國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
7.2 IP Location Finder
There are already some data provider such as IPInfoDB, IP2Location and MaxMind that offers API for users to find a geolocation of an IP address including latitude, longitude, city, region and country. All of them charges annual fees or buy-out payment for accessing their service since it’s hard to collect this kind of data. With Gnafuy framework, we could easily retrieve the geolocation of IP addresses by only acquiring user’s current location. In order not to send this task to the same device in a short period which would lead to many duplicate IP/geolocation pair in our result, Gnafuy API provides a hook for computing a unique key on each task which could prevent the redundant computation, this hook would be called when computing node asks for the next task. In this case, the implementation of this unique key could describe as the combination of device IP and geolocation. Once the computing node acquired the task and sends the result with unique key to control center, the control center would put the result into a queue as usual and persist the unique key into a bloom filter [34] for memorizing the executed computing node. After memorizing, the control center would ask computing node to switch to another task for contributing compute power. Meanwhile, the computing node would save a copy of current unique key for the executed task and would not apply the executed task until the unique key changes.
This approach helps us to prevent from retrieving redundant data and it’s easy to launch by simply add a flag distinct=true as listing 4. The initial data varies from the amount of result we desired. We could simply create n rows in an iterator as the initial data if we aim to collect n geolocations of IP address. Since the input is just a dummy counter and the output is a pair of IP and geolocation, the proper programming model of this converting algorithm could be described as Map, which takes one element of type K and produces a element of type T . The task terminates when the initial queue get exhaust. Through the result of this job is a mapping table of IP and geolocation, it’s still possible to export the bloom filter for the next time if we want to launch the some job but keep the redundant data out.
‧
Listing 4: Job Builder of IP Location Finder public class Geolocation {
public static void main(String[] args) throws Exception { Iterator<URLData> nIter = new Generator();
QueueRef initialData = new QueueRef("initialData");
QueueRef result = new QueueRef("result");
JobBuilder.createInstance("name.prefix","path/to/file.jar")
Since our framework provides API for developers to port their program/algorithm to volunteers’ smartphones dynamically which means developers could do whatever they want on volunteers’ smartphones. This feature would raise lots of security issues and so far we categorized the malicious behavior into two parts:
1. Damage to volunteers’ smartphones.
2. Damage to the whole network system.
From the aspect of the damaging to volunteers’ smartphones, developer could simply write an infinite loop with some commands that drive the CPU crazy or create unnecessary files as a worm. Worst of all, we found that Android SDK provides some built in function that would "help" developer with evil intentions to invade volunteers’ privacy by taking screenshots, viewing profiles generated by other apps or get volunteers’ location by lever-aging GPS module. For the damlever-aging to the whole network system, the developer could simply write a program to harass targeting web site by invoking tons of request from numerous clients from this framework, it turns volunteers’ smartphone into part of their zombie networks. For fixing these kind of problems we did some survey and found there are several ongoing researches including runtime memory introspection [35] and static
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
program analysis [35] for discovering malicious behavior.
However, the hardest thing for us is to determine what’s the real intention of the submitted program or which behavior is malicious. For example, the mapper of the word count example mentioned in the previous section asks every smartphones to visit different hiring requirements and split the content into a word-frequency table for further computing. Though the visited URLs are distinct but actually these URLs are in the same web site and it could burden the targeting web server when smartphones are crawling the same web site simultaneously from different location of the network. The intention of word count example is not to harass someone but it does.
8.2 Permission control
By far we gained permissions from users that enable Gnafuy app to receive data and per-form tasks dynamically without upgrading or reinstalling the whole app. However, these enabled permissions increases the dangerousness of some smartphone users. Developers could retrieve information like International Mobile Equipment Identity(IMEI) and GPS location continuously within one task.
Unfortunately, the combination of IMEI and GPS location helps us to track specific user’s daily routine and this would lead some invasion of privacy definitely. In order to prevent the abuse of crowd computing power, we could offer a configurable settings for smartphone users to limit the information they would like to provide. Meanwhile, we have to isolate Android SDK from Gnafuy API to prevent developers to invoke these native method directly. We could provide a series of functions in Gnafuy API that has the capa-bility to retrieve these personal data only when user has acknowledged in configuration.
9 Conclusion
We present Gnafuy, a framework utilizing crowd-smartphones to fulfill ubiquitous dis-tributed computation. Gnafuy provides flexible APIs for general purpose applications equipped with the ability of porting computation to mobile devices. Integrating the
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
power of crowd sourcing with mobile applications, tasks that ask for human wisdom could advance in a fluent way.
Acknowledgment
We thank anonymous reviewers for their valuable comments. This work was supported in part by Taiwan Information Security Center (TWISC), Academia Sinica, and Ministry of Science and Technology, Taiwan, under the grant MOST 104-2218-E-001-002 and MOST-103-2221-E-004 -006 -MY3.
References
[1] “Apache Hadoop.” http://hadoop.apache.org/. (Visited on 02/16/2016).
[2] M. Zaharia, M. Chowdhury, M. J. Franklin, S. Shenker, and I. Stoica, “Spark: Cluster Computing with Working Sets.,”
[3] M. Zaharia, M. Chowdhury, T. Das, A. Dave, J. Ma, M. McCauley, M. J. Franklin, S. Shenker, and I. Stoica, “Resilient distributed datasets: A fault-tolerant abstraction for in-memory cluster computing,” in Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation, pp. 2–2, USENIX Association, 2012.
[4] A. Thusoo, J. S. Sarma, N. Jain, Z. Shao, P. Chakka, N. Zhang, S. Antony, H. Liu, and R. Murthy, “Hive-a petabyte scale data warehouse using hadoop,” in Data Engi-neering (ICDE), 2010 IEEE 26th International Conference on, pp. 996–1005, IEEE, 2010.
