Publications :: Search

Building a database on S3.


Welcome to the discussion forum for the publication.

    Discussion Overview
    Security issuesLukas WeingardtJul 25, 2009(0)

    If you log in you may enter new comments to a publication on this page.

    Show item 1 to 4 of 4  

    Security issues (0)
    Lukas Weingardt Jul 25, 2009. 20:06:38

    I have had a look at your very interesting paper describing the idea to build a database on S3.

    Did you implement the whole database stack on the client? Are there any security issues? What happens if a client is compromised? I do not think that it is feasible to have an own group (bucket?) for each client on S3 for a large number of users.

    How did you implement aggregation functions? Letīs take a summation of integer values as an example. Does the client have to transfer all tuples of a table to calculate the sum locally or is there a possibility to do this work on the server?


    Re: Security issues (1)
    Matthias Brantner Aug 5, 2009. 14:49:03

    You're right, we have implemented the database using a single bucket. In the paper, the term client refers to either a machine which is in control of the database administrator (e.g. a EC2 machine) or a device which is not under his control (e.g. a mobile device). In the former case, there is no such security problem. However, in the latter case, you're again right. This part is still an open issue.

    We have solved your second question by using an index for answering aggregate queries. If no matching index is present, we have to scan all tuples of that table.


    Re: Security issues (0)
    Lukas Weingardt Aug 7, 2009. 02:34:51

    Hi Matthias, thank you for your helpful answer! Can you tell me more about this index? Is the index located at the client´s side? This would mean that the index could speed up the query only if the client has asked the same query already or if it is possible to take advantage of a previous result.


    Re: Security issues (0)
    Matthias Brantner Aug 7, 2009. 17:30:07


    the index is a secondary index available to the query processor. One implementation, the one that we currently support, is based on Amazon's Simple DB service.