際際滷

際際滷Share a Scribd company logo

RDB - Repairable Database Systems

Download as ppt, pdf
Alexey Smirnov
Alexey Smirnov

The document describes a framework called RDB that can make databases intrusion-resilient by tracking transaction dependencies and enabling selective transaction rollback. RDB inserts a proxy driver between the database and clients to intercept SQL statements and track reads and writes. It stores dependency information and transaction metadata to enable analyzing the log and visualizing dependencies after an intrusion to generate compensating transactions for repairing the database. The overhead of the framework is between 6-13% according to benchmarks.

Technology
1 of 30
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
A Portable Implementation Framework for Intrusion-Resilient Database Management Systems Alexey Smirnov and Tzi-cker Chiueh Department of Computer Science SUNY at Stony Brook DSN 2004
Outline Motivation System Architecture Transaction Dependency Tracking Database Repair Process Performance Evaluation Summary
Motivation Suppose you are a DBA and you have just noticed that your database has been compromised 24 hours ago. How would you repair the database? Currently, the only way to do this is to restore a database backup and manually recommit benign transactions. Difficulties: (1) how to tell benign transactions from malicious; (2) the amount of data can be huge and the repair process is very error-prone.
Motivation Ideally, an intrusion-resilient DBMS should be able to Track inter-transaction dependencies; Perform a selective transaction rollback. We propose implementation framework called RDB that can render an off-the-self DBMS intrusion resilient without modifying its internals. RDB has two components: tracking subsystem which runs at run-time and recovery subsystem which runs offline.
Definition of Transaction Dependency A read set of an SQL statement S is the set of rows fetched by this statement. We will say that statement S 2 depends on statement S 1 if at least one row from the read set of S 2 was modified by S 1 . We will say that transaction T 2 depends on transaction T 1 if at least one statement of T 2 depends on a statement from T 1 .
Limitations of Transaction Dependency Model This definition is prone to both false positives and false negatives. Example of a false positive dependency: 7 1 300 6 2 200 5 3 100 A3 A2 A1
Limitations of Transaction Dependency Model This definition is prone to both false positives and false negatives. Example of a false positive dependency: T1: SET A2=5 WHERE A1<250 7 1 300 6 5 200 5 5 100 A3 A2 A1
Limitations of Transaction Dependency Model This definition is prone to both false positives and false negatives. Example of a false positive dependency: T1: SET A2=5 WHERE A1<250 T2: SELECT A3 WHERE A3>3 7 1 300 6 5 200 5 5 100 A3 A2 A1
Limitation of Transaction Dependency Model Another limitation is that in general, it is impossible to determine all transaction dependencies by looking at the traffic between a client and the DB server only because part of the logic may be inside the application itself.
How to Track Transaction Dependencies? Such a tracking mechanism should be able to intercept both read and write actions performed in the database. Possible approaches are:
How to Track Transaction Dependencies? Such a tracking mechanism should be able to intercept both read and write actions performed in the database. Possible approaches are: Database log analysis read actions are not logged;
How to Track Transaction Dependencies? Such a tracking mechanism should be able to intercept both read and write actions performed in the database. Possible approaches are: Database triggers will miss out SELECT statements; Database log analysis read actions are not logged;
How to Track Transaction Dependencies? Such a tracking mechanism should be able to intercept both read and write actions performed in the database. Possible approaches are: Database triggers will miss out SELECT statements; Database log analysis read actions are not logged; Tracking proxy will intercept SQL statements coming from the client to the server;
Transaction Dependency Tracking RDB inserts a proxy JDBC driver between the DB server and a client that transparently intercepts all queries and results. The proxy can be either on the client side
Transaction Dependency Tracking RDB inserts a proxy JDBC driver between the DB server and a client that transparently intercepts all queries and results. The proxy can be either on the client side
Transaction Dependency Tracking RDB inserts a proxy JDBC driver between the DB server and a client that transparently intercepts all queries and results. The proxy can be either on the client side or on the server side.