[5] Y. Yu, M. Isard, D. Fetterly, M. Budiu, Ú. Erlingsson, P. K. Gunda, and J. Currey,
“DryadLINQ: A System for General-Purpose Distributed Data-Parallel Computing Using a High-Level Language.,” in OSDI, vol. 8, pp. 1–14, 2008.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
[6] “Dashboards.” http://developer.android.com/about/dashboards/index.html, 2015. Online; Accessed 4 January 2015.
[7] “Compare iPhone models..” http://www.apple.com/in/iphone/compare. Online;
Accessed 4 January 2015.
[8] L. Yang, J. Cao, Y. Yuan, T. Li, A. Han, and A. Chan, “A framework for parti-tioning and execution of data stream applications in mobile cloud computing,” ACM SIGMETRICS Performance Evaluation Review, vol. 40, no. 4, pp. 23–32, 2013.
[9] G. Huerta-Canepa and D. Lee, “A virtual cloud computing provider for mobile de-vices,” in Proceedings of the 1st ACM Workshop on Mobile Cloud Computing & Ser-vices: Social Networks and Beyond, p. 6, ACM, 2010.
[10] J. H. Christensen, “Using restful web-services and cloud computing to create next generation mobile applications,” in Proceedings of the 24th ACM SIGPLAN confer-ence companion on Object oriented programming systems languages and applications, pp. 627–634, ACM, 2009.
[11] E. E. Marinelli, “Hyrax: cloud computing on mobile devices using MapReduce,” tech.
rep., DTIC Document, 2009.
[12] N. Palmer, R. Kemp, T. Kielmann, and H. Bal, “Ibis for mobility: solving challenges of mobile computing using grid techniques,” in Proceedings of the 10th workshop on Mobile Computing Systems and Applications, p. 17, ACM, 2009.
[13] “Selenium - web browser automation.” http://www.seleniumhq.org/. (Accessed on 02/22/2016).
[14] P. J. Boland, “Majority systems and the condorcet jury theorem,” The Statistician, pp. 181–189, 1989.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
[15] “On Distinguishing between Reliable and Unreliable Sensors Without a Knowledge of the Ground Truth (2015), author=Yazidi Anis, Oommen John and Goodwin Morten, year=2015,”
[16] J. Dean and S. Ghemawat, “MapReduce: simplified data processing on large clusters,”
Communications of the ACM, vol. 51, no. 1, pp. 107–113, 2008.
[17] “Apache phoenix.” https://phoenix.apache.org/. (Visited on 06/13/2016).
[18] “The Scala Programming Language.” http://www.scala-lang.org/. (Visited on 02/17/2016).
[19] M. Isard, M. Budiu, Y. Yu, A. Birrell, and D. Fetterly, “Dryad: distributed data-parallel programs from sequential building blocks,” in ACM SIGOPS Operating Sys-tems Review, vol. 41, pp. 59–72, ACM, 2007.
[20] N. Fernando, S. W. Loke, and W. Rahayu, “Mobile cloud computing: A survey,”
Future Generation Computer Systems, vol. 29, no. 1, pp. 84–106, 2013.
[21] D. P. Anderson, “Boinc: A system for public-resource computing and storage,” in Grid Computing, 2004. Proceedings. Fifth IEEE/ACM International Workshop on, pp. 4–10, IEEE, 2004.
[22] D. P. Anderson, J. Cobb, E. Korpela, M. Lebofsky, and D. Werthimer, “SETI@ home:
an experiment in public-resource computing,” Communications of the ACM, vol. 45, no. 11, pp. 56–61, 2002.
[23] “Rosetta@home.” https://boinc.bakerlab.org/. (Visited on 02/18/2016).
[24] C. Shi, V. Lakafosis, M. H. Ammar, and E. W. Zegura, “Serendipity: enabling remote computing among intermittently connected mobile devices,” in Proceedings of the thirteenth ACM international symposium on Mobile Ad Hoc Networking and Com-puting, pp. 145–154, ACM, 2012.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
[25] S. Buchegger and J.-Y. Le Boudec, “A robust reputation system for peer-to-peer and mobile ad-hoc networks,” in P2PEcon 2004, no. LCA-CONF-2004-009, 2004.
[26] C. Dellarocas, “Immunizing online reputation reporting systems against unfair rat-ings and discriminatory behavior,” in Proceedrat-ings of the 2nd ACM conference on Electronic commerce, pp. 150–157, ACM, 2000.
[27] S. Sen and N. Sajja, “Robustness of reputation-based trust: Boolean case,” in Proceed-ings of the first international joint conference on Autonomous agents and multiagent systems: part 1, pp. 288–293, ACM, 2002.
[28] “Akka.” http://akka.io/. (Visited on 02/17/2016).
[29] “spray | rest/http for your akka/scala actors.” http://spray.io/. (Visited on 02/17/2016).
[30] “RabbitMQ - Messaging that just works.” https://www.rabbitmq.com/. (Accessed on 02/22/2016).
[31] “How to Run Node.js with Express on Mobile Devices.” http://www.sitepoint.
com/how-to-run-node-js-with-express-on-mobile-devices/. (Accessed on 02/22/2016).
[32] “Android Permission.” https://developer.android.com/reference/android/
Manifest.permission.html. Online; Accessed 4 May 2016.
[33] “Google reCAPTCHA.” https://www.google.com/recaptcha/intro/index.html.
(Accessed on 04/22/2016).
[34] A. Kirsch and M. Mitzenmacher, “Less hashing, same performance: Building a better bloom filter,” in Algorithms–ESA 2006, pp. 456–467, Springer, 2006.
[35] L. K. Yan and H. Yin, “Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis,” in Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 569–584, 2012.