180 likes | 312 Vues
Secure and Portable Database Extensibility. Tobias Mayr Michael Godfrey Praveen Seshadri Thorsten von Eicken Cornell University. Web based OR-DBMS. Web based access Extensible server Functionality in object methods. Client. Connectivity Software. Results. Queries.
E N D
Secure and Portable Database Extensibility Tobias Mayr Michael Godfrey Praveen Seshadri Thorsten von Eicken Cornell University SIGMOD'98 -- Cornell Predator Project
Web based OR-DBMS • Web based access • Extensible server • Functionality in object methods Client ConnectivitySoftware Results Queries SELECT S.Company, S.QuoteHistory.WeeklyAvg() FROM Stocks S OR-DBMSServer SIGMOD'98 -- Cornell Predator Project
User Defined Functions • Portability • Security • Efficiency ? SELECT S.companyFROM Stocks SWHERE S.TimeSeries.myAnalysis()>0 Client ConnectivitySoftware UploadingMethods Results Queries OR-DBMSServer SIGMOD'98 -- Cornell Predator Project
Portability & Security • UDF execution environment of the client similar to that of the server • Design & Testing on client site • Granularity of control: • Execution errors • Memory access • System resources • Quality of Service attacks SIGMOD'98 -- Cornell Predator Project
Alternative Solutions • Client site execution • Integrated, native execution • Execution in separate process • Software Fault Isolation • Proof Carrying Code • Interpreted languages • Safe languages • Typed Assembly Language • Java Virtual Machine O/Sbased Languagebased SIGMOD'98 -- Cornell Predator Project
Client ConnectivitySoftware JVM Browser Server JVM NI Classloader Java UDFs Security Manager NativeMethods System Resources Integration of the JVM • Ubiquitous in browsers and with native interfaces • Interpreted/Compiled (JIT) SIGMOD'98 -- Cornell Predator Project
ExecutionEngine UDF Performance Components • Invocation • Execution • Data access • Computation • Callbacks SIGMOD'98 -- Cornell Predator Project
Large objects are passed by reference Selective retrieval : only certain objects only parts of objects Argument overheadvs. control switches Callbacks UDF ExecutionEngine SIGMOD'98 -- Cornell Predator Project
Comparisons • Trusted execution inside server process • Execution in separate process • Execution on JVM inside server process • Platform: PREDATOR on a Sparc20 with 64MB of memory running Solaris 2.6. JVM: JDK 1.1.4 (includes JIT) SIGMOD'98 -- Cornell Predator Project
Experimental Setup SELECT UDF(R.ByteArray, NumComps, NumDataAccess, NumCallBacks) FROM ByteArrays R • ByteArrays R: 10000 Tuple, one attribute • ByteArray: Array of bytes (size: 1 - 10000) • NumComps: Number of executed integer additions • NumDataAccess: Number of iterations over ByteArray • NumCallBacks: Number of executed callbacks SIGMOD'98 -- Cornell Predator Project
Invocation Overhead • No data access, computation, or callbacks • Control switch cheaper for JVM • Costs of argument passing SIGMOD'98 -- Cornell Predator Project
Execution: Computation • Argument size 10000 bytes, no data access, no callbacks • No significant overhead SIGMOD'98 -- Cornell Predator Project
Execution: Data Access • 10000 bytes, no computation, no callbacks • High overhead, caused by array bounds checks SIGMOD'98 -- Cornell Predator Project
Callbacks • 10000 bytes, no computation, no data access • Cheap control switch with native interface SIGMOD'98 -- Cornell Predator Project
Results • Low overheads for invocation, computation, and callbacks • Data access overhead dynamic checks • Overheads for UDFs small in context of processing of real queries • JVM forms an efficient safe execution environment for OR-DBMS SIGMOD'98 -- Cornell Predator Project
Caveats • Portability across different JVM versions • Off-the-Shelf JVMs cause integration problems • Security flaws of the JVM SIGMOD'98 -- Cornell Predator Project
Future Work - Jaguar Project • Security • Execution environment on server sitewith fine grained system resource control • Integration of J-Kernel resource management • Portability • Execution environment on client siteintegrated with query processing • Optimization of client site UDFs SIGMOD'98 -- Cornell Predator Project