Sandia builds massive Android network to study security, more

Government scientists have built a network of hundreds of thousands of simulated Android mobile devices that could be used for building better security on the most popular mobile devices.

By early spring 2013, the Sandia National Laboratories in California plans to make software tools available to private and government organizations that want to build their own environment for studying the behaviors of smartphone networks.

Sandia scientists have built a network of as many as 300,000 virtual handheld computing devices, but say the technology can scale up to run on supercomputer-class machines, or scale down to a workstation.

What the researchers have done is link together instances of generic Android, each running on a separate virtual machine. The network, which runs on racks of off-the-shelf, x86 desktops, can be built up into a realistic computing environment that includes a full domain name service (DNS), an Internet relay chat (IRC) server, a web server and multiple subnets.

A key component of MegaDroid is an imitation Global Positioning System (GPS) that includes simulated data of a smartphone user in an urban environment. Since Wi-Fi and Bluetooth capabilities depend on GPS data, the feature is important for studying how the two communication features could be used by cybercriminals to steal data.

Researchers also could run malware on any of the simulated devices to see how it would behave within the network.

"If you have something you're capable of running on an Android device, be it malware, an application or whatever, this platform could test it for you," Keith Vanderveen, manager of Sandia's Scalable and Secure Systems Research department, said.

Android is the favorite mobile platform of cybercriminals. Reasons include the platform's large user base and the fact that any organization can set up an app market. In August, Android accounted for almost 53% of the smartphone market, comScore said.

Besides malware, Megadroid has a much broader use. Because it can scale to the size of real-life cellular networks, it is expected to be valuable in finding ways to limit damage from network disruptions due to glitches in software or protocols, natural disasters or acts of terrorism.

[In depth: Which smartphone is most secure?]

In addition, the platform would be useful in studying methods for preventing unauthorized data from leaving a device, a major concern for corporations and the departments of Defense and Homeland Security.

MegaDroid will be released as an open-source project, so other researchers can modify the technology to fit their needs. While Android was chosen for the initial platform, the technology could be used in testing Apple's iOS devices.

"The platform is really designed to be flexible," David Fritz, a Sandia researcher, said.

MegaDroid is an offshoot of simulation platforms built for studying large-scale networks of Windows and Linux computers. Over the last three years, Sandia has spent a total of $3.5 million on the various projects.

The laboratory is open to working with academia and private industry on the MegaDroid project. In the 1990s, Sandia helped advise the President's Commission of Critical Infrastructure Protection, which led to its current focus on network security.Ã'Â

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts