A Cloud-Based Virtualized Execution Environment for Mobile Applications

This work was supported in part by a grant from the National Science Council under
No. 98-2220-E-002-020, 99-2220-E-002-026, and 95-2221-E-002-098-MY3.

1 Introduction
    Smartphones and cloud computing technologies have enabled the development of sophisticated and pervasive applications. Yet applications on the latest generation of smartphones are limited by battery power, computation speed, and memory size of the smartphone as well as bandwidth in the wireless network [1]. Offloading some of the application workload from the smartphone to a server can save execution time and conserve energy [2]. Today, many cloud-based services are available that have low amortized operation costs [3]. This client-server model has worked quite successfully over the years. Remote execution of mobile applications can save much power [1], but program partitioning is required. Furthermore, as cloud-based services become popular, security and privacy issues are also raised. Facebook, for example, has long been criticized for the privacy risks associated with its site. The following issues in cloud services are of concern to users and application developers:

• Application redesign and deployment: Existing applications have to be partitioned, and the server part has to be deployed. This requires extra development and management effort and cost.
• Network condition and service availability: The quality of a cloud service depends largely on network condition. This raises issues for applications that still need to perform well in poor network connections.
• Control of applications: If a service provider performs computation, users are no longer in full control of their applications. Developers and users can be trapped by proprietary interfaces and could be treated unfairly by a provider.
• Privacy of personal data: User privacy can easily be violated by a service provider. It is not uncommon for service providers to access user data, and it is nearly impossible for users to monitor how this data is used.
• Information security: Offloading workload increases security risks because data is propagated over the Internet and stored with the service provider. During transmission, data is open to eavesdropping by attackers or the service provider.

    To address these issues, we propose a framework in which a user can create a virtualized execution environment (virtual environment) in the cloud for running mobile applications. Unlike a client-server model, redesigning applications is not necessary—a user can have an existing application running on a physical device or in a virtual environment. This approach allows a user to control the deployment and execution of applications, and all that is needed is a trustworthy service provider to host the virtual environment. This is far more practical than verifying a growing number of service providers.

    For mobile applications, the communication cost of migrating a process [4] or a virtual machine [5] can be prohibitively high. To accelerate live migration for mobile applications, Android [6] was used as our case study, and several strategies were developed. First, an innovative coarse-grain application migration mechanism was developed based on application-level state-saving mechanisms available in the Android operating environment. Second, types of application data were further categorized to determine necessity and priority for data synchronization. Section 2 discusses the framework and the virtual environment we propose for enhancing Android applications.

    So that mobile devices and cloud servers can work together seamlessly on one application, the operating environments on the devices need a collaborative mechanism. In our approach towards collaborative computing [7], the operating environment is enhanced to play an active role in scheduling and distributing workloads. To better utilize the heterogeneous resources on mobile devices and on cloud servers, middleware is placed between mobile operating systems and hardware to support run-time workload migration. To ensure portability, supported Application Programming Interfaces (APIs) are extended beyond what is defined by OpenCL [8] for run-time workload migration. System architectures and design of major components are covered in Section 3.

    As we studied the performance and power efficiency of mobile applications in a virtualized environment, we found that energy consumption in virtualized environments can be greatly reduced when power-saving techniques are applied [9]-[11]. Our previous work provides an energy efficient mapping technique for virtual cores [12] and is summarized in Section 4.

2 A Virtual Environment for Android Applications
    In this section, we introduce the framework that allows Android users to offload applications to virtual environments in the cloud. The framework automates the creation of a virtual environment and migrates live Android applications faster than traditional methods. Compared to a conventional scheme, this approach does not require developers to redesign their applications, and several effective techniques are proposed for migrating applications and data over a mobile network. Security and privacy measures are included.

