Landon P. Cox

Micro-Blog: sharing and querying content through mobile phones and social participation

Recent years have witnessed the impacts of distributed content sharing (Wikipedia, Blogger), social networks (Facebook, MySpace), sensor networks, and pervasive computing. We believe that significant more impact is latent in the convergence of these ideas on the mobile phone platform. Phones can be envisioned as people-centric sensors capable of aggregating participatory as well as sensory inputs from local surroundings. The inputs can be visualized in different dimensions, such as space and time. When plugged into the Internet, the collaborative inputs from phones may enable a high resolution view of the world. This paper presents the architecture and implementation of one such system, called Micro-Blog. New kinds of application-driven challenges are identified and addressed in the context of this system. Implemented on Nokia N95 mobile phones, Micro-Blog was distributed to volunteers for real life use. Promising feedback suggests that Micro-Blog can be a deployable tool for sharing, browsing, and querying global information.

Pastiche: making backup cheap and easy

Backup is cumbersome and expensive. Individual users almost never back up their data, and backup is a significant cost in large organizations. This paper presents Pastiche, a simple and inexpensive backup system. Pastiche exploits excess disk capacity to perform peer-to-peer backup with no administrative costs. Each node minimizes storage overhead by selecting peers that share a significant amount of data. It is easy for common installations to find suitable peers, and peers with high overlap can be identified with only hundreds of bytes. Pastiche provides mechanisms for confidentiality, integrity, and detection of failed or malicious peers. A Pastiche prototype suffers only 7.4% overhead for a modified Andrew Benchmark, and restore performance is comparable to cross-machine copy.

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

Today’s smartphone operating systems frequently fail to provide users with visibility into how third-party applications collect and share their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid enables realtime analysis by leveraging Android’s virtualized execution environment. TaintDroid incurs only 32p performance overhead on a CPU-bound microbenchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, in our 2010 study we found 20 applications potentially misused users’ private information; so did a similar fraction of the tested applications in our 2012 study. Monitoring the flow of privacy-sensitive data with TaintDroid provides valuable input for smartphone users and security service firms seeking to identify misbehaving applications.

Samsara: honor among thieves in peer-to-peer storage

Peer-to-peer storage systems assume that their users consume resources in proportion to their contribution. Unfortunately, users are unlikely to do this without some enforcement mechanism. Prior solutions to this problem require centralized infrastructure, constraints on data placement, or ongoing administrative costs. All of these run counter to the design philosophy of peer-to-peer systems.Samsara enforces fairness in peer-to-peer storage systems without requiring trusted third parties, symmetric storage relationships, monetary payment, or certified identities. Each peer that requests storage of another must agree to hold a claim in return---a placeholder that accounts for available space. After an exchange, each partner checks the other to ensure faithfulness. Samsara punishes unresponsive nodes probabilistically. Because objects are replicated, nodes with transient failures are unlikely to suffer data loss, unlike those that are dishonest or chronically unavailable. Claim storage overhead can be reduced when necessary by forwarding among chains of nodes, and eliminated when cycles are created. Forwarding chains increase the risk of exposure to failure, but such risk is modest under reasonable assumptions of utilization and simultaneous, persistent failure.

EnLoc: Energy-Efficient Localization for Mobile Phones

A growing number of mobile phone applications utilize physical location to express the context of information. Most of these location-based applications assume GPS capabilities. Unfortunately, GPS incurs an unacceptable energy cost that can reduce the phones battery life to less than nine hours. Alternate localization technologies, based on WiFi or GSM, improve battery life at the expense of localization accuracy. This paper quantifies this important tradeoff that underlies a range of emerging services. Driven by measurements from Nokia N95 phones, we develop an energy-efficient localization framework called EnLoc. The framework characterizes the optimal localization accuracy for a given energy budget, and develops prediction- based heuristics for real-time use. Evaluation on traces from real users demonstrates the possibility of achieving good localization accuracy for a realistic energy budget.

