Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Secure and Portable Database Extensibility Tobias Mayr

advertisement 
Secure and
Portable Database
Extensibility
Tobias Mayr
Michael Godfrey
Praveen Seshadri
Thorsten von Eicken
Cornell University
6/4/98
SIGMOD'98 -- Cornell Predator Project
1
Web based OR-DBMS
Client

Connectivity
Software

Results
Queries

OR-DBMS
Server
6/4/98
Web based access
Extensible server
Functionality in
object methods
SELECT S.Company,
S.QuoteHistory.WeeklyAvg()
FROM Stocks S
SIGMOD'98 -- Cornell Predator Project
2
User Defined Functions
Client
SELECT S.company
FROM Stocks S
WHERE
S.TimeSeries.myAnalysis()>0
OR-DBMS
Server
6/4/98
Uploading
Methods
Results
Queries
Connectivity
Software
 Portability
 Security
 Efficiency
?
SIGMOD'98 -- Cornell Predator Project
3
Portability & Security

UDF execution environment of the
client similar to that of the server
 Design

& Testing on client site
Granularity of control:
 Execution
errors
 Memory access
 System resources
 Quality of Service attacks
6/4/98
SIGMOD'98 -- Cornell Predator Project
4
Alternative Solutions


O/S
based



Language
based




6/4/98
Client site execution
Integrated, native execution
Execution in separate process
Software Fault Isolation
Proof Carrying Code
Interpreted languages
Safe languages
Typed Assembly Language
Java Virtual Machine
SIGMOD'98 -- Cornell Predator Project
5
Integration of the JVM
JVM
Browser
Client
Ubiquitous in browsers
and with native interfaces
 Interpreted/Compiled (JIT)

Connectivity
Software
JVM
Classloader
Security
Manager
NI
Server
Java UDFs
Native
Methods
System Resources
6/4/98
SIGMOD'98 -- Cornell Predator Project
6
Performance Components
Execution
Engine
UDF

Invocation

Execution
 Data
access
 Computation

6/4/98
Callbacks
SIGMOD'98 -- Cornell Predator Project
7
Callbacks

Execution
Engine

UDF


Large objects are
passed by reference
Selective retrieval :
only certain objects
 only parts of objects



6/4/98
Argument overhead
vs. control switches
SIGMOD'98 -- Cornell Predator Project
8
Comparisons



Trusted execution inside server process
Execution in separate process
Execution on JVM inside server process
 Platform: PREDATOR on a Sparc20 with
64MB of memory running Solaris 2.6.
JVM: JDK 1.1.4 (includes JIT)
6/4/98
SIGMOD'98 -- Cornell Predator Project
9
Experimental Setup
SELECT UDF(R.ByteArray, NumComps,
NumDataAccess, NumCallBacks)
FROM ByteArrays R

ByteArrays R:
10000 Tuple, one attribute

ByteArray:
Array of bytes (size: 1 - 10000)

NumComps:
Number of executed integer additions

NumDataAccess: Number of iterations over ByteArray

NumCallBacks:
6/4/98
Number of executed callbacks
SIGMOD'98 -- Cornell Predator Project
10
relative time
Invocation Overhead
2
Native
1.5
Isolated
1
JVM
0.5
0
1
100
10000
size of ByteArray
No data access, computation, or callbacks
 Control switch cheaper for JVM
 Costs of argument passing

6/4/98
SIGMOD'98 -- Cornell Predator Project
12
relative time
Execution: Computation
2
1.5
Native
Isolated
10
100
JVM
1
0.5
0
0
1000
10000
NumComps
Argument size 10000 bytes, no data access,
no callbacks
 No significant overhead

6/4/98
SIGMOD'98 -- Cornell Predator Project
15
relative time
Execution: Data Access
3
Native
2
Isolated
1
JVM
0
0
1
10
NumDataAccess
100
10000 bytes, no computation, no callbacks
 High overhead, caused by array bounds checks

6/4/98
SIGMOD'98 -- Cornell Predator Project
18
relative time
Callbacks
20
Native
Isolated
10
JVM
0
0
1
10
100
Callbacks
10000 bytes, no computation, no data access
 Cheap control switch with native interface

6/4/98
SIGMOD'98 -- Cornell Predator Project
21
Results



Low overheads for invocation, computation, and
callbacks
Data access overhead  dynamic checks
Overheads for UDFs small in context of
processing of real queries
 JVM forms an efficient safe execution
environment for OR-DBMS
6/4/98
SIGMOD'98 -- Cornell Predator Project
24
Caveats



6/4/98
Portability across different
JVM versions
Off-the-Shelf JVMs cause
integration problems
Security flaws of the JVM
SIGMOD'98 -- Cornell Predator Project
25
Future Work - Jaguar Project

Security
 Execution
environment on server site
with fine grained system resource control
 Integration of J-Kernel resource management

Portability
 Execution
environment on client site
integrated with query processing
 Optimization of client site UDFs
6/4/98
SIGMOD'98 -- Cornell Predator Project
26
6/4/98
SIGMOD'98 -- Cornell Predator Project
27
Related documents
community losing population-
community losing population-
S14 Seminar Announcement Robert Crosnoe Schools, Peers, and Teenagers’ Paths to College
S14 Seminar Announcement Robert Crosnoe Schools, Peers, and Teenagers’ Paths to College
Download
advertisement