A Flexible Framework For Implementing Multi-Nested Software Transaction Memory

Programming with locks is very difficult in multi-threaded programmes. Concurrency control of access to shared data limits scalable locking strategies otherwise provided for in software transaction memory. This work addresses the subject of creating dependable software in the face of eminent failures. In the past, programmers who used lock-based synchronization to implement concurrent access to shared data had to grapple with problems with conventional locking techniques such as deadlocks, convoying, and priority inversion. This paper proposes another advanced feature for Dynamic Software Transactional Memory intended to extend the concepts of transaction processing to provide a nesting mechanism and efficient lock-free synchronization, recoverability and restorability. In addition, the code for implementation has also been researched, coded, tested, and implemented to achieve the desired objectives

Improving the Performance and Endurance of Persistent Memory with Loose-Ordering Consistency

Persistent memory provides high-performance data persistence at main memory. Memory writes need to be performed in strict order to satisfy storage consistency requirements and enable correct recovery from system crashes. Unfortunately, adhering to such a strict order significantly degrades system performance and persistent memory endurance. This paper introduces a new mechanism, Loose-Ordering Consistency (LOC), that satisfies the ordering requirements at significantly lower performance and endurance loss. LOC consists of two key techniques. First, Eager Commit eliminates the need to perform a persistent commit record write within a transaction. We do so by ensuring that we can determine the status of all committed transactions during recovery by storing necessary metadata information statically with blocks of data written to memory. Second, Speculative Persistence relaxes the write ordering between transactions by allowing writes to be speculatively written to persistent memory. A speculative write is made visible to software only after its associated transaction commits. To enable this, our mechanism supports the tracking of committed transaction ID and multi-versioning in the CPU cache. Our evaluations show that LOC reduces the average performance overhead of memory persistence from 66.9% to 34.9% and the memory write traffic overhead from 17.1% to 3.4% on a variety of workloads.Comment: This paper has been accepted by IEEE Transactions on Parallel and Distributed System

Atomicity Implementation in E-Commerce Systems

Distributed databases with high performance and availability do not have the traditional ACID properties (Atomicity, Consistency, Isolation and Durability) because long duration locks will reduce the availability and the write performance. The problems of the missing ACID properties may be avoided by using approximated ACID properties, i.e. from an application point of view; the system should function as if all the traditional ACID properties had been implemented. The distributed approximated atomicity property manages the workflow of a transaction in such a way that either all the updates of the global transaction are executed (sooner or later) or all the updates of the global transaction are removed/compensated. In this paper, we will describe a flexible algorithm for implementing distributed approximated atomicity. Frank and Zahle [1] have described how to implement the other global approximated ACID properties. We will illustrate our algorithm with E-commerce examples. If one of the partaking subsystems fails in a system for E-commerce, the approximated atomicity property will ensure that when an order is accepted, the payment and stock levels are managed automatically in the locations of the partaking banks and product stocks. Even logistics and/or production may be managed by using approximated atomicity. We have cooperated with one of the major ERP (Enterprise Resource Planning) software companies in designing a distributed version of the ERP system with local autonomous databases in the different sales and stock locations

A pattern-based development of secure business processes

Iga andmeturbest huvitatud äriettevõte valib iseendale sobilikud turvameetmed, et vältida ootamatuid sündmusi ja õnnetusi. Nende turvameetmete esmane ülesanne on kaitsta selle äriettevõtte ressursse ja varasid. Äriettevõtetes aset leidvad õnnetused (vähemtähtsad või katastroofilised) on enamikel juhtudel oma olemuselt sarnased ning põhjustatud sarnaste turvariskide poolt. Paljudel andmeturbe spetsialistidel on raskusi leidmaks õiget lahendust konkreetsetele probleemidele, kuna eelmiste samalaadsete probleemide lahendused ei ole korrektselt dokumenteeritud. Selles kontekstis on turvalisuse mustrid (Security Patterns) kasulikud, kuna nad esitavad tõestatud lahendusi spetsiifiliste probleemide jaoks. Käesolevas väitekirjas arendasime välja kümme turvariskidele suunatud mustrit (SRP ehk Security Risk-oriented Patterns) ja defineerisime, kuidas kasutada neid mustreid vastumeetmetena turvariskidele äriprotsesside mudelite sees. Oma olemuselt on need mustrid sõltumatud modelleerimiskeelest. Lihtsustamaks nende rakendamist, on mudelid esitatud graafilises vormingus äriprotsesside modelleerimise keeles (BPMN). Me demonstreerime turvariskidele suunatud mustrite (SRP) kasutatavust kahe tööstusettevõtte ärimudeli näite põhjal. Esitame mustrite rakendamise kohta kvantitatiivsed analüüsid ja näitame, kuidas turvariskidele suunatud mustrid (SRP) aitavad demonstreerida andmeturbe nõrku kohti ärimudelites ning pakume välja lahendusi andmeturvalisusega seotud probleemidele. Selle uurimistöö tulemused võivad julgustada andmeturvalisusega tegelevaid analüütikuid jälgima mustritel-põhinevaid lähenemisi oma äriettevõtete kaitsmiseks, et aidata seeläbi kaasa ka infosüsteemide (Information Systems (IS)) kaitsmisele.Every security concerned enterprise selects its own security measures in order to avoid unexpected events and accidents. The main objective of these security measures is to protect the enterprise’s own resources and assets from damage. Most of the time, the accidents or disasters take place in enterprise are similar in nature, and are caused by similar kind of vulnerabilities. However, many security analysts find it difficult to select the right security measure for a particular problem because the previous proven solutions are not properly documented. In this context Security Patterns could be helpful since they present the proven solutions that potentially could be reused in the similar situations. In this thesis, we develop a set of ten Security Risk-oriented Patterns (SRP) and define the way how they could be used to define security countermeasures within the business process models. In principle, patterns are modelling language-independent. Moreover, to ease their application, we represent them in a graphical form using the Business Process Modelling Notation (BPMN) modelling approach. We demonstrate the usability of the Security Risk-oriented Patterns (SRP) by applying them on two industrial business models. We present the quantitative analysis of their application. We show that Security Risk-oriented Patterns (SRP) help to determine security risks in business models and suggest rationale for security solutions. The results of this research could potentially encourage the security analysts to follow pattern-based approach to develop secure business processes, thus, contributing to secure Information Systems (IS)

