33 research outputs found
Decentralized information flow control for databases
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Cataloged from student-submitted PDF version of thesis.Includes bibliographical references (p. 177-194).Privacy and integrity concerns have been mounting in recent years as sensitive data such as medical records, social network records, and corporate and government secrets are increasingly being stored in online systems. The rate of high-profile breaches has illustrated that current techniques are inadequate for protecting sensitive information. Many of these breaches involve databases that handle information for a multitude of individuals, but databases don't provide practical tools to protect those individuals from each other, so that task is relegated to the application. This dissertation describes a system that improves security in a principled way by extending the database system and the application platform to support information flow control. Information flow control has been gaining traction as a practical way to protect information in the contexts of programming languages and operating systems. Recent research advocates the decentralized model for information flow control (DIFC), since it provides the necessary expressiveness to protect data for many individuals with varied security concerns.However, despite the fact that most applications implicated in breaches rely on relational databases, there have been no prior comprehensive attempts to extend DIFC to a database system. This dissertation introduces IFDB, which is a database management system that supports DIFC with minimal overhead. IFDB pioneers the Query by Label model, which provides applications with a simple way to delineate constraints on the confidentiality and integrity of the data they obtain from the database. This dissertation also defines new abstractions for managing information flows in a database and proposes new ways to address covert channels. Finally, the IFDB implementation and case studies with real applications demonstrate that database support for DIFC improves security, is easy for developers to use, and has good performance.by David Andrew Schultz.Ph.D
A Survey of Traditional and Practical Concurrency Control in Relational Database Management Systems
Traditionally, database theory has focused on concepts such as atomicity and serializability, asserting that concurrent transaction management must enable correctness above all else. Textbooks and academic journals detail a vision of unbounded rationality, where reduced throughput because of concurrency protocols is not of tremendous concern. This thesis seeks to survey the traditional basis for concurrency in relational database management systems and contrast that with actual practice. SQL-92, the current standard for concurrency in relational database management systems has defined isolation, or
allowable concurrency levels, and these are examined. Some ways in which DB2, a popular database, interprets these levels and finesses extra concurrency through performance enhancement are detailed. SQL-92 standardizes de facto relational database management systems features. Given this and a superabundance of articles in professional journals detailing steps for fine-tuning transaction concurrency, the expansion of performance tuning seems bright, even at the expense of serializabilty.
Are the practical changes wrought by non-academic professionals killing traditional database concurrency ideals? Not really. Reasoned changes for performance gains advocate compromise, using complex concurrency controls when necessary for the job at hand and relaxing standards otherwise. The idea of relational database management systems is only twenty years old, and standards are still evolving. Is there still an interplay between tradition and practice? Of course. Current practice uses tradition pragmatically, not idealistically. Academic ideas help drive the systems available for use, and perhaps current practice now will help academic ideas define concurrency control concepts for relational database management systems
An Introduction to Database Systems
This textbook introduces the basic concepts of database systems. These concepts are presented through numerous examples in modeling and design. The material in this book is geared to an introductory course in database systems offered at the junior or senior level of Computer Science. It could also be used in a first year graduate course in database systems, focusing on a selection of the advanced topics in the latter chapters
Partial replication in the database state machine
Tese de Doutoramento em Informática - Ramo do Conhecimento em Tecnologias da ProgramaçãoEnterprise information systems are nowadays commonly structured as multi-tier
architectures and invariably built on top of database management systems responsible
for the storage and provision of the entire business data. Database management
systems therefore play a vital role in today’s organizations, from their reliability
and availability directly depends the overall system dependability.
Replication is a well known technique to improve dependability. By maintaining
consistent replicas of a database one can increase its fault tolerance and simultaneously
improve system’s performance by splitting the workload among the
replicas.
In this thesis we address these issues by exploiting the partial replication of databases.
We target large scale systems where replicas are distributed across wide
area networks aiming at both fault tolerance and fast local access to data. In particular,
we envision information systems of multinational organizations presenting
strong access locality in which fully replicated data should be kept to a minimum
and a judicious placement of replicas should be able to allow the full recovery of
any site in case of failure.
Our research departs from work on database replication algorithms based on group
communication protocols, in detail, multi-master certification-based protocols. At
the core of these protocols resides a total order multicast primitive responsible for
establishing a total order of transaction execution.
A well known performance optimization in local area networks exploits the fact
that often the definitive total order of messages closely following the spontaneous
network order, thus making it possible to optimistically proceed in parallel with
the ordering protocol. Unfortunately, this optimization is invalidated in wide area
networks, precisely when the increased latency would make it more useful. To
overcome this we present a novel total order protocol with optimistic delivery for
wide area networks. Our protocol uses local statistic estimates to independently
order messages closely matching the definitive one thus allowing optimistic execution
in real wide area networks.