2.1 Related Works
    We researched the process of partitioning applications—which is performed to take advantage of remote execution. Spectra [13] can be used to monitor resource availability and dynamically determine the best remote execution plan for an application. Cyber foraging [14] surrogates can be used to improve performance of interactive applications and distributed file systems on mobile clients. Mobile Assistance Using Infrastructure (MAUI) [15] reduces the amount of programming needed by using a combination of code portability, serialization, reflection, and type safety to automate program partitioning. If the application is not partitioned, process migration and virtual machine migration are two common methods for migrating the execution of a live application across the network. An Internet Suspend/Resume (ISR) system [16] emulates the capabilities of suspend/resume functions in a computer system and migrates the system by storing a snapshot image of a virtual machine in a distributed storage system.

2.2 The Android Smartphone Framework
    This paper introduces a framework for virtualizing Android applications [6]. According to AndroLib [17], by July 2010, there were more than 100,000 Android applications in existance. To optimize smartphone applications, the Android system may kill a process if the system is short of memory. Thus, during its activity lifecycle, an application is designed to save application state data whenever it is switched to the background. When an application receives a request to suspend, its onPause() method is called so that unsaved changes in its state are committed to persistent data and animations or other operations are stopped that may be consuming CPU. When a user gives attention to an activity or a new intent is given, its onResume() method is called. Since the application may be killed by the Android operating environment during suspension, the onResume() method should include instructions to restore the application state before the activity gets ready to receive input from the user.

    Developers are advised to use the pause-resume scheme provided by Android to save application states in the persistent storage so that the application can resume later. Since most Android applications follow this programming paradigm, we leveraged pause-resume to design our own application migration scheme.

2.3 Our Proposed Framework
    In our migration framework (Fig. 1) the following procedures are necessary for creating a virtual environment:

    (1) An agent program is installed: The user installs and runs an agent program that automates the rest of the procedures. The agent also provides an interface and applications for interacting with the virtual environment.

    (2) A delegate system is allocated: The agent allocates a delegate system to host the virtual environment by subscribing to a virtual machine of an Infrastructure as a Service (IaaS) provider. The delegate system may host multiple virtual environments to save operation cost.

    (3) A virtual environment is established: The agent establishes a virtual environment (a virtual phone) on the delegate system to emulate an Android phone. For compatibility, the virtual phone needs to emulate all the details of a physical Android device as much as possible.

    (4) The operating environment is cloned: The agent uses a standard image stored in the delegate system to create a fresh virtual environment. It then copies the applications and data from the physical phone. An exact clone of the operating environment should ensure compatibility for applications that require vendor-specific libraries or system services.

    (5) Applications are migrated: The agent on the physical phone receives commands from the user and communicates with the agent in the virtual environment to control operation of the virtual environment. The user (or the application itself) may request the agent to migrate the application between the two phones.

    (6) Applications and user data are synchronized: The agent programs on both phones collaborate to keep the application packages and user data consistent and coherent on both phones. Since continuous mirroring of files would generate a large amount of network traffic, synchronization policies and protocols are critical.

2.4 Migrating an Application
    Our application migration mechanism leverages the Android framework to minimize the amount of data needed to migrate a live application. An application is paused on one device, state data files (which are saved by the application as it enters the pause state) are sent, and the application is resumed on another device. Because the state data files are usually small, there is low migration overhead.

    The procedure for migrating an application is illustrated in Fig. 2. On the left hand side: (1) The agent sends a signal to the application instructing it to use the onPause function. (2) The application saves its states using the onPause function and (3) informs the agent when the states are saved. (4) The agent reads the states and (5) sends the states to the agent on the other side. Then, on the right-hand side: (6) The agent saves the states and (7) starts the application (or copies the application from the other side if it does not exist). (8) The application resumes by calling the onResume function and (9) resumes the execution after restoring the application state.

