M. Godfrey,T.Mayr, P. Seshadri, and T. von Eicken. Secure and portable database extensibility.In ########### ## ### ### ###### ############# ########## ## ########## ## #### ###########, volume 27,2 of ### ###### ######, pages 390-401, New York, June 1-4 1998. ACM Press.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....The ultimate objective of this work is to enable the creation of execution platforms where anonymous agents, or more general programs, may securely coexist without harming each other, and without harming their environment. Examples of such platforms are user extensible databases [14] or decentralized e commerce and trading systems as e.g. in [16] The desire to deploy this kind of platforms translates into the following requirements: # Suciently abstract concepts, in order to make mapping of policies into implementations more straightforward, and with a view to making ....

M. Godfrey,T.Mayr, P. Seshadri, and T. von Eicken. Secure and portable database extensibility.In ########### ## ### ### ###### ############# ########## ## ########## ## #### ###########, volume 27,2 of ### ###### ######, pages 390-401, New York, June 1-4 1998. ACM Press.

....later, usually when a database user notices incorrect output. One approach to preventing physical corruption is the use of programming language techniques such as type safe languages and sandboxing [82] While the use of the type safe language Java has been increasing in the database community [29], type safe languages have yet to be proven in high performance situations, and sandboxing may perform poorly on certain architectures (see related work in Section 2 for more details) Finally, communication across process domain boundaries to a database server process provides protection, but ....

....different subsets of the virtual segments mapped in that process s address space. Since protection is on the order of multiple pages, the authors suggest that a type safe compiler provide the bulk of protection in the system. Java is increasingly being used for server side stored procedures [29], and Godfrey, Mayr, Seshadri and von Eicken compare the performance of compiled Java to that of C in the context of query processing [29] They determined that when the Java 31 function primarily did computation on its parameters, the speed was comparable to directly linked C functions. ....

[Article contains additional citation context not shown here]

M. Godfrey, T. Mayr, P. Seshadri, and T. von Eicken. Secure and portable database extensibility. In Proc. of ACM-SIGMOD Int'l Conference on Management of Data, Seattle, WA, June 1998.

....of a program. Examples of such principals include modules of a large system, a host and its clients, and, in the extreme, individual functions. Dividing code into such agents is useful for composing programs. Moreover, with the increasing use of extensible systems, such as web browsers, databases [6], and operating systems [7, 3, 2] this notion of principal becomes critical for reasoning about potentially untrusted agents interfacing with host provided code. In this paper, we incorporate the idea of principal into variants of the simply typed calculus. Doing so allows us to formalize ....

Michael Godfrey, Tobias Mayr, Praveen Seshadri, and Thorsten von Eicken. Secure and portable database extensibility. In Proceedings of the 1997.

....These are critical problems since they affect the scalability, ease of use, efficiency and evolution of the system. Nevertheless, we are not aware of any work that has effectively addressed the first issue, and the second one is just beginning to receive more attention from the community [RS97, HKWY97, GMSvE98, MS99]. In order to effectively address these two important issues we have designed and implemented MOCHA (Middleware Based On a Code SHipping Architecture) a novel database middleware system designed to interconnect hundreds of data sources. MOCHA is built around the notion that the middleware for a ....

....of the new types and query operators are collected into libraries which must be installed at each site where a participating integration server, gateway, wrapper or client application resides. This is the scheme followed by Oracle 8i [Ora99] Informix [Inf97] Predator [SLR97] Jaguar [GMSvE98], TSIMMIS [CGMH 94] DISCO [TRV96] and Garlic [RS97] We argue that as the number of sites in the system increases, such an approach becomes impractical because of the complexity and cost incurred in maintaining the software throughout the system. To illustrate this point, consider an Earth ....

[Article contains additional citation context not shown here]

M. Godfrey, T. Mayr, P. Seshadri, and T. von Eicken. Secure and Portable Database Extensibility. In Proc. ACMSIGMOD Conf., pp. 390401, Seattle, WA, USA, 1998.

....forcing us to code around these mechanisms in order to obtain acceptable performance. Some of these latter problems were artifacts of the particular JVM and operating system we used, others are inherent in Java s interfaces. Some of these observations have been noted in other contexts [14] [11], 25] 24] however, we are unaware of any work that collectively presents these ideas in the database systems context, which has its own needs and peculiarities. In addition to identifying these problems, we highlight some of the pleasures of coding with Java. We present our results not as an ....

....wrappers can act maliciously against Telegraph. Unlike in a standard DBMS in which UDFs run in an entirely separate process, Java can dynamically load and eciently sandbox UDFs within the same process to prevent them from executing potentially damaging functions or reading or writing local les [11]. However, it does not prevent UDFs from consuming huge amounts of memory or monopolizing the CPU. As discussed in [9] the proper solution to this problem is to build resource tracking and enforcement mechanisms into the JVM. Until such mechanisms are widely available, claims that Java s ....

[Article contains additional citation context not shown here]

M. Godfrey, T. Mayr, P. Seshadri, and T. von Eicken. Secure and Portable Database Extensibility. SIGMOD

....FENCED to execute it in an own process. In this way, the internal structures of the database system are protected, but denial of service attacks are still possible. Only recently, with the development of Java as a secure programming language, some new considerations have been taken into account. [10] have compared the e#ciency of several designs using the PREDATOR database server, namely the naive approach of putting user defined functions directly into the server process, running them in a separate process and communicating with the server process via shared memory, and accessing Java ....

M. Godfrey, T. Mayr, P. Seshadri, and T. v. Eicken. Secure and Portable Database Extensibility. In Proc. of the ACM SIGMOD Conf. on Management of Data, pages 390--401, Seattle, WA, USA, June 1998.

....functions that are accessible but are not based on Web forms, may need modi cations in order to address the hand shaking 3 issue. Modi cations required in functions written in some languages can be extremely simple and trivial, such as in C. It was identi ed in a di erent but similar context in [9] that there are three principal ways in which (remote) user de ned functions can be exploited. The UDF runs at the server site and within the server process. The UDF runs at the server site in a process isolated from the server. The UDF runs at the client site. The Jaguar project ....

....two is reasonable given security and eciency concerns. In the second choice, however, signi cant cost may be incurred every time a process leaves its process boundary. On the other hand, serious security risks exist in the third choice when active components of UDFs enter a client site process [9]. A further drawback is the eciency and the latency in call invocations as now the server will have to ship data and function arguments to the client site for processing, often in tuple at a time basis. The concept of remote user de ned functions that we introduce here is a combination of choices ....

[Article contains additional citation context not shown here]

Michael Godfrey, Tobias Mayr, Praveen Seshadri, and Thorsten von Eicken. Secure and portable database extensibility. In Laura M. Haas and Ashutosh Tiwary, editors, SIGMOD 1998, Proceedings ACM SIGMOD International Conference on Management of Data, June 2-4, 1998, Seattle, Washington, USA, pages 390{ 401. ACM Press, 1998.

....The ultimate objective of this work is to enable the creation of execution platforms where anonymous mobile objects, or more general programs, may securely coexist without harming each other, and without harming their environment. Examples of such platforms are user extensible databases [16] or decentralized e commerce and trading systems as e.g. in [18] Java Applet execution platforms World Wide Web browsers as well as embedded Java devices also need such guarantees. The desire to deploy this kind of platforms translates into the following requirements: Accounting of ....

M. Godfrey, T. Mayr, P. Seshadri, and T. von Eicken. Secure and portable database extensibility. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD-98), volume 27,2 of ACM SIGMOD Record, pages 390--401, New York, USA, June 1--4 1998. ACM Press.

....application code. 2 To address these problems, researchers have proposed several ideas to better utilize client and server resources. The hybrid shipping model [11, 25] allows a relational processing system to execute portions of an access plan on a client site. User defined functions (UDFs) [13, 26] have been proposed to allow users to extend an RDBMS with procedural code that can execute either at the server or at the client. Code shipping solutions have been proposed [29, 28] to allow optimizers to choose the best execution site for client application code. Related work in the area of ....

....in the server s process, but this leaves the server open to security and safety holes. The alternative of running native code in another process on the same computer as the server is also employed, also at the cost of run time e#ciency. The use of Java as the source language has been proposed [13] as one alternative that could be used to provide limited safety with acceptable performance. The use of Java also promotes better portability, since access 11 to the RDBMS can be accomplished through a standardized API based on JDBC. Java UDFs can be developed and tested on client machines ....

[Article contains additional citation context not shown here]

Michael Godfrey, Tobias Mayr, Praveen Seshadri, and Thorsten von Eicken. Secure and portable database extensibility. In Laura M. Haas and Ashutosh Tiwary, editors, Proc. ACM SIGMOD Conference, pages 390--401, Seattle, Washington, USA, 2--4 June 1998. ACM Press.

....though, ObjectGlobe does not enforce a particular business model like Mariposa. Extensibility has been studied in a number of database projects; e.g. Postgres [SR86] Starburst [HCL 90] or more recently in Predator [SLR97] The safe execution of external functions has been studied in [GMSvE98] but the scope of that work is too limited for our context. Of course, we have also learned from recent projects in the design of query processors for distributed and heterogeneous data (so called mediators) e.g. Garlic [C 95] TSIMMIS [PGGMU95] DISCO [TRV98] Tukwila [IFF 99] or the ....

M. Godfrey, T. Mayr, P. Seshadri, and T. v. Eicken. Secure and portable database extensibility. In Proc. of the ACM SIGMOD Conf. on Management of Data, pages 390 401, Seattle, WA, USA, June 1998.

....[38] even though, ObjectGlobe does not enforce a particular business model like Mariposa. Extensibility has been studied in a number of database projects; e.g. Postgres [39] Starburst [19] or more recently in Predator [36] The safe execution of external functions has been studied in [14], but the scope of that work is too limited for our context. There has also been a large body of related work on the integration of services in open distributed object systems. The most prominent examples are Jini [42] and CORBA [28] A related lookup service is HP s Chai (Plug Play) system ....

M. Godfrey, T. Mayr, P. Seshadri, and T. v. Eicken. Secure and portable database extensibility. In Proc. of the ACM SIGMOD Conf. on Management of Data, pages 390--401, Seattle, WA, USA, June 1998.

....even though, ObjectGlobe does not enforce a particular business model like Mariposa. Extensibility has been studied in a number of database projects; e.g. Postgres [SR86] Starburst [HCL 90] or more recently in Predator [SLR97] The safe execution of external functions has been studied in [GMSvE98] but the scope of that work is too limited for our context. There has also been a large body of related work on the integration of services in open distributed object systems. The most prominent examples are Jini [Wal99] and CORBA [MZ95] A related lookup service is HP s Chai (Plug Play) ....

M. Godfrey, T. Mayr, P. Seshadri, and T. v. Eicken. Secure and portable database extensibility. In SIGMOD

....though, ObjectGlobe does not enforce a particular business model like Mariposa. Extensibility has been studied in a number of database projects; e.g. Postgres [SR86] Starburst [HCL 90] or more recently in Predator [SLR97] The safe execution of external functions has been studied in [GMSvE98] but the scope of that work is too limited for our context. Of course, we have also learned from recent projects in the design of query processors for distributed and heterogeneous data (so called mediators) e.g. Garlic [C 95] TSIMMIS [PGGMU95] DISCO [TRV98] Tukwila [IFF 99] or the ....

M. Godfrey, T. Mayr, P. Seshadri, and T. v. Eicken. Secure and portable database extensibility. In Proc. of the ACM SIGMOD Conf. on Management of Data, pages 390--401, Seattle, WA, USA, June 1998.

....are critical problems since they affect the scalability, ease of use, efficiency and evolution of the system. Nevertheless, we are not aware of any work that has effectively addressed the first issue, and the second one is just beginning to receive more attention from the community [RS97, HKWY97, GMSvE98, MS99] In order to effectively address these two important issues we have designed and implemented MOCHA (Middleware Based On a Code SHipping Architecture) a novel database middleware system designed to interconnect hundreds of data sources. MOCHA is built around the notion that the middleware ....

....of the new types and query operators are collected into libraries which must be installed at each site where a participating integration server, gateway, wrapper or client application resides. This is the scheme followed by Oracle 8i [Ora99] Informix [Inf97] Predator [SLR97] Jaguar [GMSvE98] TSIMMIS [CGMH 94] DISCO [TRV96] and Garlic [RS97] We argue that as the number of sites in the system increases, such an approach becomes impractical because of the complexity and cost incurred in maintaining the software throughout the system. To illustrate this point, consider an Earth ....

[Article contains additional citation context not shown here]

M. Godfrey, T. Mayr, P. Seshadri, and T. von Eicken. Secure and Portable Database Extensibility. In Proc. ACMSIGMOD Conf., pp. 390--401, Seattle, WA, USA, 1998.

....are critical problems since they affect the scalability, ease of use, efficiency and evolution of the system. Nevertheless, we are not aware of any work that has effectively addressed the first issue, and the second one is just beginning to receive more attention from the community [RS97, HKWY97, GMSvE98, MS99] In order to effectively address these two important issues we have designed and implemented MOCHA (Middleware Based On a Code SHipping Architecture) RMR98a, RMR98b] a novel database middleware system designed to interconnect hundreds of data sources. MOCHA is built around the notion ....

....of the new types and query operators are collected into libraries which must be installed at each site where a participating integration server, gateway, wrapper or client application resides. This is the scheme followed by Oracle 8i [Ora99] Informix [Inf97] Predator [SLR97] Jaguar [GMSvE98] TSIMMIS [CGMH 94] DISCO [TRV96] and Garlic [RS97] We argue that as the number of sites in the system increases, such an approach becomes impractical because of the complexity and cost involved in maintaining the software throughout the entire system. To illustrate this point, consider an ....

[Article contains additional citation context not shown here]

M. Godfrey, T. Mayr, P. Seshadri, and T. von Eicken. Secure and portable database extensibility. In Proc. ACM SIGMOD Conference, pages 390--401, Seattle, Washington, USA, 1998.

....bad, typically there needs to be several levels of them and a way to force clients to use up only as much resources as purchased. The second motivating example is the technology of extensible database servers. The functionality of such systems can be augmented by user defined functions (UDFs) [14]. For example, consider a database of stock market data that is accessible through a Web site. A potential user is any investor with a Web browser, a credit card, and an investment formula InvestVal. The following SQL query would then find technology stocks of interest to the user: SELECT FROM ....

....It should be possible (and relatively straightforward) for a large number of such users in a Web environment to create their own UDFs and use them within queries. The motivation for facilitating such database extensions is the next generation of database systems that will be deployed over the Web [14]. In such applications, a large number of physically distributed end users working on diverse platforms interact with the database through their Web browsers. Because of the large size and diversity of the user community, the utility of UDFs increases. Java is ideally suited for the implementation ....

[Article contains additional citation context not shown here]

Godfrey, M , Mayr, T, Seshadri P, and von Eicken, T. Secure and Portable Database Extensibility. Proc. ACM SIGMOD International Conference on Management of Data, SIGMOD Record, vol 27, Issue 2, June 1998.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC