secure and portable database extensibility
Download
Skip this Video
Download Presentation
Secure and Portable Database Extensibility

Loading in 2 Seconds...

play fullscreen
1 / 18

Secure and Portable Database Extensibility - PowerPoint PPT Presentation


  • 106 Views
  • Uploaded on

Secure and Portable Database Extensibility. Tobias Mayr Michael Godfrey Praveen Seshadri Thorsten von Eicken Cornell University. Web based OR-DBMS. Web based access Extensible server Functionality in object methods. Client. Connectivity Software. Results. Queries.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Secure and Portable Database Extensibility' - verlee


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
secure and portable database extensibility

Secure and Portable Database Extensibility

Tobias Mayr

Michael Godfrey

Praveen Seshadri

Thorsten von Eicken

Cornell University

SIGMOD'98 -- Cornell Predator Project

web based or dbms
Web based OR-DBMS
  • Web based access
  • Extensible server
  • Functionality in object methods

Client

ConnectivitySoftware

Results

Queries

SELECT S.Company, S.QuoteHistory.WeeklyAvg() FROM Stocks S

OR-DBMSServer

SIGMOD'98 -- Cornell Predator Project

user defined functions
User Defined Functions
  • Portability
  • Security
  • Efficiency ?

SELECT S.companyFROM Stocks SWHERE S.TimeSeries.myAnalysis()>0

Client

ConnectivitySoftware

UploadingMethods

Results

Queries

OR-DBMSServer

SIGMOD'98 -- Cornell Predator Project

portability security
Portability & Security
  • UDF execution environment of the client similar to that of the server
    • Design & Testing on client site
  • Granularity of control:
    • Execution errors
    • Memory access
    • System resources
    • Quality of Service attacks

SIGMOD'98 -- Cornell Predator Project

alternative solutions
Alternative Solutions
  • Client site execution
  • Integrated, native execution
  • Execution in separate process
  • Software Fault Isolation
  • Proof Carrying Code
  • Interpreted languages
  • Safe languages
  • Typed Assembly Language
  • Java Virtual Machine

O/Sbased

Languagebased

SIGMOD'98 -- Cornell Predator Project

integration of the jvm
Client

ConnectivitySoftware

JVM

Browser

Server

JVM

NI

Classloader

Java UDFs

Security Manager

NativeMethods

System Resources

Integration of the JVM
  • Ubiquitous in browsers and with native interfaces
  • Interpreted/Compiled (JIT)

SIGMOD'98 -- Cornell Predator Project

performance components
ExecutionEngine

UDF

Performance Components
  • Invocation
  • Execution
    • Data access
    • Computation
  • Callbacks

SIGMOD'98 -- Cornell Predator Project

callbacks
Large objects are passed by reference

Selective retrieval :

only certain objects

only parts of objects

Argument overheadvs. control switches

Callbacks

UDF

ExecutionEngine

  

SIGMOD'98 -- Cornell Predator Project

comparisons
Comparisons
  • Trusted execution inside server process
  • Execution in separate process
  • Execution on JVM inside server process
  • Platform: PREDATOR on a Sparc20 with 64MB of memory running Solaris 2.6. JVM: JDK 1.1.4 (includes JIT)

SIGMOD'98 -- Cornell Predator Project

experimental setup
Experimental Setup

SELECT UDF(R.ByteArray, NumComps, NumDataAccess, NumCallBacks)

FROM ByteArrays R

  • ByteArrays R: 10000 Tuple, one attribute
  • ByteArray: Array of bytes (size: 1 - 10000)
  • NumComps: Number of executed integer additions
  • NumDataAccess: Number of iterations over ByteArray
  • NumCallBacks: Number of executed callbacks

SIGMOD'98 -- Cornell Predator Project

invocation overhead
Invocation Overhead
  • No data access, computation, or callbacks
  • Control switch cheaper for JVM
  • Costs of argument passing

SIGMOD'98 -- Cornell Predator Project

execution computation
Execution: Computation
  • Argument size 10000 bytes, no data access, no callbacks
  • No significant overhead

SIGMOD'98 -- Cornell Predator Project

execution data access
Execution: Data Access
  • 10000 bytes, no computation, no callbacks
  • High overhead, caused by array bounds checks

SIGMOD'98 -- Cornell Predator Project

callbacks1
Callbacks
  • 10000 bytes, no computation, no data access
  • Cheap control switch with native interface

SIGMOD'98 -- Cornell Predator Project

results
Results
  • Low overheads for invocation, computation, and callbacks
  • Data access overhead  dynamic checks
  • Overheads for UDFs small in context of processing of real queries
  • JVM forms an efficient safe execution environment for OR-DBMS

SIGMOD'98 -- Cornell Predator Project

caveats
Caveats
  • Portability across different JVM versions
  • Off-the-Shelf JVMs cause integration problems
  • Security flaws of the JVM

SIGMOD'98 -- Cornell Predator Project

future work jaguar project
Future Work - Jaguar Project
  • Security
    • Execution environment on server sitewith fine grained system resource control
    • Integration of J-Kernel resource management
  • Portability
    • Execution environment on client siteintegrated with query processing
    • Optimization of client site UDFs

SIGMOD'98 -- Cornell Predator Project

ad