Achieving Secure and Performant Databases with Minimal Resource Overhead

• dc.contributor.advisor: Stonebraker, Mike
• dc.contributor.author: Lim, Darren
• dc.date.issued: 2024-05
• dc.date.submitted: 2024-07-11T14:37:38.285Z
• dc.identifier.uri: https://hdl.handle.net/1721.1/156970
• dc.description.abstract: Modern cloud databases run in virtualized environments, which are typically implemented with Linux virtual machines (VMs). However, this poses two main risks. Typically, trusted database code is run alongside stored procedure code, which means that user-inputted stored procedure code can pose a security risk to the database and data itself, if the code contains vulnerabilities. Additionally, since Linux has such a large codebase, Linux-based VMs are subject to complex latency concerns and also a large attack surface. Using a low-level shared memory protocol, it is possible to create a secure and performant communication channel between a database VM and the VMs of its stored procedures. This protects the database from vulnerabilities in the stored procedure code. Furthermore, by using unikernels instead of Linux VMs, the machines running the VMs can minimize the CPU/memory overhead per VM while also improving security for the DMBS. Overall, these changes allow cloud-hosted machines to more efficiently utilize resources.
• dc.publisher: Massachusetts Institute of Technology
• dc.type: Thesis
• dc.description.degree: M.Eng.
• dc.contributor.department: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
• dc.identifier.orcid: http://orcid.org/0009-0004-1324-401X
• mit.thesis.degree: Master
• thesis.degree.name: Master of Engineering in Electrical Engineering and Computer Science