SmokeScreen: flexible privacy controls for presence-sharing

Presence-sharing is an emerging platform for mobile applications, but presence-privacy remains a challenge. Privacy controls must be flexible enough to allow sharing between both trusted social relations and untrusted strangers. In this paper, we present a system called SmokeScreen that provides flexible and power-efficient mechanisms for privacy management. Broadcasting clique signals, which can only be interpreted by other trusted users, enables sharing between social relations; broadcasting opaque identifiers (OIDs), which can only be resolved to an identity by a trusted broker, enables sharing between strangers. Computing these messages is power-efficient since they can be pre-computed with acceptable storage costs. In evaluating these mechanisms we first analyzed traces from an actual presence-sharing application. Four months of traces provide evidence of anonymous snooping, even among trusted users. We have also implemented our mechanisms on two devices and found the power demands of clique signals and OIDs to be reasonable. A mobile phone running our software can operate for several days on a single charge.

LiveCompare: grocery bargain hunting through participatory sensing

Many consumers are misled into paying high prices due to the search costs associated with attaining price information [16]. The popularity of bargain-hunting web sites like Slickdeals.net, which boasts 2.5 million visitors per month, hints that many shoppers are indeed in search of tools to help them save money. We present LiveCompare, a system that leverages the ubiquity of mobile camera phones to allow for grocery bargain hunting through participatory sensing. We utilize two-dimensional barcode decoding to automatically identify grocery products, as well as localization techniques to automatically pinpoint store locations. We show that an incentive scheme is inherently ingrained into our query/response protocol, and we suggest self-regulating mechanisms for preserving data integrity. As a result, we demonstrate that money-saving price comparisons can be conducted among brick and mortar grocery stores without the explicit cooperation of the stores.

Vis-à-Vis: Privacy-preserving online social networking via Virtual Individual Servers

Online social networks (OSNs) are immensely popular, but their centralized control of user data raises important privacy concerns. This paper presents Vis-à-Vis, a decentralized framework for OSNs based on the privacy-preserving notion of a Virtual Individual Server (VIS). A VIS is a personal virtual machine running in a paid compute utility. In Vis-à-Vis, a person stores her data on her own VIS, which arbitrates access to that data by others. VISs self-organize into overlay networks corresponding to social groups. This paper focuses on preserving the privacy of location information. Vis-à-Vis uses distributed location trees to provide efficient and scalable operations for sharing location information within social groups. We have evaluated our Vis-à-Vis prototype using hundreds of virtual machines running in the Amazon EC2 compute utility. Our results demonstrate that Vis-à-Vis represents an attractive complement to todays centralized OSNs.

The Impact of Dynamically Heterogeneous Multicore Processors on Thread Scheduling

Although most current multicore processors are homogeneous, microarchitects are now proposing heterogeneous core implementations, including systems in which heterogeneity is introduced at runtime. This article shows that operating system schedulers must consider dynamic heterogeneity or suffer significant power-efficiency and performance losses.

Virtual individual servers as privacy-preserving proxies for mobile devices

People increasingly generate content on their mobile devices and upload it to third-party services such as Facebook and Google Latitude for sharing and backup purposes. Although these services are convenient and useful, their use has important privacy implications due to their centralized nature and their acquisitions of rights to user-contributed content. This paper argues that peoples interests would be be better served by uploading their data to a machine that they themselves own and control. We term these machines Virtual Individual Servers (VISs) because our preferred instantiation is a virtual machine running in a highly-available utility computing infrastructure. By using VISs, people can better protect their privacy because they retain ownership of their data and remain in control over the software and policies that determine what data is shared with whom. This paper also describes a range of applications of VIS proxies. It then presents our initial implementation and evaluation of one of these applications, a decentralized framework for mobile social services based on VISs. Our experience so far suggests that building such applications on top of the VIS concept is feasible and desirable.