6/4/98 SIGMOD'98 -- Cornell Predator Project
1
Secure and Portable Database Extensibility
Tobias Mayr
Michael Godfrey Praveen Seshadri Thorsten von Eicken
Cornell University
6/4/98 SIGMOD'98 -- Cornell Predator Project
2
Web based OR-DBMS
Web based access Extensible server Functionality in
object methods
Client
OR-DBMSServer
Qu
eri
es R
esu
lts
ConnectivitySoftware
SELECT S.Company, S.QuoteHistory.WeeklyAvg()
FROM Stocks S
6/4/98 SIGMOD'98 -- Cornell Predator Project
3
User Defined Functions
Portability Security Efficiency ?
Client
OR-DBMSServer
Qu
eri
es R
esu
lts
ConnectivitySoftware
Uplo
adin
gM
eth
ods
SELECT S.companyFROM Stocks SWHERE S.TimeSeries.myAnalysis()>0
6/4/98 SIGMOD'98 -- Cornell Predator Project
4
Portability & Security UDF execution environment of the
client similar to that of the server Design & Testing on client site
Granularity of control: Execution errors Memory access System resources Quality of Service attacks
6/4/98 SIGMOD'98 -- Cornell Predator Project
5
Alternative Solutions Client site execution Integrated, native execution Execution in separate process Software Fault Isolation Proof Carrying Code Interpreted languages Safe languages Typed Assembly Language Java Virtual Machine
Languagebased
O/Sbased
6/4/98 SIGMOD'98 -- Cornell Predator Project
6
Integration of the JVM Ubiquitous in browsers and with native interfaces Interpreted/Compiled (JIT)
Client
ConnectivitySoftware
Bro
wse
r
JVM
Classloader
Security Manager
JVM
NI Server
System Resources
Java UDFs
NativeMethods
6/4/98 SIGMOD'98 -- Cornell Predator Project
7
Performance Components Invocation Execution
Data access
Computation
Callbacks
ExecutionEngine
UDF
6/4/98 SIGMOD'98 -- Cornell Predator Project
8
Large objects are passed by reference
Selective retrieval : only certain objects only parts of objects
Argument overheadvs. control switches
Callbacks
ExecutionEngine
UDF
6/4/98 SIGMOD'98 -- Cornell Predator Project
9
Comparisons Trusted execution inside server process Execution in separate process Execution on JVM inside server process
Platform: PREDATOR on a Sparc20 with 64MB of memory running Solaris 2.6. JVM: JDK 1.1.4 (includes JIT)
6/4/98 SIGMOD'98 -- Cornell Predator Project
10
Experimental SetupSELECT UDF(R.ByteArray, NumComps,
NumDataAccess, NumCallBacks)FROM ByteArrays R
ByteArrays R: 10000 Tuple, one attribute
ByteArray: Array of bytes (size: 1 - 10000)
NumComps: Number of executed integer additions
NumDataAccess: Number of iterations over ByteArray
NumCallBacks: Number of executed callbacks
6/4/98 SIGMOD'98 -- Cornell Predator Project
12
Invocation Overhead
0
0.5
1
1.5
2
1 100 10000
size of ByteArray
rela
tive
tim
eNative
Isolated
J VM
No data access, computation, or callbacks Control switch cheaper for JVM Costs of argument passing
6/4/98 SIGMOD'98 -- Cornell Predator Project
15
Execution: Computation
0
0.5
1
1.5
2
0 10 100 1000 10000
NumComps
rela
tive
tim
e Native Isolated J VM
Argument size 10000 bytes, no data access, no callbacks
No significant overhead
6/4/98 SIGMOD'98 -- Cornell Predator Project
18
Execution: Data Access
0
1
2
3
0 1 10 100NumDataAccess
rela
tive
tim
e
Native
Isolated
J VM
10000 bytes, no computation, no callbacks High overhead, caused by array bounds checks
6/4/98 SIGMOD'98 -- Cornell Predator Project
21
Callbacks
0
10
20
0 1 10 100
Callbacks
rela
tive tim
e
Native
Isolated
J VM
10000 bytes, no computation, no data access Cheap control switch with native interface
6/4/98 SIGMOD'98 -- Cornell Predator Project
24
Results
Low overheads for invocation, computation, and callbacks
Data access overhead dynamic checks Overheads for UDFs small in context of
processing of real queries
JVM forms an efficient safe executionenvironment for OR-DBMS
6/4/98 SIGMOD'98 -- Cornell Predator Project
25
Caveats
Portability across different JVM versions
Off-the-Shelf JVMs cause integration problems
Security flaws of the JVM
6/4/98 SIGMOD'98 -- Cornell Predator Project
26
Future Work - Jaguar Project
Security Execution environment on server site
with fine grained system resource control Integration of J-Kernel resource
management Portability
Execution environment on client siteintegrated with query processing
Optimization of client site UDFs
6/4/98 SIGMOD'98 -- Cornell Predator Project
27