2.5 Security and Privacy Measures
    Since a virtual environment may operate in a public cloud, it is important to protect user data with a secure end-to-end communication channel. Choosing a trustworthy IaaS provider is also critical for deploying in a virtual environment. A strong authentication and encryption scheme is needed for secure storage of private keys and for creating a secure channel for exchanging master encryption keys. Communications can occur via a secure Virtual Private Network (VPN) channel. For a stronger level of trust, a Trusted Platform Module (TPM) could be incorporated to enhance security on the server system. A TPM provides hardware mechanisms for storing encryption keys and performs cryptographic operations on sensitive data. To further prevent intrusion from a service provider or attackers, sensitive data in the memory and in storage could be encrypted. Since files are encrypted and hashed, attackers from another virtual machine on the same host or in the middle of the network will find it harder to retrieve and manipulate file contents. TPM could be used to store the master encryption keys and perform encryption procedures to keep the keys safe from intruders.

2.6 Evaluation
    In our experiment, Intel Atom-based system host Android-x86 was used as a virtual environment in the cloud. As shown in Fig. 3, the 1.6 GHz Intel Atom processor was already 4.9 to 6.4 times faster than the 528 MHz ARM processor in the Android phone. The results suggest that virtual environments powered by servers with low-end processors still provide sufficient performance for average applications. Migrating an application using a traditional approach [4] would require transferring the state of the entire environment by taking a snapshot of the memory. Assuming an Android system has 512 MB of memory, it would take more than one hour to transfer the snapshot. With our approach, it would only take milliseconds to transfer the state files saved by Android applications.

3 Automatic Task Scheduling and Offloading in a Virtual Environment
    A mechanism on the application level can be used to migrate workload. This mechanism is a better fit for a run-time environment that supports application level suspension and resuming. At the same time, the workload can also be migrated on a system level. The system has accurate information on available resources such as network connectivity and computation capacity. On the system level, middleware (called hypervisor) located between the operating system and physical hardware is responsible for allocating resources to processes, dispatching processes to allocated resources, and synchronizing computation results between mobile devices and cloud servers.

3.1 System Architecture 
    To support system-level workload migration, OpenCL support can be provided for system software. Fig. 4 illustrates the system architecture for hypervisor with cloud core support. In the architecture, virtual processors (cloud cores) are introduced for the purpose of representing the computation resource on cloud servers.

    There are three major source management components in virtualization layers: Virtual Machine (VM) scheduler, memory manger, and interrupt manger. VM scheduler schedules virtual machines on the platform. There are at least two virtual machines: Application VM (for supporting application services and user interactions) and OpenCL VM (for managing OpenCL workload including the workloads on cloud cores). When it is suitable to execute workload in the cloud core, the corresponding workload will be migrated to the cloud core. Otherwise, the workload is executed on local processors. VM scheduler takes into account available resources worldwide and schedules virtual machines according to QoS requirements. The interrupt manager dispatches interrupts and accepts interrupt requests.  Interrupts that are managed include those for local cores and cloud cores as well as for peripherals. The memory manager allocates memory to virtual machines.

3.2 Virtual Network Devices
    Reliable communication between mobile devices and server is important. Because of the dynamics of wireless networks and communications networks, we designed a probabilistic-guaranteed connection via virtual devices. In our framework, resource management is implemented with virtualization technology because different QoS types can be integrated in the virtualization layer. Different applications have different QoS requirements; for example, audio quality and delay are important to VoIP, while frame rate is important to streaming video. Meeting different QoS requirements is not easy. But different QoS requirements can be integrated if a QoS controlling mechanism is implemented on the virtualization layer. A QoS requirement is a special bandwidth requirement. So all QoS requirements can be managed using a bandwidth management concept. For this reason, the QoS framework is implemented with virtualization technology.

    Fig. 5 illustrates the operation of virtual network devices. The user thread layer provides services to users or manages hardware resources in the system. Threads are programs such as Operating System (OS) and stand-alone programs that provide services to users. The user thread layer includes all user threads. For transmitting, a network bandwidth allocation mechanism is provided according to service bandwidth requirements. In a dynamic network environment, our QoS framework for transmitting provides bandwidth guarantee with probability. For receiving, a resource protection mechanism is provided to set a maximum data receiving size for services. To verify this framework, we conducted some experiments. The results show that for transmitting, the framework guarantees resource allocation with probability, and for receiving, the framework guarantees resource protection. An extra run-time monitoring mechanism was also added for better performance.

    Fig. 6 shows evaluation results of three virtual network devices. Virtual Network Interface Card 1 (VNIC1) has highest priority, requesting 600 kbit/s; VNIC2 has second highest priority, requesting 100 kbit/s; and VNIC3 has the lowest priority, requesting best effort. VNIC1 has the highest probability of transmitting at its requested QoS, and VNIC2 can only transmit at its QoS level when VNIC1 transmits at its QoS level.

    Virtual network devices lay the foundation for reliable communication channels in the proposed framework. When a message needs to be transmitted with high robustness, a virtual network device for low bandwidth and high probability is used.

3.3 Cloud Core
    The cloud core provides a workload migration mechanism between mobile devices and cloud servers. In particular, it migrates workload implemented with OpenCL API. In OpenCL, basic work units are defined by a user-defined function call. In other words, a user can choose to allocate one function call to be executed on a particular processing element. With this definition, the cloud core can migrate one user-defined function to be executed on the cloud server. In this framework, a client-server model is used to migrate workload to cloud servers.

4 Power Saving for Mobile Applications in a Virtual Environment
    Here, we discuss computing resource mapping and the energy relationship between virtual cores and physical cores when there are timing constraints in executing tasks. As opposed to the preceding work, we are interested in Digital Video Server (DVS) implementation issues in virtual cores. Adjusting the operating frequency of a virtual core might result in proper dynamic voltage scaling (or even turning off) of some physical cores and/or might trigger the service adjustment mechanism of a hypervisor to emulate selected virtual cores at their proper speeds. Such an adjustment might violate timing constraints.

    For example, an embedded system has two physical cores both operating at frequency f, where each physical core serves one virtual core in an initial configuration. Suppose the operating frequency of the first virtual core is adjusted to 0.6f and the operating frequency of the second virtual core is adjusted to 0.4f. After the frequency adjustments, the hypervisor might decide to turn off one physical core and to let the two virtual cores share one physical core for energy saving (Fig. 7). Suppose the two virtual cores use the first 6 μs and the last 4 μs respectively for every 10 μs time period over the physical core. This virtual core emulation might result in a deadline violation problem if the second virtual core runs a real-time task with a period of 5 μs and an execution time of 2 μs (at operating frequency f ). There is a problem with emulating virtual cores over physical cores when timing constraints of processes must be satisfied.

    Thus, two major design issues need to be addressed for DVS support of virtual cores: (1) How to model the DVS needs of a virtual core and (2) how to map the application requirements of virtual cores into the DVS settings of physical cores. Modeling the DVS needs of a virtual core should result in a modeled workload for the virtual core. A resource scheduling mechanism can then be proposed so that a hypervisor can schedule the workload execution.

    A virtual core provides an environment for executing tasks in a similar way to a physical core with a user-specified frequency. To allocate proper execution cycles to tasks executed over virtual cores, each virtual core can be served by a Constant Bandwidth Server with Hard-Reservation (CBS-HR) [18],[19]. The CBS is scheduled and is designed to serve soft real-time tasks. It is also designed to serve hard real-time tasks in a system by using the Earliest-Deadline-First (EDF) scheduling algorithm—which always schedules a task with the earliest (absolute) deadline. Because CBS suffers from deadline aging, CBS-HR is an extension that guarantees a fixed execution budget C in every T time units, where C is the maximum budget (in terms of execution cycles) of a CBS-HR server, and T  is the replenish period of a CBS-HR server.

    In our virtualization system, the ith virtual core is modeled according to characteristics of the workload over it and according to three parameters (Ci, Ti, Fi.). Ci is the maximum budget and Ti is the replenish period of the virtual core’s corresponding CBS-HR server. Fi  is the virtual core’s user-set operating frequency. Ci is measured in cycles, Ti  is measured in seconds, and Fi  is measured in MHz. Setting Ci and Ti  of the corresponding CBS-HR server to the maximum value permitted should redress any inequality. While there are some timing issues resulting from the workload over the virtual core, some additional constraints on setting the replenish period and maximum budget are incurred.