Towards an Enhanced Protocol for Improving Transactional Support in Interoperable Service Oriented Application-Based (SOA-Based) Systems

When using a shared database for distributed transactions, it is often difficult to connect business processes and softwarecomponents running on disparate platforms into a single transaction. For instance, one platform may add or update data, and thenanother platform later access the changed or added data. This severely limits transactional capabilities across platforms. Thissituation becomes more acute when concurrent transactions with interleaving operations spans across different applications andresources. Addressing this problem in an open, dynamic and distributed environment of web services poses special challenges,and still remains an open issue. Following the broad adoption and use of the standard Web Services Transaction Protocols,requirements have grown for the addition of extended protocols to handle problems that exist within the context of interoperableservice-oriented applications. Most extensions to the current standard WS-Transaction Protocols still lack proper mechanisms forerror-handling, concurrency control, transaction recovery, consolidation of multiple transaction calls into a single call, and securereporting and tracing for suspicious activities. In this research, we will first extend the current standard WS-TransactionFramework, and then propose an enhanced protocol (that can be deployed within the extended framework) to improvetransactional and security support for asynchronous applications in a distributed environment. A hybrid methodology whichincorporates service-oriented engineering and rapid application development will be used to develop a procurement system(which represents an interoperable service-oriented application) that integrates our proposed protocol. We will empiricallyevaluate and compare the performance of the enhanced protocol with other conventional distributed protocols (such as 2PL) interms of QoS parameters (throughput, response time, and resource utilization), availability of the application, databaseconsistency, and effect of locking on latency, among other factors.Keywords: Database, interoperability, security, concurrent transaction, web services, protocol, service-oriente

A Survey of Traditional and Practical Concurrency Control in Relational Database Management Systems

Traditionally, database theory has focused on concepts such as atomicity and serializability, asserting that concurrent transaction management must enable correctness above all else. Textbooks and academic journals detail a vision of unbounded rationality, where reduced throughput because of concurrency protocols is not of tremendous concern. This thesis seeks to survey the traditional basis for concurrency in relational database management systems and contrast that with actual practice. SQL-92, the current standard for concurrency in relational database management systems has defined isolation, or allowable concurrency levels, and these are examined. Some ways in which DB2, a popular database, interprets these levels and finesses extra concurrency through performance enhancement are detailed. SQL-92 standardizes de facto relational database management systems features. Given this and a superabundance of articles in professional journals detailing steps for fine-tuning transaction concurrency, the expansion of performance tuning seems bright, even at the expense of serializabilty. Are the practical changes wrought by non-academic professionals killing traditional database concurrency ideals? Not really. Reasoned changes for performance gains advocate compromise, using complex concurrency controls when necessary for the job at hand and relaxing standards otherwise. The idea of relational database management systems is only twenty years old, and standards are still evolving. Is there still an interplay between tradition and practice? Of course. Current practice uses tradition pragmatically, not idealistically. Academic ideas help drive the systems available for use, and perhaps current practice now will help academic ideas define concurrency control concepts for relational database management systems

TRANSACTION DESIGN FOR DATABASES WITH HIGH PERFORMANCE AND AVAILABILITY

When many concurrent transactions like ERP and E-commerce orders want to update the same stock records, long duration locking may reduce the availability of the locked data. Therefore, transactions are often designed without analyzing the consequences of loosing the traditional ACID (Atomicity, Consistency, Isolation and Durability) properties. In this paper, we will analyze how low isolation levels, optimistic concurrency control, short duration locks, and countermeasures against isolation anomalies can be used to design transactions for databases with high performance and availability. Long duration locks are defined as locks that are held until a transaction has been committed, Le. the data of a record is locked from the first read to the last update of any data used by the transaction. This will decrease the availability of locked data for concurrent transactions, and, therefore, optimistic concurrency control and low isolation levels are often used. However, in systems with relatively many updates like ERP-systems and E-commerce systems, low isolation levels cannot solve the availability problem as all update locks must be exclusive. In such situations, we will recommend the use of short duration locks. Short duration locks are local locks that are released as soon as possible, Le. data will for example not be locked across a dialog with the user. Normally, databases where only short duration locks are used do not have the traditional ACID properties as at least the isolation property is missing when locks are not hold across a dialog with the user. The problems caused by the missing ACID properties may be managed by using approximated ACID properties, i.e. from an application point of view the system should function as if all the traditional ACID properties had been implemented

Integrity Control in Relational Database Systems - An Overview

This paper gives an overview of research regarding integrity control or integrity constraint handling in relational database management systems. The topic of constraint handling is discussed from two points of view. First, constraint handling is discussed by identifying a number of important research issues, and by treating each issue in detail. Second, a number of projects is described that have resulted in the realization of database management systems supporting integrity constraints; the various projects are compared with respect to a number of system characteristics. Together, both approaches give a broad overview of the state of the art in the field at this moment