'MegaDroid' Tests Android Security At City Scale

Department of Energy launches MegaDroid, a network of 300,000 virtual Android devices, to study mobile security and stability at a city-sized scale.

J. Nicholas Hoover, Senior Editor, InformationWeek Government

October 4, 2012

2 Min Read

The Department of Energy's Sandia National Laboratories has created a virtual network of 300,000 Android smartphones in a platform called MegaDroid to study large smartphone networks and security.

The Android software is being run on racks of hundreds of commodity desktop computers linked together to form a relatively inexpensive cluster. The goal: replicate a large network of Android phones in the wild in order to understand network and security problems at scale, including data protection and leakage as well as problems that arise from widespread software glitches or natural disasters.

As part of the study, Sandia says it will build and eventually release open source software that will let cybersecurity researchers, application developers and the government model smartphone networks that could potentially also include virtual devices running other platforms like iOS or BlackBerry. It will also create a demonstration of the project that could be shared with other private and public sector entities.

Sandia's MegaDroid project follows up on two similar Sandia efforts, Megatux and MegaWin, which were large-scale simulations of virtual Linux and Windows machines. Sandia used those projects to study botnets. MegaDroid is, in some ways, the next step in that series of tests.

[ Will mobile biometrics drive identity and access management in the enterprise? Mobile Biometrics: Your Device Defines You. ]

"Smartphones are now ubiquitous and used as general-purpose computing devices as much as desktop or laptop computers," Sandia researcher David Fritz said in a press release. "But even though they are easy targets, no one appears to be studying them at the scale we're attempting."

However, the MegaDroid project introduces new complexities into large-scale operating system simulations because Android software is complex as it runs on top of a Linux kernel and because, by their nature, smartphones are not static like desktops and servers.

To account for mobility, Sandia will be creating mock GPS data to simulate the use of smartphones in a city. The virtual Android phones won't know the difference between the mock data and real GPS data. Sandia will use this data to simulate people walking around a city and can, for example, plot the virtual devices on a simulated street map.

As for the complexity? That's one issue the study is out to solve. "It's possible for something to go wrong on the scale of a big wireless network because of a coding mistake in an operating system or an application, and it's very hard to diagnose and fix," Fritz said. "You can't possibly read through 15 million lines of code and understand every possible interaction between all these devices and the network."

About the Author(s)

J. Nicholas Hoover

Senior Editor, InformationWeek Government

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights