SEI Insights

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Application Virtualization for Cloudlet-Based Cyber-Foraging at the Edge

Posted on by in

Soldiers and emergency workers who carry smartphones in the battlefield, or into disaster recovery sites (such as Boston following the marathon bombing earlier this year) often encounter environments characterized by high mobility, rapidly-changing mission requirements, limited computing resources, high levels of stress, and limited network connectivity. At the SEI, we refer to these situations as "edge environments." Along with my colleagues in the SEI's Advanced Mobile Systems Initiative, my research aims to increase the computing power of mobile devices in edge environments where resources are scarce. One area of my work has focused on leveraging cloud computing so users can extend the capabilities of their mobile devices by offloading expensive computations to more powerful computing resources in a cloud. Some drawbacks to offloading computation to the cloud in resource-constrained environments remain, however, including latency (which can be exacerbated by the distance between mobile devices and clouds) and limited internet access (which makes traditional cloud computing unfeasible). This blog post is the latest in a seriesthat describes research aimed at exploring the applicability of application virtualization as a strategy for cyber-foraging in resource-constrained environments.

Cloudlet-Based Cyber Foraging

Cyber-foraging is a technique for dynamically augmenting the computing resources of resource-limited mobile devices by opportunistically exploiting a fixed computing infrastructure nearby. This technique allows mobile users to offload computationally-expensive processing (such as face recognition, language translation, speech and image recognition) from a mobile device onto more powerful servers, thereby preserving device battery power and enabling more powerful cloud-based computing. These capabilities are valuable for soldiers or emergency workers who often operate in situations where these resource-intensive applications must be deployed reliably and quickly.

Our research focuses on cloudlet-based cyber foraging. Cloudlets, a concept created by Mahadev Satyanarayanan "Satya" of Carnegie Mellon University's School of Computer Science, are discoverable, generic, stateless servers located in single-hop proximity of mobile devices. Cloudlets can operate in disconnected mode, which means that communication with the central core is only needed for provisioning. They are also virtual-machine (VM) based, which means that they promote flexibility and mobility, a perfect match for edge environments. My previous work in this field focused on cloudlets provisioned using VM synthesis, which was described in the SEI technical note Cloud Computing at the Tactical Edge.

When we first began using cloudlets for edge applications, we realized we would need to make changes to the provisioning process them so they would functional efficiently and effectively in resource-constrained environments. Satya first proposed using virtual machine (VM) synthesis to provision cloudlets. During VM synthesis, a file called an "application overlay" is transferred during runtime from the mobile device to the cloudlet. This application overlay is built offline and corresponds to the binary difference between a base VM and that VM after the server portion of an application is installed. After the VM overlay has been transferred, it is applied to the base VM. The result is a complete VM that is running the server portion of the application that is executed from a client running on a mobile device.

As you can imagine, VM synthesis involves large application overlay files, which can be costly to transfer in terms of battery and network bandwidth consumption in mobile and edge environments. As an alternative, we started looking at application virtualization as a possible solution to this problem.

Application Virtualization

Application virtualization uses a similar approach to operating system (OS) virtualization, which tricks the software into interacting with a virtual rather than the actual environment. While OS virtualization emulates the hardware for a guest OS, application virtualization emulates OS functionality for an application. To accomplish this emulation, a runtime component intercepts all system calls from an application and redirects these to resources inside the virtualized application.

As we described in our technical report, Application Virtualization as a Strategy for Cyber Foraging in Resource-Constrained Environments, the combination of cloudlets and application virtualization allowed us to support the following design goals:

  • Simplicity. Cloudlets should be set up quickly and conveniently. Preparing an application for deployment on a cloudlet should not involve extensive manual overhead, and cloudlet discovery should not require action from the user. Similarly, offloading the application to the cloudlet must be intuitive and simple.
  • Generality. Packaged applications should be loosely coupled to the operating system so that they can run on multiple cloudlets. This loose coupling enables regular updates and upgrades to the operating system that runs virtual applications without breaking functionality. Applications that are not too deeply integrated into the operating system or too specific to special hardware should be eligible for offloading to the cloudlet.
  • Speed. The time from when the user selects an application to when it is ready for execution--which includes code offload time--should be reasonably small. The user must be able to track the deployment progress via messages from the cloudlet.

