Design, Implementation, and Evaluation of A Repairable Database Management System

Tzi-cker Chiueh
Rether Networks Inc.
USA

Dhruv Pilania
Computer Science Department, Stony Brook University
USA

Although conventional database management systems are designed to
tolerate hardware and to a lesser extent even software errors, they
cannot protect themselves against syntactically correct and
semantically damaging transactions, which could arise because of
malicious attacks or honest mistakes. The lack of fast
post-intrusion or post-error damage repair in modern DBMSs results
in a longer Mean Time to Repair (MTTR) and sometimes permenant data
loss that could have been saved by more intelligent repair mechanisms.
In this paper, we describe the design and implementation of Phoenix -
a system that significantly improves the efficiency and precision of
a database damage repair process after an intrusion or operator error
and thus, increases the overall database system availability. The two
key ideas underlying Phoenix are (1) maintaining persistent
inter-transaction dependency information at run time to allow
selective undo of database transactions that are considered
``infected'' by the intrusion or error in question and (2) exploiting
information present in standard database logs for fast selective
undo. Performance measurements on a fully operational
Phoenix prototype, which is based on the PostgreSQL DBMS,
demonstrate that Phoenix incurs a response time and a throughput
penalty of less than 5% and 8%, respectively, under the TPC-C
benchmark, but it can speed up the post-intrusion database repair
process by at least an order of magnitude when compared with
a manual repair process.

Keywords: Intrusion tolerance, fast repairability, inter-transaction dependency tracking, roll-back, logging

Read Paper Read Paper (in PDF)