Transaction Dependency Tracking The following changes are made to the database at the time of its creation: Table trans_dep(tr_id:INTEGER, dep_tr_ids:VARCHAR) stores IDs of transactions that depend on transation tr_id ; Table annot(tr_id:INTEGER, descr:VARCHAR) stores annotation for transaction tr_id ; A new field tr_id is added to each table. It contains the ID of last transaction that modified each row. The proxy uses its own transaction IDs because there is no standard way to access internal transaction ID.
Transaction Dependency Tracking The JDBC proxy needs to update field tr_id when the data is modified and to select it when the data is fetched. The proxy rewrites SQL statements coming from the client. SELECT a FROM t WHERE c SELECT a, t.tr_id FROM t WHERE c
Transaction Dependency Tracking The JDBC proxy needs to update field tr_id when the data is modified and to select it when the data is fetched. The proxy rewrites SQL statements coming from the client. UPDATE t SET a=v WHERE c UPDATE t SET a=v, tr_id=curTrID WHERE c
Transaction Dependency Tracking The JDBC proxy needs to update field tr_id when the data is modified and to select it when the data is fetched. The proxy rewrites SQL statements coming from the client. INSERT INTO t(a) VALUES(v) INSERT INTO t(a, tr_id) VALUES(v, curTrID)
Transaction Dependency Tracking The JDBC proxy needs to update field tr_id when the data is modified and to select it when the data is fetched. The proxy rewrites SQL statements coming from the client. COMMIT INSERT INTO trans_dep(curTrID,) COMMIT
Summary of the Tracking Subsystem Transaction dependency tracking is implemented as a JDBC proxy driver and is therefore highly portable across different DBMSs. The proxy uses a lightweight approach aimed at tracking all read actions in a database.
Database Repair Process The database is repaired by committing compensating transactions . When using RDB , the repair process consists of: Database log analysis (to reconstruct complete dependency information and generate compensating transactions); Dependency graph visualization; Repairing the database by committing compensating transactions;
Database Log Analysis At repair time, RDB analyses the database transaction log to build a complete dependency graph and to generate compensating transactions. Different DBMSs provide different facilities for log analysis. We have studied three DB servers: PostgreSQL 7.2.2 Oracle 9.2.0 Sybase ASE 12.5
Database Log Analysis Oracle LogMiner translates binary log into a database view that can be queried. It contains the transaction ID, the original SQL statement and a compensating SQL statement . PostgreSQL no end-user programs or APIs for log analysis. We have implemented a plugin that provides a LogMiner-kind functionality Sybase can provide a dump of its binary transaction log. The format of this dump is partially described in Sybase manuals. We have developed a tool that parses this dump and generates compensating statements.
Dependency Graph Visualization We used GraphViz ( AT&T) The application allows the user to select an initial set of malicious transactions and computes its transitive closure. Then the result can be refined by the user to build the final set of transactions to be undone. We are working on a more powerful tool that can discard certain types of dependencies.
Performance Evaluation We used TPC-C benchmark to evaluate the run-time overhead of JDBC proxy. Test database size ~ 4GB. We varied the following parameters: Transaction mix (read intensive and read/write intensive); Connection type (local or over a network); Total footprint size (effect of database cache);
Performance Evaluation Overhead is between 6% and 13%.
Performance Evaluation Our interpretation of these results: the overhead comes mostly from additional writes to the database and transaction log. Why overhead for read-intensive transactions is less than that for read/write intensive: when there are few dependencies, the number of additional writes is also small. Why overhead increases when the footprint decreases: because there are fewer disk accesses performed on behalf of the client.
Summary We developed RDB , a portable framework that can render an off-the-shelf DBMS intrusion resilient without having access to its internals. The prototype has some limitations: The tracking mechanism is row-based rather than column-based. This can lead to false dependencies. No support for stored procedures. Many DBMS vendors provide custom extensions to SQL. Currently, only part of SQL-92 is supported.
Ad

