![Page 1: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/1.jpg)
Apps Can Quickly Destroy Your Mobile's Flash: Why They Don't, and How to Keep It That Way
Tao Zhang1, Aviad Zuck2, Donald E. Porter1, Dan Tsafrir2,3
1 2 3
![Page 2: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/2.jpg)
SSD Lifespan Nowadays Considered Non-issue
• Flash can only endure a limited write quota
– E.g., 3K rewrites of the entire SSD
2
![Page 3: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/3.jpg)
Mobile Flash Storage: Compact SSD (with Compromises)
3
• Smaller
• More power efficient
• Cost less
eMMC/UFS
• Lower capacity
• Limited hardware
• Worse performance (eMMC)
• Less sophisticated firmware
![Page 4: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/4.jpg)
Write Bandwidth/Capacity Ratio
4
• Smartphones skew toward dangerous bandwidth/capacity ratio
• Easy to issue lifetime’s worth of writes
Intel Pro 7600p 1.6 𝐺𝐵/𝑠
2𝑇𝐵=0.79
Moto G6 117 𝑀𝐵/𝑠
64𝐺𝐵=1.83
![Page 5: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/5.jpg)
• Conventional wisdom: SSD wear-out not a problem
• Our analysis: There is cause for concern1. Dangerous bandwidth/capacity skew
2. Less sophisticated devices
3. App stores are trusted (too much)
4. Users perceive mobile phones as safer (strict permissions, app stores)
• How bad could it be?– Let’s try attacking mobile devices and measure lifespan!
5
![Page 6: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/6.jpg)
Threat Model
• Mobile storage device (eMMC/UFS)
• Long-term warranty (e.g., 2Y)
• Supports synchronous IO
• Code snippet can access storage space by default
– E.g., app with no special privileges
6
![Page 7: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/7.jpg)
Wear-out Attack
• Prototype Android app with less than 1K lines of code
• No special permission needed
• Stealthily rewrite small files in app’s storage space
7
Run as background service
Only run on charging status
Pause workload on screen lit
![Page 8: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/8.jpg)
Phone Wear-out Experiment Results
8
< 14 daysBLU512MB4GB
MotoE 8GB
6 days ~2 weeks
SMG S632GB
8 days
SMG S964GB
22 days
Phones can be worn out in weeks!
![Page 9: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/9.jpg)
• Mobile flash storage can be worn out quickly
9
![Page 10: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/10.jpg)
• Mobile flash storage can be worn-out quickly
10
Why my phone is not dead (yet)?
![Page 11: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/11.jpg)
Mobile App I/O Characterization
• Platform: Samsung S6 32GB
– ~88 TiB estimated lifetime write
– 2Y warranty
• Two usage scenarios
– 27 preloaded apps (camera, etc.) + top 150 free apps from Google Play Store*
– I/O-intensive workloads (FTP server, file copies, backup/restore)
11
…
* 23 apps excluded due to various reasons, details in paper
![Page 12: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/12.jpg)
Initial conclusions
• Most apps don’t consume dangerous levels of write bandwidth
– Most apps are not used most of the time
• Minority of apps are write-intensive
– Lets look more closely at these “troublemakers”
12
![Page 13: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/13.jpg)
Write-heavy Apps/Workloads
13
• Apps issue bursts of I/O
![Page 14: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/14.jpg)
Can apps prematurely wear-out your phone?
14
• Reasonable app usage won’t shorten device lifetime
– Most write-heavy usage scenarios not long-term/frequently used
• Extreme use cases CAN prematurely wear-out phone (but not likely)
1.18 1.51
5.5
7.058.24
9.15
15.25
0
2
4
6
8
10
12
14
16
18
USB Copy Restore (local) FTP Daily Horoscope Camera Final Fantasy Backup (local)
Ho
urs
Daily Usage Threshold (Samsung S6 32GB)
![Page 15: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/15.jpg)
App Background I/O Characterization
15
• Most apps cause little to no background I/O activities
App Avg (MB/s)camera 0.02
dailyhoroscope 0.04finalfantasy 0.67flipagram 0.29fruitninja 0.14playstore 0.02
puzzledom 0.04roblox 0.04
topbuzz-video 0.05idle 0.11
< 1 MB/s
![Page 16: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/16.jpg)
• Mobile flash storage can be worn-out quickly
– Wear-out level evaluation
– Smartphone storage wear-out experiments
• Mobile flash storage is safe with benign apps under reasonable usage
– Reasonable app usage won’t shorten device lifetime
– Most apps cause little to no background I/O activities
– Extreme use cases CAN prematurely wear-out your phone
16
More details in the paper.
![Page 17: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/17.jpg)
• Mobile flash storage can be worn-out quickly
– Wear-out level evaluation
– Smartphone storage wear-out experiments
• Mobile flash storage is safe with benign apps under reasonable usage
– Reasonable length of app usage is not long enough to shorten lifetime
– Most apps cause little to no background I/O activities
– Extreme use cases CAN prematurely wear-out your phone
17
Should we stop worrying about mobile flash lifespan?
