How to secure 300,000 smart phones? MegaDroid can help.
- By William Jackson
- Oct 09, 2012
Scientists at the Energy Department’s Sandia National Laboratories in California have created a 300,000-node network of virtual Android devices as part of a program to emulate large-scale networks to help researchers understand and defend complex online environments.
The network, called MegaDroid, is an emulation, not a model or a simulation, said David Fritz, a researcher and member of the senior technical staff at Sandia. “For all intents and purposes it’s a real Android device” on a virtual machine, he said.
Work on MegaDroid, which took a year to develop along with an earlier phase of the program called MegaTux, started in 2009 to create a network of 1 million virtual Linux machines. Still under way is an effort called MegaWin, which began in 2010 to create a virtual Windows network. MegaWin still has a year to go.
Can mobile devices work as ID cards, thin clients on a secure net?
When work is completed, Sandia scientists expect to release the results as an open-source software tool that will let researchers create their own virtual networks on inexpensive off-the-shelf PC clusters. Such a tool would be useful for government agencies from the municipal to the federal level that are deploying Android and other mobile devices on their networks. They would, for example, be able to test how the network handles software glitches, data breaches or natural disasters.
“The software will connect with the same software on all of the machines and bring up a network of all the devices and provide an interface for working with them,” Fritz explained.
The software will be able to scale from a small network of a hundred or so devices running on a single workstation to millions of virtual devices running on hundreds of nodes. The networks can be brought up in about 10 minutes out of the box, he said.
The virtual networks can be used by developers to create an environment in which new applications and platforms can be tested, and by security researchers to better understand and protect against threats on networks, including accidents, natural events and malicious attacks.
Such environments are necessary because of the sheer complexity of networks when large numbers of devices running sophisticated software are interacting with one another.
The Android operating system consists of some 14 million lines of code running on top of a Linux kernel of the same size, Fritz said. The resulting scale of possible interactions is beyond human comprehension.
“You can’t possibly read through 15 million lines of code and understand every possible interaction between all these devices and the network,” Fritz said. The emulated networks could enable real-world testing in a safe environment.
The MegaDroid network could be considered as a population of independent mobile devices connecting with network servers, or as a network of devices also interacting with each other. Such a network is rich with possibilities because of the advanced functionality of the handheld devices and the amount of data about the user’s environment that is routinely being gathered by them.
“You can think of Androids as a distributed sensor network,” Fritz said.
To make use of this data in the emulated network the Sandia scientists have included simulated sensor input, including a simulated Global Positioning System that can feed location data to each device that then is used in the same way as real GPS data.
Fritz said Sandia is eager to collaborate with other research institutions and schools to further the meganetworks platform. And scientists demonstrating the system for other organizations in government, industry and academia already have generated interest in the tool, he added. “I think there is a lot of desire to see the platform released.”
William Jackson is freelance writer and the author of the CyberEye blog.