Fine Grained Transaction Log for Data Recovery in Database Systems

Huazhong University of Sci. & Tech.

Department of Computer Sci. & Tech.

Ge Fu fuge@smail.hust.edu.cn

2

Towards Database Security Ⅰ• What does conventional database

security mechanism concern? confidentiality, integrity, availability,

survivability

• What we have done? Authentication & Authorization Access Control (DAC, MAC, FGAC et al.) Inference Control Multilevel Secure Databases Data Encryption

3

Towards Database Security Ⅱ• Disadvantages of these Methods?

a) Addresses primarily how to protect the security of a database;

b) Preventative based methods can not prevent all attacks.

E.g. SQL injection & cross site script attacks

c) Data recovery after attacks become an important issue.

4

Existing Methods for data recovery

• Complete rollback• Hard recovery • Flash back in Oracle 10g • Selective data recovery keep a transaction log, find the read-write

dependency relationship between transactions. And then undo the malicious (bad) and affected (reads from malicious transactions) transactions, keep the results of benign transactions.

5

Selective data recovery Ⅰ

time

B1: x=x=2;(Malicious transaction B1 modifies data item x)

G1: y=x+9;(Benign transaction G1 reads x and modifies y)

G2: z=y+10;(Benign transaction G2 reads y and modifies z)

t1

t2

t3

when transaction B1 that updates x is identified malicious, the damage on x can spread to every data item updated by a transaction that is dependent on B1 directly or indirectly.

B1 G1 G2

x y z

Damage spread

Read-Write Dependency for transactions

6

Selective data recovery Ⅱ

• Selective data recovery methods include: a) Locate each affected transaction (damage

assessment). According to read-write dependency between transactions (A Dependency Graph), find transactions affected by the malicious transactions;

b) Recover the database from the damage caused on the data items updated by every malicious or affected transaction (damage recovery). Undo the malicious and affected transaction.

7

Transaction Log in selective recovery

• What kind of log is required for selective data recovery?a) The log should record all read or write

operations towards data items.

b) The log can be a table. It records all operations of transactions. Each row represents an operation (read or write) towards a data item. It can be this type: TRASATIONID, OPTYPE, ITEM, BEFOREIMG, AFTERIMG, TIME

8

Does existing log in DBMS useful?• Conventional undo/redo log and triggers in

DBMS is only for write operations, and can not capture read operations for transactions;

• Existing auditing mechanisms are designed to audit database statements, privileges, or schema objects. The audit is based on the “table level”. It can not obtain data items that are manipulated by the operation.

9

Fine Grained Transaction Log• The log system for selective data recovery

is devoted to following problems:P1: The log should be created in the executing period of transactions.P2: The read operation in sub-query in a SQL statement should be captured.

• If the log records all read and write operations in transactions, including sub-queries in SQL statements, we call this new kind of log Fine Grained Transaction Log.

10

Fine Grained Transaction Log Generator

11

Read Log Generator

DB MonitorRead Log Generator

Transaction Log

User Transactions

Client user

TMPTABLE1

TMPTABLE2… …

Read log entries

Data items

• Initial statement:SELECT ol_qty FROM order_line WHERE ol_i_id IN

(SELECT i_id FROM item WHERE i_cost >100);

• Divided statements:1) SELECT i_id INTO TMPTABLE1 FROM item WHERE

i_cost>100; 2) SELECT ol_qty INTO TMPTABLE2 FROM order_line

where ol_i_id IN (SELECT i_id from TMPTABLE1; 3) SELECT ol_qty from TMPTABLE2

12

Experiment results and analysis Ⅰ

• TPC-W Benchmark TPC-W is a transactional web e-commerce

benchmark introduced by the Transaction Processing Performance Council. TPC-W specifies an ecommerce workload that simulates the activities of a retail website which produces workload on the backend databases.

• Why we choose TPC-W? 1) TPC-W is a common used benchmark; 2) Provide three web interaction patterns and use

WIPSb,WIPS, WIPSo to measure performances under different web interaction patterns.

13

Experiment results and analysis Ⅱ

Test Environment

DBMS: SQL Server 2000, a PC with Windows NT, Pentium R 2.8GHZ CPU, 2GB main memory.

FGTL Generator and TPC-W Platform: a PC with Windows NT, Pentium R 2.8GHZ CPU, 1GB main memory.

10/100Mbps switch LAN.FGTL Generator is implemented using Eclipse on

JAVA platform.

14

Experiment results and analysis Ⅲ

Results:

15

Experiment results and analysis Ⅳ

• The objective: Study throughput of FGTL Generator under

different amounts of EBs.

• Conclusions:a) With the number of EBs increasing, the

overhead of FGTL Generator become large.b) In WIPSo, the overhead of throughput for

FGTL Generator is the lowest and in WIPSb is the highest.

Questions?