Secure and Portable Database Extensibility Tobias Mayr Michael Godfrey Praveen Seshadri Thorsten von Eicken Cornell University 6/4/98 SIGMOD'98 -- Cornell Predator Project 1 Web based OR-DBMS Client Connectivity Software Results Queries OR-DBMS Server 6/4/98 Web based access Extensible server Functionality in object methods SELECT S.Company, S.QuoteHistory.WeeklyAvg() FROM Stocks S SIGMOD'98 -- Cornell Predator Project 2 User Defined Functions Client SELECT S.company FROM Stocks S WHERE S.TimeSeries.myAnalysis()>0 OR-DBMS Server 6/4/98 Uploading Methods Results Queries Connectivity Software Portability Security Efficiency ? SIGMOD'98 -- Cornell Predator Project 3 Portability & Security UDF execution environment of the client similar to that of the server Design & Testing on client site Granularity of control: Execution errors Memory access System resources Quality of Service attacks 6/4/98 SIGMOD'98 -- Cornell Predator Project 4 Alternative Solutions O/S based Language based 6/4/98 Client site execution Integrated, native execution Execution in separate process Software Fault Isolation Proof Carrying Code Interpreted languages Safe languages Typed Assembly Language Java Virtual Machine SIGMOD'98 -- Cornell Predator Project 5 Integration of the JVM JVM Browser Client Ubiquitous in browsers and with native interfaces Interpreted/Compiled (JIT) Connectivity Software JVM Classloader Security Manager NI Server Java UDFs Native Methods System Resources 6/4/98 SIGMOD'98 -- Cornell Predator Project 6 Performance Components Execution Engine UDF Invocation Execution Data access Computation 6/4/98 Callbacks SIGMOD'98 -- Cornell Predator Project 7 Callbacks Execution Engine UDF Large objects are passed by reference Selective retrieval : only certain objects only parts of objects 6/4/98 Argument overhead vs. control switches SIGMOD'98 -- Cornell Predator Project 8 Comparisons Trusted execution inside server process Execution in separate process Execution on JVM inside server process Platform: PREDATOR on a Sparc20 with 64MB of memory running Solaris 2.6. JVM: JDK 1.1.4 (includes JIT) 6/4/98 SIGMOD'98 -- Cornell Predator Project 9 Experimental Setup SELECT UDF(R.ByteArray, NumComps, NumDataAccess, NumCallBacks) FROM ByteArrays R ByteArrays R: 10000 Tuple, one attribute ByteArray: Array of bytes (size: 1 - 10000) NumComps: Number of executed integer additions NumDataAccess: Number of iterations over ByteArray NumCallBacks: 6/4/98 Number of executed callbacks SIGMOD'98 -- Cornell Predator Project 10 relative time Invocation Overhead 2 Native 1.5 Isolated 1 JVM 0.5 0 1 100 10000 size of ByteArray No data access, computation, or callbacks Control switch cheaper for JVM Costs of argument passing 6/4/98 SIGMOD'98 -- Cornell Predator Project 12 relative time Execution: Computation 2 1.5 Native Isolated 10 100 JVM 1 0.5 0 0 1000 10000 NumComps Argument size 10000 bytes, no data access, no callbacks No significant overhead 6/4/98 SIGMOD'98 -- Cornell Predator Project 15 relative time Execution: Data Access 3 Native 2 Isolated 1 JVM 0 0 1 10 NumDataAccess 100 10000 bytes, no computation, no callbacks High overhead, caused by array bounds checks 6/4/98 SIGMOD'98 -- Cornell Predator Project 18 relative time Callbacks 20 Native Isolated 10 JVM 0 0 1 10 100 Callbacks 10000 bytes, no computation, no data access Cheap control switch with native interface 6/4/98 SIGMOD'98 -- Cornell Predator Project 21 Results Low overheads for invocation, computation, and callbacks Data access overhead dynamic checks Overheads for UDFs small in context of processing of real queries JVM forms an efficient safe execution environment for OR-DBMS 6/4/98 SIGMOD'98 -- Cornell Predator Project 24 Caveats 6/4/98 Portability across different JVM versions Off-the-Shelf JVMs cause integration problems Security flaws of the JVM SIGMOD'98 -- Cornell Predator Project 25 Future Work - Jaguar Project Security Execution environment on server site with fine grained system resource control Integration of J-Kernel resource management Portability Execution environment on client site integrated with query processing Optimization of client site UDFs 6/4/98 SIGMOD'98 -- Cornell Predator Project 26 6/4/98 SIGMOD'98 -- Cornell Predator Project 27