The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only...
Transcript of The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only...
![Page 1: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/1.jpg)
Oren Laadan
LinuxCon 2013
September 18, 2013
www.cellrox.com
The Case for Device Namespaces
aprilzosia
![Page 2: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/2.jpg)
LinuxCon 2013 2
Device Namespaces Roots Based on research at Columbia University: • “Cells: A Virtual Mobile Smartphone Architecture”
• Authors: Jeremy Andrus, Christoffer Dall, Alex Van’t Hof,
Oren Laadan, Jason Nieh.
• Proceedings of the 23rd Symposium on Operating Systems Principles (SOSP 2011). Cascais, Portugal. October, 2011 .
![Page 3: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/3.jpg)
LinuxCon 2013 3
Mobile devices have multiple uses -
![Page 4: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/4.jpg)
LinuxCon 2013 4
Mobile devices have multiple uses -
- the device needs to reflect that.
![Page 5: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/5.jpg)
LinuxCon 2013 5
Personal Phone Business Phone
Security Use Case
![Page 6: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/6.jpg)
LinuxCon 2013 6
Do People Remember?
• Only download apps from trusted sources, such as reputable app markets. Remember to look at the developer name, reviews, and star ratings.
• Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
• Be alert for unusual behavior on your phone. Suspicious behavior could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity.
• Install a mobile security app for your phone that scans every app you download to ensure it’s safe.
![Page 7: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/7.jpg)
LinuxCon 2013 7
No, They Don’t!
• Only download apps from trusted sources, such as reputable app markets. Remember to look at the developer name, reviews, and star ratings.
• Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
• Be alert for unusual behavior on your phone. Suspicious behavior could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity.
• Install a mobile security app for your phone that scans every app you download to ensure it’s safe.
![Page 8: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/8.jpg)
LinuxCon 2013 8
No, They Don’t!
• Only download apps from trusted sources, such as reputable app markets. Remember to look at the developer name, reviews, and star ratings.
• Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
• Be alert for unusual behavior on your phone. Suspicious behavior could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity.
• Install a mobile security app for your phone that scans every app you download to ensure it’s safe.
![Page 9: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/9.jpg)
LinuxCon 2013 9
User Behavior is the #1 Security Risk Lack of user awareness about security policies Insecure web browsing Insecure Wi-Fi connectivity Lost or stolen mobile devices with corporate data Corrupt app downloaded to mobile devices Lack of security patches from service providers High rate of users changing/upgrading devices
![Page 10: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/10.jpg)
LinuxCon 2013 10
More Use Cases
Personal Phone Business Phone Children Phone Privacy Phone Secure Phone
![Page 11: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/11.jpg)
LinuxCon 2013 11
Mobile Wallets
![Page 12: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/12.jpg)
LinuxCon 2013 12
Even More Use Cases
Personal Phone Business Phone Children Phone Privacy Phone Secure Phone Social Phone Guest Phone Dev Phone
![Page 13: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/13.jpg)
LinuxCon 2013 13
Multi-Persona for Mobile Devices
![Page 14: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/14.jpg)
LinuxCon 2013 14
The Usual Suspect
Virtualization
“Every problem in computer science can be solved using another layer of abstraction.”
![Page 15: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/15.jpg)
LinuxCon 2013 15
Android
applications
Android
environment
Linux
kernel
Device
hardware
Typical device
Mobile Device Virtualization
Android
applications
Android
environment
Linux
kernel
Device
hardware
Typical device
![Page 16: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/16.jpg)
LinuxCon 2013 16
Nobody Will Notice?
Performance Transparent Application Transparent Platform Transparent User Transparent
![Page 17: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/17.jpg)
LinuxCon 2013 17
Bare-Metal Virtualization
Android
applications
Android
environment
Linux
kernel
Device
hardware
Typical device
Android
applications
Android
environment
Linux
kernel
Device
hardware
Virtual Phone
Hypervisor Type I
Android
applications
Android
environment
Linux
kernel
Virtual Phone
![Page 18: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/18.jpg)
LinuxCon 2013 18
Bare-Metal (Type-I) Virtualization Suitable for servers • standard hardware • slow server replace rate • strong security model
Sub-optimal for mobile devices • burden to support devices • reduced performance / battery-life • sub-optimal use of resources
![Page 19: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/19.jpg)
LinuxCon 2013 19
Android
applications
Android
environment
Linux
kernel
Device
hardware
Typical device
Android
applications
Android
environment
Linux
kernel
Virtual Phone
Hypervisor Type II
Linux kernel
Android
applications
Android
environment
Virtual Phone
Host-Based Virtualization
Android
applications
Android
environment
Linux
kernel
Device
hardware
Typical device
Device
hardware
![Page 20: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/20.jpg)
LinuxCon 2013 20
Host-Based (Type-II) Virtualization Suitable for desktops • rely on host for hardware • rely on host for resources • rely on host for security
Sub-optimal for mobile devices • weak security model (can trust host?) • reduced performance / battery-life • sub-optimal use of resources