    For multimedia applications and batch applications, users might be interested not only in the throughput of the virtual core but also in the response time of a certain workload. While the throughput is reflected by the operating frequency of the virtual core (set by the user), the replenish period of the virtual core affects whether reasonable response time delay is achievable. For example, a virtual core emulated on a physical core can be used to execute a certain workload (Fig. 8, lower), where the gray area is the execution cycles of the workload. Compared with the behavior when the same workload is executed on a physical core with the same emulated frequency (Fig. 8, upper), delay D in response time might be incurred. Therefore, a user of the virtual core might specify a tolerable delay σ that should not be exceeded, where response time delay in the virtual core with frequency Fv is defined as the difference between the response time of executing a workload in the virtual core and that of a physical core with the same frequency Fv, (D in Fig. 8). Let Fp be the frequency of the physical core. According to Fig. 8: 

By substituting X·T forΔ, D becomes

    which is a function of x.

    Since Fv of the virtual core is not greater than Fp of the physical core, D has its maximum value when x approaches 0. That is, D is not greater
than 
Combined with  , D is not

greater than the tolerable response time delay σ.

    While the physical cores have DVS, the hypervisor of a power-aware virtualization system should be able to adjust the frequencies of physical cores for the purpose of saving energy. In our virtualization system, DVS in the physical core is exploited by integrating a DVS scheduling policy with the admission control mechanism. As a result, once our admission control mechanism is triggered, it invokes the DVS scheduling policy if DVS is supported in the physical cores. Given remaining utilization of a physical core, the DVS scheduling policy scales down the operating frequency of the physical core to the lowest available frequency so that remaining utilization is no less than 0. The scheduling policy only asks the admission control mechanism to reject the request if remaining utilization is less than 0, even if the physical core operates at the highest available frequency.

References
[1] P. Chun and B. Maniatis, “Augmented smartphone applications through clone cloud execution,” in Proc. 12th Workshop on Hot Topics in Operating Systems (HotOS XII), Monte Verità, Switzerland, 2009, p. 8.
[2] A. Rudenko, P. Reiher, G. Popek, and G. Kuenning, “Saving portable computer battery power through remote process execution,” SIGMOBILE Mobile Comput. and Commun. Review, vol. 2, pp. 19-26, 1998.
[3]  M. Armbrust, A. Fox, R. Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “Above the clouds: A Berkeley view of cloud computing,” EECS Dept, University of California, Berkeley, Tech. Rep.
UCB/EECS-2009-28, Feb. 2009.
[4] S. Osman, D. Subhraveti, G. Su, and J. Nieh, “The design and implementation of Zap: A system for migrating computing environments,” in Proc.5th Symposium on Operating Systems Design and Implementation, Boston, MA, 2002, pp.361-376.
[5] C. Keir, C. Clark, K. Fraser, S. H, J. G. Hansen, E. Jul, C. Limpach,I. Pratt, and A. Warfield, “Live migration of virtual machines,” in Proc. 2nd
ACM/USENIX Symposium on Networked Systems Design and Implementation, Boston, MA, 2005, pp. 273-286.
[6]  Android Developers. [online]. Available: http://developer.android.com/
[7] R. Kouzes, J. Myers, W. Wulf, “Collaboratories: doing science on the Internet,” IEEE Computer, vol.29, no.8, pp.40-46, Aug. 1996.
[8] J. Stone, D. Gohara, Guochun Shi, “OpenCL: A Parallel Programming Standard for Heterogeneous Computing Systems,” Computing in Science & Engineering, vol.12, no.3, pp.66-73, May-June 2010.
[9] R. Nathuji and K. Schwan, “Virtualpower: coordinated power management in virtualized enterprise systems,” in Proc.21st ACM SIGOPS Symposium on Operating Systems Principles
(SOSP’07), Stevenson, WA, 2007, pp. 265-278.
[10] J. Stoess, C. Lang, and F. Bellosa, “Energy management for hypervisor-based virtual machines,” in Proc. 2007 USENIX Annual Tech. Conf., Santa Clara, CA, pp.1-14.
[11] Y. Wang, X. Wang, M. Chen, and X. Zhu, “Power-efficient response time guarantees for virtualized enterprise servers,” in Proc. 2008 Real-Time Systems Symp. IEEE Comput. Soc., Barcelona, Spain, 2008, pp. 303-312.
[12] Y. C. Lin, C. Y. Yang, C. W. Chang, Y. H. Chang, T. W. Kuo, and C. S. Shih, “Energy-Efficient Mapping Technique for Virtual Cores,” in Proc. Euromicro Conf. on Real-Time Systems, Brussels, Belgium, 2010, pp. 66-75.
[13] J. Flinn, D. Narayanan, and M. Satyanarayanan, “Self-tuned remote execution for pervasive computing,” in Proc. Hot Topics in Operating Systems (HotOS-VIII), Elmau, Germany, 2001, pp. 61-66.
[14] R. Balan, J. Flinn, M. Satyanarayanan, S. Sinnamohideen, and H. I. Yang, “The case for cyber foraging,” in Proc. 10th ACM SIGOPS European Workshop, Sintra, Portugal, 2002, pp. 87-92.
[15] E. Cuervo, A. Balasubramanian, D. ki Cho, A. Wolman, S. Saroiu, R. Chandra, and P. Bahl, “MAUI: Making smartphones last longer with code offload,” in Proc. ACM MobiSys, San Franisco, CA, 2010, pp. 49-62.
[16] M. Satyanarayanan, B. Gilbert, M. Toups, N. Tolia, A. Surie, D. R. O’Hallaron, A. Wolbach, J. Harkes, A. Perrig, D. J. Farber, M. A. Kozuch, C. J. Helfrich, P. Nath, and H. A. Lagar-Cavilla, “Pervasive personal computing in an internet suspend/resume system,” IEEE Internet Comput., vol. 11, no. 2, pp. 16-25, 2007.
[17] “100,000 Android Applications Submitted To Date, AndroLib Claims,” techCrunch web site. [online] Availaible: http://techcrunch.com/2010/07/30/android-market-100000/
[18] A. Mancina, D. Faggioli, G. Lipari, J. N. Herder, B. Gras, and A. S. Tanenbaum, “Enhancing a dependable multiserver operating system with temporal protection via resource reservations,”Real-Time Syst., 2009, vol. 43, no. 2, pp. 177-210.
[19] L. Marzario, G. Lipari, P. Balbastre, and A. Crespo, “Iris: A new reclaiming algorithm for server-based real-time systems,”in Proc. 10th IEEE Real-Time and Embedded Tech. and Applicat. Symp., Toronto, Canada, 2004, pp. 211-218.

Birgrahpies

Shih-Hao Hung (hungsh@csie.ntu.edu.tw) joined the Department of Computer Science and Information Engineering at National Taiwan University as assistant professor in 2005. His research interests include cloud computing, parallel processing, embedded systems, and pervasive applications. He worked for the Performance and Availability Engineering group at Sun Microsystem Inc. in Menlo Park, California (2000-2005) after comple

[Abstract] Smartphones and cloud computing technologies have enabled the development of sophisticated mobile applications. Still, many of these applications do not perform well due to limited computation, data storage, network bandwidth, and battery capacity in a mobile phone. While applications can be redesigned with client-server models to benefit from cloud services, users are no longer in full control of the application. This is also a serious concern. We propose an innovative framework for executing mobile applications in a virtualized cloud environment. With encryption and isolation, this environment is controlled by the user and protected against eavesdropping from cloud providers. We have developed efficient schemes for migrating applications and synchronizing data between execution environments. Performance and power issues within a virtualized execution environment are also addressed using power saving and scheduling techniques that enable automatic, seamless application migration.

[Keywords] smartphone; cloud computing; mobile network; virtualization; collaborative computing; energy-saving; scheduling