Recommended

Unit iv -Transactions
Unit iv -Transactions
Dhivyaa C.R
Basic principles of blind write protocol
Basic principles of blind write protocol
journalBEEI
Extending the Intelligent Adaptive Participant's Presumption Protocol to the ...
Extending the Intelligent Adaptive Participant's Presumption Protocol to the ...
IJDMS
Unit 2
Unit 2
Mohit
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hij...
Alexey Smirnov
DUSK - Develop at Userland Install into Kernel
DUSK - Develop at Userland Install into Kernel
Alexey Smirnov
RDB - Repairable Database Systems
RDB - Repairable Database Systems
Alexey Smirnov
GEM - GNU C Compiler Extensions Framework
GEM - GNU C Compiler Extensions Framework
Alexey Smirnov
01-Description of the Transport Layer.ppt
01-Description of the Transport Layer.ppt
mkr280496
Unit 1- dbms.ppt
Unit 1- dbms.ppt
minnu41
Sql vs no sql
Sql vs no sql
Bhuwan Paneru
dbms.ppt
dbms.ppt
GeorgeSamaan9
dbms.ppt
dbms.ppt
KRISHNARAJ207
dbms (1).ppt
dbms (1).ppt
UbaidURRahman78
dbms.ppt
dbms.ppt
ThontadharyaThontadh
Database management concepts With Normalization
Database management concepts With Normalization
SimbhuAshokC
Database management concepts With Normalization
Database management concepts With Normalization
SimbhuAshokC
Dbms
Dbms
Maria Stella Solon
Dbms
Dbms
philipsinter
Dbms
Dbms
AbiramiK
Sistem manajemen basis data 8
Sistem manajemen basis data 8
Universitas Putera Batam
Data
Data
Tommy Chiu
Dbms
Dbms
sevtap87
Introduction To Database.ppt
Introduction To Database.ppt
RithikRaj25
introductiontodatabase-230307143929-a424d19b.ppt
introductiontodatabase-230307143929-a424d19b.ppt
LakshmiLucky52
dbms introduction.pptx
dbms introduction.pptx
ATISHAYJAIN847270
Spring Transaction
Spring Transaction
patinijava
PostgreSQL as Enterprise Solution v1.1.pdf
PostgreSQL as Enterprise Solution v1.1.pdf
Equnix Business Solutions
"How to survive Black Friday: preparing e-commerce for a peak season", Yurii ...
"How to survive Black Friday: preparing e-commerce for a peak season", Yurii ...
Fwdays
Securing Account Lifecycles in the Age of Deepfakes.pptx
Securing Account Lifecycles in the Age of Deepfakes.pptx
FIDO Alliance

More Related Content

Similar to RDB - Repairable Database Systems (20)

