Secure%20and%20Portable%20Database%20Extensibility

1
Secure and Portable Database Extensibility

• Tobias Mayr
• Michael Godfrey
• Praveen Seshadri
• Thorsten von Eicken
• Cornell University

2
Web based OR-DBMS

• Web based access
• Extensible server
• Functionality in object methods

Client
ConnectivitySoftware
Results
Queries
SELECT S.Company, S.QuoteHistory.WeeklyAvg()
FROM Stocks S
OR-DBMSServer
3
User Defined Functions

• Portability
• Security
• Efficiency ?

SELECT S.companyFROM Stocks SWHERE
S.TimeSeries.myAnalysis()gt0
Client
ConnectivitySoftware
UploadingMethods
Results
Queries
OR-DBMSServer
4
Portability Security

• UDF execution environment of the client similar
  to that of the server
• Design Testing on client site
• Granularity of control
• Execution errors
• Memory access
• System resources
• Quality of Service attacks

5
Alternative Solutions

• Client site execution
• Integrated, native execution
• Execution in separate process
• Software Fault Isolation
• Proof Carrying Code
• Interpreted languages
• Safe languages
• Typed Assembly Language
• Java Virtual Machine

O/Sbased
Languagebased
6
Integration of the JVM

• Ubiquitous in browsers and with native
  interfaces
• Interpreted/Compiled (JIT)

7
Performance Components

• Invocation
• Execution
• Data access
• Computation
• Callbacks

8
Callbacks

• Large objects are passed by reference
• Selective retrieval
• only certain objects
• only parts of objects
• Argument overheadvs. control switches

UDF
ExecutionEngine
? ? ?
9
Comparisons

• Trusted execution inside server process
• Execution in separate process
• Execution on JVM inside server process
• Platform PREDATOR on a Sparc20 with 64MB of
  memory running Solaris 2.6. JVM JDK 1.1.4
  (includes JIT)

10
Experimental Setup

• SELECT UDF(R.ByteArray, NumComps, NumDataAccess,
  NumCallBacks)
• FROM ByteArrays R

• ByteArrays R 10000 Tuple, one attribute
• ByteArray Array of bytes (size 1 - 10000)
• NumComps Number of executed integer additions
• NumDataAccess Number of iterations over
  ByteArray
• NumCallBacks Number of executed callbacks

11
Calibration
12
Invocation Overhead

• No data access, computation, or callbacks
• Control switch cheaper for JVM
• Costs of argument passing

13
Invocation Overhead, absolute
14
Invocation Overhead, relative
15
Execution Computation

• Argument size 10000 bytes, no data access, no
  callbacks
• No significant overhead

16
Computation, absolute
17
Computation, relative
18
Execution Data Access

• 10000 bytes, no computation, no callbacks
• High overhead, caused by array bounds checks

19
Data Access, absolute
20
Data Access, relative
21
Callbacks

• 10000 bytes, no computation, no data access
• Cheap control switch with native interface

22
Callbacks, absolute
23
Callbacks, relative
24
Results

• Low overheads for invocation, computation, and
  callbacks
• Data access overhead ? dynamic checks
• Overheads for UDFs small in context of processing
  of real queries
• JVM forms an efficient safe execution environmen
  t for OR-DBMS

25
Caveats

• Portability across different JVM versions
• Off-the-Shelf JVMs cause integration problems
• Security flaws of the JVM

26
Future Work - Jaguar Project

• Security
• Execution environment on server sitewith fine
  grained system resource control
• Integration of J-Kernel resource management
• Portability
• Execution environment on client siteintegrated
  with query processing
• Optimization of client site UDFs

27
(No Transcript)