hard to diagnose and fix," Fritz said in a statement. "You can't possibly read through 15 million lines of code and understand every possible interaction between all these devices and the network."

The team believes Sandia will continue to work on tools that industry leaders and developers can use to diagnose and fix problems in computer networks.

MegaDroid will be useful as a tool to find problems that could manifest themselves when large numbers of smartphones interact.

"You could also extend the technology to other platforms besides Android," Keith Vanderveen, manager of Sandia's Scalable and Secure Systems Research department, said in a statement. "Apple's iOS, for instance, could take advantage of our body of knowledge and the toolkit we're developing." He said Sandia also plans to use MegaDroid to explore issues of data protection and data leakage, which he said concerns government agencies such as the departments of Defense and Homeland Security.