Detecting Incorrect Behavior of Cloud Databases as an Outsider

Cloud DBs offer strong properties, including serializability, sometimes called the gold standard database correctness property. But cloud DBs are complicated black boxes, running in a different administrative domain from their clients; thus, clients might like to know whether the DBs are meeting their contract. A core difficulty is that the underlying problem here, namely verifying serializability, is NP-complete. Nevertheless, we hypothesize that on real-world workloads, verifying serializability is tractable, and we treat the question as a systems problem, for the first time. We build Cobra, which tames the underlying search problem by blending a new encoding of the problem, hardware acceleration, and a careful choice of a suitable SMT solver. cobra also introduces a technique to address the challenge of garbage collection in this context. cobra improves over natural baselines by at least 10x in the problem size it can handle, while imposing modest overhead on clients.

[1]  David L. Dill,et al.  CVC: A Cooperating Validity Checker , 2002, CAV.

[2]  Peter Bailis,et al.  ACIDRain: Concurrency-Related Attacks on Database-Backed Web Applications , 2017, SIGMOD Conference.

[3]  Martin Gebser,et al.  SAT Modulo Graphs: Acyclicity , 2014, JELIA.

[4]  Sharad Malik,et al.  Predicting Serializability Violations: SMT-Based Search vs. DPOR-Based Search , 2011, Haifa Verification Conference.

[5]  Sanjeev Kumar,et al.  Existential consistency: measuring and understanding consistency at Facebook , 2015, SOSP.

[6]  Eugene Goldberg,et al.  BerkMin: A Fast and Robust Sat-Solver , 2002 .

[7]  Frank Tip,et al.  Dynamic detection of atomic-set-serializability violations , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[8]  Sunil Prabhakar,et al.  Trustworthy data from untrusted databases , 2013, 2013 IEEE 29th International Conference on Data Engineering (ICDE).

[9]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[10]  Samer Al-Kiswany,et al.  An Analysis of Network-Partitioning Failures in Cloud Systems , 2018, OSDI.

[11]  Andrea C. Arpaci-Dusseau,et al.  Redundancy Does Not Imply Fault Tolerance: Analysis of Distributed Storage Reactions to Single Errors and Corruptions , 2017, FAST.

[12]  Tim Kraska,et al.  MDCC: multi-data center consistency , 2012, EuroSys '13.

[13]  Jie Wu,et al.  Consistency as a Service: Auditing Cloud Consistency , 2014, IEEE Transactions on Network and Service Management.

[14]  Marc H. Scholl,et al.  Transactional information systems: theory, algorithms, and the practice of concurrency control and recovery , 2001, SGMD.

[15]  Claude Castelluccia,et al.  Extending SAT Solvers to Cryptographic Problems , 2009, SAT.

[16]  Jonathan Lee,et al.  Proving the correct execution of concurrent services in zero-knowledge , 2018, IACR Cryptol. ePrint Arch..

[17]  Peter Müller,et al.  Serializability for eventual consistency: criterion, analysis, and applications , 2017, POPL.

[18]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[19]  Adrian Perrig,et al.  Bootstrapping Trust in Modern Computers , 2011, Springer Briefs in Computer Science.

[20]  Mihalis Yannakakis,et al.  Serializability by Locking , 1984, JACM.

[21]  Marvin Theimer,et al.  Flexible update propagation for weakly consistent replication , 1997, SOSP.

[22]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[23]  Christof Fetzer,et al.  Pesos: policy enhanced secure object store , 2018, EuroSys.

[24]  Min Xu,et al.  A serializability violation detector for shared-memory server programs , 2005, PLDI '05.

[25]  Andreas Haeberlen,et al.  Accountable Virtual Machines , 2010, OSDI.

[26]  Philip A. Bernstein,et al.  Formal Aspects of Serializability in Database Concurrency Control , 1979, IEEE Transactions on Software Engineering.

[27]  Suresh Jagannathan,et al.  Automated Detection of Serializability Violations under Weak Consistency , 2018, CONCUR.

[28]  Hyeontaek Lim,et al.  Cicada: Dependably Fast Multi-Core In-Memory Transactions , 2017, SIGMOD Conference.

[29]  Srinath T. V. Setty,et al.  IronFleet: proving practical distributed systems correct , 2015, SOSP.

[30]  Marijn J. H. Heule,et al.  SAT Competition 2016: Recent Developments , 2017, AAAI.

[31]  David Lie,et al.  Caelus: Verifying the Consistency of Cloud Services with Battery-Powered Devices , 2015, 2015 IEEE Symposium on Security and Privacy.

[32]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[33]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[34]  Shweta Shinde,et al.  Panoply: Low-TCB Linux Applications With SGX Enclaves , 2017, NDSS.

[35]  Christos H. Papadimitriou,et al.  The serializability of concurrent database updates , 1979, JACM.

[36]  Sharad Malik,et al.  Runtime checking of serializability in software transactional memory , 2010, 2010 IEEE International Symposium on Parallel & Distributed Processing (IPDPS).

[37]  Azadeh Farzan,et al.  Monitoring Atomicity in Concurrent Programs , 2008, CAV.

[38]  David M. Eyers,et al.  LibSEAL: revealing service integrity violations using trusted execution , 2018, EuroSys.

[39]  Ken Eguro,et al.  Concerto: A High Concurrency Key-Value Store with Integrity , 2017, SIGMOD Conference.

[40]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[41]  Barbara Liskov,et al.  Weak Consistency: A Generalized Theory and Optimistic Implementations for Distributed Transactions , 1999 .

[42]  Bettina Kemme,et al.  Consistency anomalies in multi-tier architectures: automatic detection and prevention , 2013, The VLDB Journal.

[43]  Manuel Blum,et al.  Checking the correctness of memories , 2005, Algorithmica.

[44]  Anurag Gupta,et al.  Amazon Aurora: Design Considerations for High Throughput Cloud-Native Relational Databases , 2017, SIGMOD Conference.

[45]  Christopher Frost,et al.  Spanner: Google's Globally-Distributed Database , 2012, OSDI.

[46]  Alan J. Hu,et al.  SAT Modulo Monotonic Theories , 2014, AAAI.

[47]  Ronald L. Rivest,et al.  Introduction to Algorithms, third edition , 2009 .

[48]  Dan R. K. Ports,et al.  Serializable Snapshot Isolation in PostgreSQL , 2012, Proc. VLDB Endow..

[49]  Peter Müller,et al.  Static serializability analysis for causal consistency , 2018, PLDI.

[50]  Martin Gebser,et al.  Answer Set Programming as SAT modulo Acyclicity , 2014, ECAI.

[51]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[52]  Phillip B. Gibbons,et al.  Testing Shared Memories , 1997, SIAM J. Comput..

[53]  Mikolás Janota,et al.  On the Quest for an Acyclic Graph , 2017, RCRA@AI*IA.

[54]  Benjamin Braun,et al.  Verifying computations with state , 2013, IACR Cryptol. ePrint Arch..

[55]  Krzysztof Czarnecki,et al.  Exponential Recency Weighted Average Branching Heuristic for SAT Solvers , 2016, AAAI.

[56]  Jonathan Katz,et al.  vSQL: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[57]  Srdjan Capkun,et al.  Verena: End-to-End Integrity Protection for Web Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).