01-Description of the Transport Layer.ppt
01-Description of the Transport Layer.ppt
mkr280496
Unit 1- dbms.ppt
Unit 1- dbms.ppt
minnu41
Sql vs no sql
Sql vs no sql
Bhuwan Paneru
dbms.ppt
dbms.ppt
GeorgeSamaan9
dbms.ppt
dbms.ppt
KRISHNARAJ207
dbms (1).ppt
dbms (1).ppt
UbaidURRahman78
dbms.ppt
dbms.ppt
ThontadharyaThontadh
Database management concepts With Normalization
Database management concepts With Normalization
SimbhuAshokC
Database management concepts With Normalization
Database management concepts With Normalization
SimbhuAshokC
Dbms
Dbms
Maria Stella Solon
Dbms
Dbms
philipsinter
Dbms
Dbms
AbiramiK
Sistem manajemen basis data 8
Sistem manajemen basis data 8
Universitas Putera Batam
Data
Data
Tommy Chiu
Dbms
Dbms
sevtap87
Introduction To Database.ppt
Introduction To Database.ppt
RithikRaj25
introductiontodatabase-230307143929-a424d19b.ppt
introductiontodatabase-230307143929-a424d19b.ppt
LakshmiLucky52
dbms introduction.pptx
dbms introduction.pptx
ATISHAYJAIN847270
Spring Transaction
Spring Transaction
patinijava
PostgreSQL as Enterprise Solution v1.1.pdf
PostgreSQL as Enterprise Solution v1.1.pdf
Equnix Business Solutions
01-Description of the Transport Layer.ppt
01-Description of the Transport Layer.ppt
mkr280496
Unit 1- dbms.ppt
Unit 1- dbms.ppt
minnu41
Sql vs no sql
Sql vs no sql
Bhuwan Paneru
dbms.ppt
dbms.ppt
GeorgeSamaan9
dbms.ppt
dbms.ppt
KRISHNARAJ207
dbms (1).ppt
dbms (1).ppt
UbaidURRahman78
dbms.ppt
dbms.ppt
ThontadharyaThontadh
Database management concepts With Normalization
Database management concepts With Normalization
SimbhuAshokC
Database management concepts With Normalization
Database management concepts With Normalization
SimbhuAshokC
Dbms
Dbms
Maria Stella Solon
Dbms
Dbms
philipsinter
Dbms
Dbms
AbiramiK
Sistem manajemen basis data 8
Sistem manajemen basis data 8
Universitas Putera Batam
Data
Data
Tommy Chiu
Dbms
Dbms
sevtap87
Introduction To Database.ppt
Introduction To Database.ppt
RithikRaj25
introductiontodatabase-230307143929-a424d19b.ppt
introductiontodatabase-230307143929-a424d19b.ppt
LakshmiLucky52
dbms introduction.pptx
dbms introduction.pptx
ATISHAYJAIN847270
Spring Transaction
Spring Transaction
patinijava
PostgreSQL as Enterprise Solution v1.1.pdf
PostgreSQL as Enterprise Solution v1.1.pdf
Equnix Business Solutions

Recently uploaded (20)