![Page 18: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/18.jpg)
OS Wear Management *is* Necessary
• Potential wear-out attack
• User may playing Final Fantasy for more than 9 hours daily
• Buggy app can unintentionally kill your phone as well
18
![Page 19: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/19.jpg)
• Monitor and measure app-specific I/O behavior
– Extend diskstats accordingly
• Per-app I/O rate limiting mechanism
– cgroups v2 (Linux kernel 4.5 or newer)
– Prototype implemented on Samsung S6 (Android 6.0.1) & Linux kernel 3.10.101.
• Let the user choose!
– Prompt user whether to rate-limit suspicious app
OS-level Wear Management
19
![Page 20: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/20.jpg)
Wear Management Policy
• Apps tend to issue bursty I/O
– Allocate write (lifetime) slack quota to accommodate bursts
• Denial-of-Service attack on slack quota
– Quota & threshold with finer granularity (daily)
• Foreground vs. background
– Stricter quota & threshold on background apps (i.e., hourly)
More details in the paper
20
![Page 21: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/21.jpg)
Evaluation (Write-intensive Apps)
21
• Video shooting with camera (foreground)• Bursts are permitted• ~1.2 hours daily usage without intervention
• Google Hangouts receiving messages every 5s (background)
• ~300 KiB/s background workload
Benign apps run with no/minimum disruption
![Page 22: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/22.jpg)
Evaluation (Wear-out attack)
• Malicious wear-out attack in background
• ~80MiB/s maximum throughput
22
Phone protection kicks in within 30s
![Page 23: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/23.jpg)
Conclusion
• Mobile flash storage is still in danger– App with no special perm can doom storage in days/weeks
• App I/O characterization– Mobile flash storage is safe with benign apps under reasonable usage
– Extreme usage scenarios can still prematurely exhaust storage lifespan
• Prototype of flash wear management mechanism– Effectively identify & rate-limit malicious apps
– Little to no disturbance on benign apps and user experience
• Flash storage lifespan as depletable resource needs to be managed– Embedded devices with flash storage (IoT devices, medical devices, etc.)
23
Aviad [email protected]
![Page 24: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/24.jpg)
Backup slides
24
![Page 25: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/25.jpg)
Flash Internals
• Floating gate (flash cell)
– Program (inject electrons)
– Erase (eject electrons)
– Electrons trapped in insulating oxide (worn out)
- - - - - - - - - - - - -
1
L0 VtL1
0
Program
Erase
-- --
25
?
![Page 26: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/26.jpg)
SLC ⇨ MLC ⇨ TLC: Evolution or Degeneration?
• Higher density (lower cost)
• Poorer performance
• Easier to wear-out
– SLC: up to 100K P/E cycles
– MLC: 3K ~ 10K P/E cycles
– TLC: < 1000 P/E cycles
• “…global shipment share of client-grade SSDs using TLC Flash will exceed 75% by in 2017.” [DRAMeXchange]
(Source: EE Times)
26
![Page 27: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/27.jpg)
How to Evaluate Wear-out Level
• Built-in Wear-out Indicators
– eMMC [JESD84-B51] Extended CSD register
– UFS [JESD220C] Device Health Descriptor– Value from 1 to 11
27
Value 1 2 3 4 5 6 7 8 9 10 11
LifeConsumed
0%~
10%
10%~
20%
20%~
30%
30%~
40%
40%~
50%
50%~
60%
60%~
70%
70%~
80%
80%~
90%
90%~
100%
Wornout
![Page 28: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/28.jpg)
eMMC Flash Chips Can Wear-out in Days
28
~8 TiB total write, ~6 days at 20 MiB/s
~23 TiB total write, ~7 days at 40 MiB/s
![Page 29: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/29.jpg)
Can apps prematurely wear-out your phone?
App Avg. Throughput Daily Usage Threshold
USB Copy 29.74 MiB/s 1.18 hours
Restore (local) 23.29 MiB/s 1.51 hours
FTP 6.39 MiB/s 5.50 hours
Daily Horoscope 4.98 MiB/s 7.05 hours
Camera 4.26 MiB/s 8.24 hours
Final Fantasy 3.84 MiB/s 9.15 hours
Backup (local) 2.30 MiB/s 15.25 hours
29
• Most write-heavy usage scenarios are neither long-term operations nor frequently used
• Reasonable length of app usage is not long enough to shorten lifetime
![Page 30: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/30.jpg)
Evaluation (Foreground)
• Video shooting with ~7MiB/s write activity
• ~1.2 hours daily usage without intervention
• May exceed , for short time
30
![Page 31: Apps Can Quickly Destroy Your Mobile's Flash Apps Can... · flipagram 0.29 fruitninja 0.14 playstore 0.02 puzzledom 0.04 roblox 0.04 topbuzz-video 0.05 idle 0.11 < 1 MB/s •Mobile](https://reader033.vdocuments.site/reader033/viewer/2022050513/5f9d36be1928643f09680002/html5/thumbnails/31.jpg)
Evaluation (Background)
• Google Hangouts receiving messages (per 5s) in background
• ~300 KiB/s background workload
31
Benign apps run with no/minimum disruption