Achieving Secure and Performant Databases with Minimal Resource Overhead

Lim, Darren

Author(s)

Lim, Darren

DownloadThesis PDF (3.878Mb)

Advisor

Stonebraker, Mike

Terms of use

In Copyright - Educational Use Permitted Copyright retained by author(s) https://rightsstatements.org/page/InC-EDU/1.0/

Metadata

Show full item record

Abstract

Modern cloud databases run in virtualized environments, which are typically implemented with Linux virtual machines (VMs). However, this poses two main risks. Typically, trusted database code is run alongside stored procedure code, which means that user-inputted stored procedure code can pose a security risk to the database and data itself, if the code contains vulnerabilities. Additionally, since Linux has such a large codebase, Linux-based VMs are subject to complex latency concerns and also a large attack surface. Using a low-level shared memory protocol, it is possible to create a secure and performant communication channel between a database VM and the VMs of its stored procedures. This protects the database from vulnerabilities in the stored procedure code. Furthermore, by using unikernels instead of Linux VMs, the machines running the VMs can minimize the CPU/memory overhead per VM while also improving security for the DMBS. Overall, these changes allow cloud-hosted machines to more efficiently utilize resources.

Date issued

2024-05

URI

https://hdl.handle.net/1721.1/156970

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Collections

Graduate Theses