"How to survive Black Friday: preparing e-commerce for a peak season", Yurii ...
"How to survive Black Friday: preparing e-commerce for a peak season", Yurii ...
Fwdays
Securing Account Lifecycles in the Age of Deepfakes.pptx
Securing Account Lifecycles in the Age of Deepfakes.pptx
FIDO Alliance
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
Priyanka Aash
Techniques for Automatic Device Identification and Network Assignment.pdf
Techniques for Automatic Device Identification and Network Assignment.pdf
Priyanka Aash
UserCon Belgium: Honey, VMware increased my bill
UserCon Belgium: Honey, VMware increased my bill
stijn40
Python Conference Singapore - 19 Jun 2025
Python Conference Singapore - 19 Jun 2025
ninefyi
War_And_Cyber_3_Years_Of_Struggle_And_Lessons_For_Global_Security.pdf
War_And_Cyber_3_Years_Of_Struggle_And_Lessons_For_Global_Security.pdf
biswajitbanerjee38
Cyber Defense Matrix Workshop - RSA Conference
Cyber Defense Matrix Workshop - RSA Conference
Priyanka Aash
From Manual to Auto Searching- FME in the Driver's Seat
From Manual to Auto Searching- FME in the Driver's Seat
Safe Software
FIDO Alliance Seminar State of Passkeys.pptx
FIDO Alliance Seminar State of Passkeys.pptx
FIDO Alliance
Tech-ASan: Two-stage check for Address Sanitizer - Yixuan Cao.pdf
Tech-ASan: Two-stage check for Address Sanitizer - Yixuan Cao.pdf
caoyixuan2019
Improving Data Integrity: Synchronization between EAM and ArcGIS Utility Netw...
Improving Data Integrity: Synchronization between EAM and ArcGIS Utility Netw...
Safe Software
"Database isolation: how we deal with hundreds of direct connections to the d...
"Database isolation: how we deal with hundreds of direct connections to the d...
Fwdays
Securing AI - There Is No Try, Only Do!.pdf
Securing AI - There Is No Try, Only Do!.pdf
Priyanka Aash
cnc-processing-centers-centateq-p-110-en.pdf
cnc-processing-centers-centateq-p-110-en.pdf
AmirStern2
ReSTIR [DI]: Spatiotemporal reservoir resampling for real-time ray tracing ...
ReSTIR [DI]: Spatiotemporal reservoir resampling for real-time ray tracing ...
revolcs10
The Future of Technology: 2025-2125 by Saikat Basu.pdf
The Future of Technology: 2025-2125 by Saikat Basu.pdf
Saikat Basu
OWASP Barcelona 2025 Threat Model Library
OWASP Barcelona 2025 Threat Model Library
PetraVukmirovic
OpenACC and Open Hackathons Monthly Highlights June 2025
OpenACC and Open Hackathons Monthly Highlights June 2025
OpenACC
Information Security Response Team Nepal_npCERT_Vice_President_Sudan_Jha.pdf
Information Security Response Team Nepal_npCERT_Vice_President_Sudan_Jha.pdf
ICT Frame Magazine Pvt. Ltd.
"How to survive Black Friday: preparing e-commerce for a peak season", Yurii ...
"How to survive Black Friday: preparing e-commerce for a peak season", Yurii ...
Fwdays
Securing Account Lifecycles in the Age of Deepfakes.pptx
Securing Account Lifecycles in the Age of Deepfakes.pptx
FIDO Alliance
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
Priyanka Aash
Techniques for Automatic Device Identification and Network Assignment.pdf
Techniques for Automatic Device Identification and Network Assignment.pdf
Priyanka Aash
UserCon Belgium: Honey, VMware increased my bill
UserCon Belgium: Honey, VMware increased my bill
stijn40
Python Conference Singapore - 19 Jun 2025
Python Conference Singapore - 19 Jun 2025
ninefyi
War_And_Cyber_3_Years_Of_Struggle_And_Lessons_For_Global_Security.pdf
War_And_Cyber_3_Years_Of_Struggle_And_Lessons_For_Global_Security.pdf
biswajitbanerjee38
Cyber Defense Matrix Workshop - RSA Conference
Cyber Defense Matrix Workshop - RSA Conference
Priyanka Aash
From Manual to Auto Searching- FME in the Driver's Seat
From Manual to Auto Searching- FME in the Driver's Seat
Safe Software
FIDO Alliance Seminar State of Passkeys.pptx
FIDO Alliance Seminar State of Passkeys.pptx
FIDO Alliance
Tech-ASan: Two-stage check for Address Sanitizer - Yixuan Cao.pdf
Tech-ASan: Two-stage check for Address Sanitizer - Yixuan Cao.pdf
caoyixuan2019
Improving Data Integrity: Synchronization between EAM and ArcGIS Utility Netw...
Improving Data Integrity: Synchronization between EAM and ArcGIS Utility Netw...
Safe Software
"Database isolation: how we deal with hundreds of direct connections to the d...
"Database isolation: how we deal with hundreds of direct connections to the d...
Fwdays
Securing AI - There Is No Try, Only Do!.pdf
Securing AI - There Is No Try, Only Do!.pdf
Priyanka Aash
cnc-processing-centers-centateq-p-110-en.pdf
cnc-processing-centers-centateq-p-110-en.pdf
AmirStern2
ReSTIR [DI]: Spatiotemporal reservoir resampling for real-time ray tracing ...
ReSTIR [DI]: Spatiotemporal reservoir resampling for real-time ray tracing ...
revolcs10
The Future of Technology: 2025-2125 by Saikat Basu.pdf
The Future of Technology: 2025-2125 by Saikat Basu.pdf
Saikat Basu
OWASP Barcelona 2025 Threat Model Library
OWASP Barcelona 2025 Threat Model Library
PetraVukmirovic
OpenACC and Open Hackathons Monthly Highlights June 2025
OpenACC and Open Hackathons Monthly Highlights June 2025
OpenACC
Information Security Response Team Nepal_npCERT_Vice_President_Sudan_Jha.pdf
Information Security Response Team Nepal_npCERT_Vice_President_Sudan_Jha.pdf
ICT Frame Magazine Pvt. Ltd.
Ad

