Secure and Portable Database Extensibility: Secure and Portable Database Extensibility Tobias Mayr Michael Godfrey Praveen Seshadri Thorsten von Eicken Cornell University


Web based OR-DBMS: Web based OR-DBMS Web based access Extensible server Functionality in object methods Client OR-DBMS Server Queries Results Connectivity Software SELECT S.Company, S.QuoteHistory.WeeklyAvg() FROM Stocks S


User Defined Functions: User Defined Functions Portability Security Efficiency ? Client OR-DBMS Server Queries Results Connectivity Software Uploading Methods SELECT S.company FROM Stocks S WHERE S.TimeSeries.myAnalysis()>0


Portability & Security: Portability & Security UDF execution environment of the client similar to that of the server Design & Testing on client site Granularity of control: Execution errors Memory access System resources Quality of Service attacks


Alternative Solutions: Alternative Solutions Client site execution Integrated, native execution Execution in separate process Software Fault Isolation Proof Carrying Code Interpreted languages Safe languages Typed Assembly Language Java Virtual Machine Language based O/S based


Integration of the JVM: Integration of the JVM Ubiquitous in browsers and with native interfaces Interpreted/Compiled (JIT)


Performance Components: Performance Components Invocation Execution Data access Computation Callbacks


Callbacks: Large objects are passed by reference Selective retrieval : only certain objects only parts of objects Argument overhead vs. control switches Callbacks Execution Engine UDF   


Comparisons: Comparisons Trusted execution inside server process Execution in separate process Execution on JVM inside server process Platform: PREDATOR on a Sparc20 with 64MB of memory running Solaris 2.6. JVM: JDK 1.1.4 (includes JIT)


Experimental Setup: Experimental Setup SELECT UDF(R.ByteArray, NumComps, NumDataAccess, NumCallBacks) FROM ByteArrays R ByteArrays R: 10000 Tuple, one attribute ByteArray: Array of bytes (size: 1 - 10000) NumComps: Number of executed integer additions NumDataAccess: Number of iterations over ByteArray NumCallBacks: Number of executed callbacks


Calibration: Calibration


Invocation Overhead: Invocation Overhead No data access, computation, or callbacks Control switch cheaper for JVM Costs of argument passing


Invocation Overhead, absolute: Invocation Overhead, absolute


Invocation Overhead, relative: Invocation Overhead, relative


Execution: Computation: Execution: Computation Argument size 10000 bytes, no data access, no callbacks No significant overhead


Computation, absolute: Computation, absolute


Computation, relative: Computation, relative


Execution: Data Access: Execution: Data Access 10000 bytes, no computation, no callbacks High overhead, caused by array bounds checks


Data Access, absolute: Data Access, absolute


Data Access, relative: Data Access, relative


Callbacks: Callbacks 10000 bytes, no computation, no data access Cheap control switch with native interface


Callbacks, absolute: Callbacks, absolute


Callbacks, relative: Callbacks, relative


Results: Results Low overheads for invocation, computation, and callbacks Data access overhead  dynamic checks Overheads for UDFs small in context of processing of real queries JVM forms an efficient safe execution environment for OR-DBMS


Caveats: Caveats Portability across different JVM versions Off-the-Shelf JVMs cause integration problems Security flaws of the JVM


Future Work - Jaguar Project: Future Work - Jaguar Project Security Execution environment on server site with fine grained system resource control Integration of J-Kernel resource management Portability Execution environment on client site integrated with query processing Optimization of client site UDFs