Handling partial replication within a certification based protocol is also particularly
challenging as it directly impacts the certification procedure itself. Depending
on the approach, the added complexity may actually defeat the purpose
of partial replication. We devise, implement and evaluate two variations of the
Database State Machine protocol discussing their benefits and adequacy with the
workload of the standard TPC-C benchmark.Os sistemas de informação empresariais actuais estruturam-se normalmente em
arquitecturas de software multi-nível, e apoiam-se invariavelmente sobre um sistema
de gestão de bases de dados para o armazenamento e aprovisionamento de
todos os dados do negócio. A base de dado desempenha assim um papel vital,
sendo a confiabilidade do sistema directamente dependente da sua fiabilidade e
disponibilidade.
A replicação é uma das formas de melhorar a confiabilidade. Garantindo a coerência
de um conjunto de réplicas da base de dados, é possível aumentar simultaneamente
a sua tolerância a faltas e o seu desempenho, ao distribuir as tarefas a
realizar pelas várias réplicas não sobrecarregando apenas uma delas.
Nesta tese, propomos soluções para estes problemas utilizando a replicação parcial
das bases de dados. Nos sistemas considerados, as réplicas encontram-se
distribuídas numa rede de larga escala, almejando-se simultaneamente obter tolerância
a faltas e garantir um acesso local rápido aos dados. Os sistemas propostos
têm como objectivo adequarem-se às exigências dos sistemas de informação de
multinacionais em que em cada réplica existe uma elevada localidade dos dados
acedidos. Nestes sistemas, os dados replicados em todas as réplicas devem ser
apenas os absolutamente indispensáveis, e a selecção criteriosa dos dados a colocar
em cada réplica, deve permitir em caso de falha a reconstrução completa da
base de dados.
Esta investigação tem como ponto de partida os protocolos de replicação de bases
de dados utilizando comunicação em grupo, em particular os baseados em certificação
e execução optimista por parte de qualquer uma das réplicas. O mecanismo
fundamental deste tipo de protocolos de replicação é a primitiva de difusão
com garantia de ordem total, utilizada para definir a ordem de execução das
transacções.
Uma optimização normalmente utilizada pelos protocolos de ordenação total é a
utilização da ordenação espontânea da rede como indicador da ordem das mensagens,
e usar esta ordem espontânea para processar de forma optimista as mensagens
em paralelo com a sua ordenação. Infelizmente, em redes de larga escala
a espontaneidade de rede é praticamente residual, inviabilizando a utilização
desta optimização precisamente no cenário em que a sua utilização seria mais
vantajosa. Para contrariar esta adversidade propomos um novo protocolo de ordenação
total com entrega optimista para redes de larga escala. Este protocolo
utiliza informação estatística local a cada processo para "produzir" uma ordem
espontânea muito mais coincidente com a ordem total obtida viabilizando a utilização
deste tipo de optimizações em redes de larga escala. Permitir que protocolos de replicação de bases de dados baseados em certificação
suportem replicação parcial coloca vários desafios que afectam directamente a
forma com é executado o procedimento de certificação. Dependendo da abordagem
à replicação parcial, a complexidade gerada pode até comprometer os
propósitos da replicação parcial. Esta tese concebe, implementa e avalia duas variantes
do protocolo da database state machine com suporte para replicação parcial,
analisando os benefícios e adequação da replicação parcial ao teste padronizado
de desempenho de bases de dados, o TPC-C.Fundação para a Ciência e a Tecnologia (FCT) - ESCADA (POSI/CHS/33792/2000)
Recommended from our members
A client-centric approach to transactional datastores
Modern applications must collect and store massive amounts of data. Cloud storage offers these applications simplicity: the abstraction of a failure-free, perfectly scalable black-box. While appealing, offloading data to the cloud is not without its challenges. These cloud storage systems often favour weaker levels of isolation and consistency. These weaker guarantees introduce behaviours that, without care, can break application logic. Offloading data to an untrusted third party like the cloud also raises questions of security and privacy. This thesis seeks to improve the performance, the semantics and the security of transactional cloud storage systems. It centers around a simple idea: defining consistency guarantees from the perspective of the applications that observe these guarantees, rather than from the perspective of the systems that implement them. This new perspective brings forth several benefits. First, it offers simpler and cleaner definitions of weak isolation and consistency guarantees. Second, it enables scalable implementations of existing guarantees like causal consistency. Finally, it has applications to security: it allows us to efficienctly augment transactional cloud storage systems with obliviousness guaranteesComputer Science
IDEAS-1997-2021-Final-Programs
This document records the final program for each of the 26 meetings of the International Database and Engineering Application Symposium from 1997 through 2021. These meetings were organized in various locations on three continents. Most of the papers published during these years are in the digital libraries of IEEE(1997-2007) or ACM(2008-2021)