RDB - Repairable Database Systems

  • 1. A Portable Implementation Framework for Intrusion-Resilient Database Management Systems Alexey Smirnov and Tzi-cker Chiueh Department of Computer Science SUNY at Stony Brook DSN 2004
  • 2. Outline Motivation System Architecture Transaction Dependency Tracking Database Repair Process Performance Evaluation Summary
  • 3. Motivation Suppose you are a DBA and you have just noticed that your database has been compromised 24 hours ago. How would you repair the database? Currently, the only way to do this is to restore a database backup and manually recommit benign transactions. Difficulties: (1) how to tell benign transactions from malicious; (2) the amount of data can be huge and the repair process is very error-prone.
  • 4. Motivation Ideally, an intrusion-resilient DBMS should be able to Track inter-transaction dependencies; Perform a selective transaction rollback. We propose implementation framework called RDB that can render an off-the-self DBMS intrusion resilient without modifying its internals. RDB has two components: tracking subsystem which runs at run-time and recovery subsystem which runs offline.
  • 5. Definition of Transaction Dependency A read set of an SQL statement S is the set of rows fetched by this statement. We will say that statement S 2 depends on statement S 1 if at least one row from the read set of S 2 was modified by S 1 . We will say that transaction T 2 depends on transaction T 1 if at least one statement of T 2 depends on a statement from T 1 .
  • 6. Limitations of Transaction Dependency Model This definition is prone to both false positives and false negatives. Example of a false positive dependency: 7 1 300 6 2 200 5 3 100 A3 A2 A1
  • 7. Limitations of Transaction Dependency Model This definition is prone to both false positives and false negatives. Example of a false positive dependency: T1: SET A2=5 WHERE A1<250 7 1 300 6 5 200 5 5 100 A3 A2 A1
  • 8. Limitations of Transaction Dependency Model This definition is prone to both false positives and false negatives. Example of a false positive dependency: T1: SET A2=5 WHERE A1<250 T2: SELECT A3 WHERE A3>3 7 1 300 6 5 200 5 5 100 A3 A2 A1
  • 9. Limitation of Transaction Dependency Model Another limitation is that in general, it is impossible to determine all transaction dependencies by looking at the traffic between a client and the DB server only because part of the logic may be inside the application itself.
  • 10. How to Track Transaction Dependencies? Such a tracking mechanism should be able to intercept both read and write actions performed in the database. Possible approaches are:
  • 11. How to Track Transaction Dependencies? Such a tracking mechanism should be able to intercept both read and write actions performed in the database. Possible approaches are: Database log analysis read actions are not logged;
  • 12. How to Track Transaction Dependencies? Such a tracking mechanism should be able to intercept both read and write actions performed in the database. Possible approaches are: Database triggers will miss out SELECT statements; Database log analysis read actions are not logged;
  • 13. How to Track Transaction Dependencies? Such a tracking mechanism should be able to intercept both read and write actions performed in the database. Possible approaches are: Database triggers will miss out SELECT statements; Database log analysis read actions are not logged; Tracking proxy will intercept SQL statements coming from the client to the server;
  • 14. Transaction Dependency Tracking RDB inserts a proxy JDBC driver between the DB server and a client that transparently intercepts all queries and results. The proxy can be either on the client side
  • 15. Transaction Dependency Tracking RDB inserts a proxy JDBC driver between the DB server and a client that transparently intercepts all queries and results. The proxy can be either on the client side
  • 16. Transaction Dependency Tracking RDB inserts a proxy JDBC driver between the DB server and a client that transparently intercepts all queries and results. The proxy can be either on the client side or on the server side.