Our approach to application virtualization with cloudlets accomplishes these goals because it does not require any code modifications and provides a high degree of application portability. Application virtualization tools generate smaller files since they package only those dependencies that are necessary for portability. Our experiments (reported in our technical note) showed that a virtualized application is approximately five times smaller than its application overlay equivalent. Smaller file sizes also lead to smaller application-ready times, defined as the time between the start of the transfer of the virtualized application to the cloudlet and the time that the application is ready for execution on the cloudlet


The two main components of our implementation are the mobile device and the cloudlet host. The cloudlet host serves as a machine that lends its resources to the mobile device.

In our implementation, all devices are connected to the same subnet within a wireless network. The cloudlet host runs a hypervisor to host multiple VMs, which provide a selection of various operating systems and versions.

The two main architectural components of our implementation are

  • The mobile device. We developed on Android 4.1, which supports multicast and is required for the discovery mechanism. All the elements of the cyber-foraging-ready application are stored on the mobile device including the application client, the application metadata, and the application package that contains the application server.
  • The cloudlet host. This component comprises a multicast-supporting machine that runs the VM hypervisor.
  • At the SEI, we used two tools to create and execute the virtualized applications for both Linux and Windows systems.
  • Code, Data, and Environment (CDE) is an application virtualization tool for Linux developed by Philip J. Guo and Dawson Engler. CDE allows for virtualizing applications by monitoring their execution. Through the ptrace system call, the supervising CDE program finds files that have been accessed during execution and packages them. The resulting package also contains the environment settings and the CDE runtime environment, which executes the application.
  • Cameyo, an application virtualizer for Windows, packages the application and its dependencies into one single, executable file. Unlike CDE, which monitors execution, Cameyo monitors the installation process and offers two mechanisms for accomplishing the virtualization. The first mechanism involves taking a snapshot of the system, installing the application, taking another snapshot, and then computing the dependencies and modified registry keys in the difference between the two snapshots. Instead of snapshots, the second mechanism simulates the installation process, tracking all of the installer's actions. This simulated installation does not have any permanent effect on the system.

Benefits and Drawbacks of Our Approach

Application virtualization has an advantage over VM synthesis in terms of its performance while deployed. We relied on two metrics to evaluate our approach: deployment time and energy consumption. These two metrics are related because the greater the amount of data transmitted, the greater amounts of battery power required. One benefit of application virtualization is significantly smaller file sizes, the result of packaging just the application and not calculating a binary difference between virtual machine images. Another benefit of application virtualization is the loose coupling between an application and its required cloudlet environment.

We did realize some drawbacks of our approach. Application virtualization is not suitable for every type of environment. For example, device drivers interact with the hardware directly and cannot be virtualized. It is also hard to virtualize software that interacts with OS internals, such as antivirus programs.

Application virtualization also requires careful dependency management to ensure that an application operates correctly on a cloudlet. If all dependencies are not included in the virtualized application then it will not work. Moreover, missing dependencies must be added manually, which is tedious and error-prone.

Future Work in Advanced Mobile Systems

Our Advanced Mobile Systems Initiative is building a portfolio of capabilities and options for use by soldiers and emergency workers who operate in various environments with different quality attribute requirements. Cyber-foraging is one of three areas that we are investigating and our body of work on support for resource-constrained environments is growing. The other two areas of work in the SEI's Advanced Mobile Systems Initiative are

  • group-context-aware mobile applications in which groups of mobile devices share contextual information so that teams and their mobile devices can make better decisions regarding resource consumption These types of applications also give users a better understanding of environmental factors and the activities being performed by the group based on information gathered by sensors on the mobile device or connected to the mobile device.
  • user-configured situational awareness mashups that allow soldiers and emergency workers to filter and combine geo-located data such as DoD situational awareness SA feeds and public data sources into a single map-based user interface.

In developing this cyber-foraging strategy, I collaborated with Dominik Messenger, a student from the Karlsruhe Institute of Technology (KIT) in Germany. He came to CMU last year via the InterACT exchange program. His advisor at KIT contacted me and said that he was very interested in our research. This research and the resulting technical report were part of his diploma thesis.
We look forward to your feedback on our work in the comments section below.

Additional Resources

To view the SEI technical note, Application Virtualiation as a Strategy for Cyber Foraging in Resource-Constrained Environments, please visit

To read the SEI technical note, Cloud Computing at the Tactical Edge, please visit

For more information on the SEI's research in the field of pervasive mobile computing, please visit

To read the paper, The Case for VM-Based Cloudlets in Mobile Computing, please visit

About the Author

Grace Lewis

Contact Grace Lewis
Visit the SEI Digital Library for other publications by Grace
View other blog posts by Grace Lewis



We welcome comments with a wide range of opinions and views. To keep the conversation focused on topic, we reserve the right to moderate comments.

Add a Comment


Type the characters you see in the picture above.