![Page 21: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/21.jpg)
LinuxCon 2013 23
Virtual Phone
Operating System Virtualization
Android
applications
Android
environment
Linux
kernel
Device
hardware
Typical device Virtual Phone
Android
applications
Android
environment
Linux
kernel
Device
hardware
Android
applications
Android
environment
Namespaces
![Page 22: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/22.jpg)
LinuxCon 2013 24
Operating System Virtualization Namespaces
“provide a group of processes with the illusion that they are the only processes on the system” (LWN article)
![Page 23: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/23.jpg)
LinuxCon 2013 25
Operating System Virtualization Challenge 1: hardware diversity • plethora of peripherals not virtualized • key logical devices not virtualized Challenge 2: interactive usage • users interact with one app at a time • foreground vs. background apps
![Page 24: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/24.jpg)
LinuxCon 2013 26
Hardware Diversity A typical collection of peripherals available on a modern smartphone or tablet:
Headset Microphone Speakers (Touch) Screen
Power Buttons Telephony Bluetooth
GPS WiFi Framebuffer GPU
Compass Camera(s) Accelerometer RTC/Alarms
![Page 25: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/25.jpg)
LinuxCon 2013 27
Device Namespaces Two roles: • Virtualize physical and logical devices, to
address hardware diversity
• Multiplex access to devices and switch contexts to allow interactive usage
![Page 26: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/26.jpg)
LinuxCon 2013 28
Device Namespaces HW diversity: traditional virtualization • create the illusion that processes interact
exclusively with a set of devices • hide the fact that other processes interact
with the same set of devices • Device major/minor (e.g. loop, dm), and
device setup and internal state
![Page 27: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/27.jpg)
LinuxCon 2013 29
Device Namespaces Interactivity: context-aware virtualization • concept of an active namespace, with
which the user actually interacts • ability to switch namespaces, to allow
interacting with multi-namespaces • users really interact with one namespace
at a time
![Page 28: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/28.jpg)
LinuxCon 2013 30
Device Namespaces
Android
applications
Android
environment
Android
applications
Android
environment
Linux
kernel
Device
hardware
Namespaces
Touch
Cam
era
(s)
Headset
GP
U
Fra
mebuf
GP
S
Butto
ns
![Page 29: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/29.jpg)
LinuxCon 2013 31
Framebuffer: single assignment?
Android
applications
Android
environment
Linux
kernel
Framebuffer
Android
applications
Android
environment
Android
applications
Android
environment
VP VP VP
![Page 30: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/30.jpg)
LinuxCon 2013 32
Framebuffer: emulated hardware?
Android
applications
Android
environment
Linux
kernel
Android
applications
Android
environment
Android
applications
Android
environment
VP VP VP
Emulated Framebuffer
Virtual
State Framebuffer
![Page 31: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/31.jpg)
LinuxCon 2013 33
Framebuffer: device namespaces
Android
applications
Android
environment
Linux
kernel
Android
applications
Android
environment
Android
applications
Android
environment
Background Foreground Background
RAM Framebuffer
Virtualized Framebuffer
![Page 32: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/32.jpg)
LinuxCon 2013 34
Framebuffer: device namespaces
Android
applications
Android
environment
Linux
kernel
Android
applications
Android
environment
Android
applications
Android
environment
Background Foreground Background
RAM Framebuffer
Virtualized Framebuffer
![Page 33: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/33.jpg)
LinuxCon 2013 35
Framebuffer: device namespaces
Android
applications
Android
environment
Linux
kernel
Android
applications
Android
environment
Android
applications
Android
environment
Background Background
RAM Framebuffer
Foreground
Virtualized Framebuffer
![Page 34: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/34.jpg)
LinuxCon 2013 36
Experimental Benchmarks • CPU (Linpack) • Graphics (Neocore) • Storage (Quadrant) • Web browsing (SunSpider) • Networking (custom)
![Page 35: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/35.jpg)
LinuxCon 2013 37
Runtime Overhead (Idle)
0.00
0.20
0.40
0.60
0.80
1.00
1.20
1.40
Linpack NeoCore QuadrantI/O
SunSpider
Network
Baseline 1-VP 2-VP 3-VP 4-VP 5-VP
![Page 36: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/36.jpg)
LinuxCon 2013 38
Runtime Overhead (load)
0.00
0.20
0.40
0.60
0.80
1.00
1.20
1.40
Linpack NeoCore QuadrantI/O
SunSpider
Network
Baseline 1-VP 2-VP 3-VP 4-VP 5-VP
![Page 37: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/37.jpg)
LinuxCon 2013 39
Power Consumption Overhead
0.00
0.20
0.40
0.60
0.80
1.00
1.20
1.40
After 4hrsMusic
After 12hrsIdle
Baseline 1-VP2-VP 3-VP4-VP 5-VP
![Page 38: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/38.jpg)
LinuxCon 2013 40
Device Namespaces Patches • RFC patch-set posted in “containers”
and “lxc-devel” mailing lists • Includes 8 patches for: input, backlight,
LED, framebuffer, some Android • Demo of dual-namespaces and switch
between them on Android • Topic at containers mini-conf at LPC
tomorrow
![Page 39: The Case for Device Namespaces · 2017. 12. 14. · 7 LinuxCon 2013 No, They Don’t! •Only download apps from trusted sources, such as reputable app markets. Remember to look at](https://reader036.fdocuments.us/reader036/viewer/2022071006/5fc34d1e8146f6291d6c67e2/html5/thumbnails/39.jpg)
LinuxCon 2013 41
Summary https://www.github.com/Cellrox/devns-patches/wiki • Device namespaces bring virtualization to
end-user devices. • Active vs. non-active namespaces based
on natural usage model • Native performance (up to ~1% overhead
in Vellamo benchmark) • RFC patch-set posted in “containers” list,
to be discussed in LPC