Secure and Portable Database Extensibility Tobias Mayr

advertisement
Secure and
Portable Database
Extensibility
Tobias Mayr
Michael Godfrey
Praveen Seshadri
Thorsten von Eicken
Cornell University
6/4/98
SIGMOD'98 -- Cornell Predator Project
1
Web based OR-DBMS
Client

Connectivity
Software

Results
Queries

OR-DBMS
Server
6/4/98
Web based access
Extensible server
Functionality in
object methods
SELECT S.Company,
S.QuoteHistory.WeeklyAvg()
FROM Stocks S
SIGMOD'98 -- Cornell Predator Project
2
User Defined Functions
Client
SELECT S.company
FROM Stocks S
WHERE
S.TimeSeries.myAnalysis()>0
OR-DBMS
Server
6/4/98
Uploading
Methods
Results
Queries
Connectivity
Software
 Portability
 Security
 Efficiency
?
SIGMOD'98 -- Cornell Predator Project
3
Portability & Security

UDF execution environment of the
client similar to that of the server
 Design

& Testing on client site
Granularity of control:
 Execution
errors
 Memory access
 System resources
 Quality of Service attacks
6/4/98
SIGMOD'98 -- Cornell Predator Project
4
Alternative Solutions


O/S
based



Language
based




6/4/98
Client site execution
Integrated, native execution
Execution in separate process
Software Fault Isolation
Proof Carrying Code
Interpreted languages
Safe languages
Typed Assembly Language
Java Virtual Machine
SIGMOD'98 -- Cornell Predator Project
5
Integration of the JVM
JVM
Browser
Client
Ubiquitous in browsers
and with native interfaces
 Interpreted/Compiled (JIT)

Connectivity
Software
JVM
Classloader
Security
Manager
NI
Server
Java UDFs
Native
Methods
System Resources
6/4/98
SIGMOD'98 -- Cornell Predator Project
6
Performance Components
Execution
Engine
UDF

Invocation

Execution
 Data
access
 Computation

6/4/98
Callbacks
SIGMOD'98 -- Cornell Predator Project
7
Callbacks

Execution
Engine

UDF


Large objects are
passed by reference
Selective retrieval :
only certain objects
 only parts of objects



6/4/98
Argument overhead
vs. control switches
SIGMOD'98 -- Cornell Predator Project
8
Comparisons



Trusted execution inside server process
Execution in separate process
Execution on JVM inside server process
 Platform: PREDATOR on a Sparc20 with
64MB of memory running Solaris 2.6.
JVM: JDK 1.1.4 (includes JIT)
6/4/98
SIGMOD'98 -- Cornell Predator Project
9
Experimental Setup
SELECT UDF(R.ByteArray, NumComps,
NumDataAccess, NumCallBacks)
FROM ByteArrays R

ByteArrays R:
10000 Tuple, one attribute

ByteArray:
Array of bytes (size: 1 - 10000)

NumComps:
Number of executed integer additions

NumDataAccess: Number of iterations over ByteArray

NumCallBacks:
6/4/98
Number of executed callbacks
SIGMOD'98 -- Cornell Predator Project
10
relative time
Invocation Overhead
2
Native
1.5
Isolated
1
JVM
0.5
0
1
100
10000
size of ByteArray
No data access, computation, or callbacks
 Control switch cheaper for JVM
 Costs of argument passing

6/4/98
SIGMOD'98 -- Cornell Predator Project
12
relative time
Execution: Computation
2
1.5
Native
Isolated
10
100
JVM
1
0.5
0
0
1000
10000
NumComps
Argument size 10000 bytes, no data access,
no callbacks
 No significant overhead

6/4/98
SIGMOD'98 -- Cornell Predator Project
15
relative time
Execution: Data Access
3
Native
2
Isolated
1
JVM
0
0
1
10
NumDataAccess
100
10000 bytes, no computation, no callbacks
 High overhead, caused by array bounds checks

6/4/98
SIGMOD'98 -- Cornell Predator Project
18
relative time
Callbacks
20
Native
Isolated
10
JVM
0
0
1
10
100
Callbacks
10000 bytes, no computation, no data access
 Cheap control switch with native interface

6/4/98
SIGMOD'98 -- Cornell Predator Project
21
Results



Low overheads for invocation, computation, and
callbacks
Data access overhead  dynamic checks
Overheads for UDFs small in context of
processing of real queries
 JVM forms an efficient safe execution
environment for OR-DBMS
6/4/98
SIGMOD'98 -- Cornell Predator Project
24
Caveats



6/4/98
Portability across different
JVM versions
Off-the-Shelf JVMs cause
integration problems
Security flaws of the JVM
SIGMOD'98 -- Cornell Predator Project
25
Future Work - Jaguar Project

Security
 Execution
environment on server site
with fine grained system resource control
 Integration of J-Kernel resource management

Portability
 Execution
environment on client site
integrated with query processing
 Optimization of client site UDFs
6/4/98
SIGMOD'98 -- Cornell Predator Project
26
6/4/98
SIGMOD'98 -- Cornell Predator Project
27
Download