Secure and Portable Database Extensibility

6/4/98 SIGMOD'98 -- Cornell Predator Project

1

Secure and Portable Database Extensibility

Tobias Mayr

Michael Godfrey Praveen Seshadri Thorsten von Eicken

Cornell University


2

Web based OR-DBMS

Web based access Extensible server Functionality in

object methods

Client

OR-DBMSServer

Qu

eri

es R

esu

lts

ConnectivitySoftware

SELECT S.Company, S.QuoteHistory.WeeklyAvg()

FROM Stocks S


3

User Defined Functions

Portability Security Efficiency ?

Client

OR-DBMSServer

Qu

eri

es R

esu

lts


Uplo

adin

gM

eth

ods

SELECT S.companyFROM Stocks SWHERE S.TimeSeries.myAnalysis()>0


4

Portability & Security UDF execution environment of the

client similar to that of the server Design & Testing on client site

Granularity of control: Execution errors Memory access System resources Quality of Service attacks


5

Alternative Solutions Client site execution Integrated, native execution Execution in separate process Software Fault Isolation Proof Carrying Code Interpreted languages Safe languages Typed Assembly Language Java Virtual Machine

Languagebased

O/Sbased


6

Integration of the JVM Ubiquitous in browsers and with native interfaces Interpreted/Compiled (JIT)

Client


Bro

wse

r

JVM

Classloader

Security Manager

JVM

NI Server

System Resources

Java UDFs

NativeMethods


7

Performance Components Invocation Execution

Data access

Computation

Callbacks

ExecutionEngine

UDF


8

Large objects are passed by reference

Selective retrieval : only certain objects only parts of objects

Argument overheadvs. control switches

Callbacks

ExecutionEngine

UDF


9

Comparisons Trusted execution inside server process Execution in separate process Execution on JVM inside server process

Platform: PREDATOR on a Sparc20 with 64MB of memory running Solaris 2.6. JVM: JDK 1.1.4 (includes JIT)


10

Experimental SetupSELECT UDF(R.ByteArray, NumComps,

NumDataAccess, NumCallBacks)FROM ByteArrays R

ByteArrays R: 10000 Tuple, one attribute

ByteArray: Array of bytes (size: 1 - 10000)

NumComps: Number of executed integer additions

NumDataAccess: Number of iterations over ByteArray

NumCallBacks: Number of executed callbacks


12

Invocation Overhead

0

0.5

1

1.5

2

1 100 10000

size of ByteArray

rela

tive

tim

eNative

Isolated

J VM

No data access, computation, or callbacks Control switch cheaper for JVM Costs of argument passing


15

Execution: Computation

0

0.5

1

1.5

2

0 10 100 1000 10000

NumComps

rela

tive

tim

e Native Isolated J VM

Argument size 10000 bytes, no data access, no callbacks

No significant overhead


18

Execution: Data Access

0

1

2

3

0 1 10 100NumDataAccess

rela

tive

tim

e

Native

Isolated

J VM

10000 bytes, no computation, no callbacks High overhead, caused by array bounds checks


21

Callbacks

0

10

20

0 1 10 100

Callbacks

rela

tive tim

e

Native

Isolated

J VM

10000 bytes, no computation, no data access Cheap control switch with native interface


24

Results

Low overheads for invocation, computation, and callbacks

Data access overhead dynamic checks Overheads for UDFs small in context of

processing of real queries

JVM forms an efficient safe executionenvironment for OR-DBMS


25

Caveats

Portability across different JVM versions

Off-the-Shelf JVMs cause integration problems

Security flaws of the JVM


26

Future Work - Jaguar Project

Security Execution environment on server site

with fine grained system resource control Integration of J-Kernel resource

management Portability

Execution environment on client siteintegrated with query processing

Optimization of client site UDFs


27

Date post:	16-Jan-2016
Category:	Documents
Upload:	verlee
View:	49 times
Download:	0 times

Secure and Portable Database Extensibility

Documents