  • 17. Transaction Dependency Tracking The following changes are made to the database at the time of its creation: Table trans_dep(tr_id:INTEGER, dep_tr_ids:VARCHAR) stores IDs of transactions that depend on transation tr_id ; Table annot(tr_id:INTEGER, descr:VARCHAR) stores annotation for transaction tr_id ; A new field tr_id is added to each table. It contains the ID of last transaction that modified each row. The proxy uses its own transaction IDs because there is no standard way to access internal transaction ID.
  • 18. Transaction Dependency Tracking The JDBC proxy needs to update field tr_id when the data is modified and to select it when the data is fetched. The proxy rewrites SQL statements coming from the client. SELECT a FROM t WHERE c SELECT a, t.tr_id FROM t WHERE c
  • 19. Transaction Dependency Tracking The JDBC proxy needs to update field tr_id when the data is modified and to select it when the data is fetched. The proxy rewrites SQL statements coming from the client. UPDATE t SET a=v WHERE c UPDATE t SET a=v, tr_id=curTrID WHERE c
  • 20. Transaction Dependency Tracking The JDBC proxy needs to update field tr_id when the data is modified and to select it when the data is fetched. The proxy rewrites SQL statements coming from the client. INSERT INTO t(a) VALUES(v) INSERT INTO t(a, tr_id) VALUES(v, curTrID)
  • 21. Transaction Dependency Tracking The JDBC proxy needs to update field tr_id when the data is modified and to select it when the data is fetched. The proxy rewrites SQL statements coming from the client. COMMIT INSERT INTO trans_dep(curTrID,) COMMIT
  • 22. Summary of the Tracking Subsystem Transaction dependency tracking is implemented as a JDBC proxy driver and is therefore highly portable across different DBMSs. The proxy uses a lightweight approach aimed at tracking all read actions in a database.
  • 23. Database Repair Process The database is repaired by committing compensating transactions . When using RDB , the repair process consists of: Database log analysis (to reconstruct complete dependency information and generate compensating transactions); Dependency graph visualization; Repairing the database by committing compensating transactions;
  • 24. Database Log Analysis At repair time, RDB analyses the database transaction log to build a complete dependency graph and to generate compensating transactions. Different DBMSs provide different facilities for log analysis. We have studied three DB servers: PostgreSQL 7.2.2 Oracle 9.2.0 Sybase ASE 12.5
  • 25. Database Log Analysis Oracle LogMiner translates binary log into a database view that can be queried. It contains the transaction ID, the original SQL statement and a compensating SQL statement . PostgreSQL no end-user programs or APIs for log analysis. We have implemented a plugin that provides a LogMiner-kind functionality Sybase can provide a dump of its binary transaction log. The format of this dump is partially described in Sybase manuals. We have developed a tool that parses this dump and generates compensating statements.
  • 26. Dependency Graph Visualization We used GraphViz ( AT&T) The application allows the user to select an initial set of malicious transactions and computes its transitive closure. Then the result can be refined by the user to build the final set of transactions to be undone. We are working on a more powerful tool that can discard certain types of dependencies.
  • 27. Performance Evaluation We used TPC-C benchmark to evaluate the run-time overhead of JDBC proxy. Test database size ~ 4GB. We varied the following parameters: Transaction mix (read intensive and read/write intensive); Connection type (local or over a network); Total footprint size (effect of database cache);
  • 28. Performance Evaluation Overhead is between 6% and 13%.
  • 29. Performance Evaluation Our interpretation of these results: the overhead comes mostly from additional writes to the database and transaction log. Why overhead for read-intensive transactions is less than that for read/write intensive: when there are few dependencies, the number of additional writes is also small. Why overhead increases when the footprint decreases: because there are fewer disk accesses performed on behalf of the client.
  • 30. Summary We developed RDB , a portable framework that can render an off-the-shelf DBMS intrusion resilient without having access to its internals. The prototype has some limitations: The tracking mechanism is row-based rather than column-based. This can lead to false dependencies. No support for stored procedures. Many DBMS vendors provide custom extensions to SQL. Currently, only part of SQL-92 is supported.
About
息 2025 際際滷