DOCSLIB.ORG

Automatically Indexing Millions of Databases in Microsoft Azure SQL Database Sudipto Das, Miroslav Grbic, Igor Ilic, Isidora Jovandic, Andrija Jovanovic, Vivek R

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automatically Indexing Millions of Databases in Microsoft Azure SQL Database Sudipto Das, Miroslav Grbic, Igor Ilic, Isidora Jovandic, Andrija Jovanovic, Vivek R Automatically Indexing Millions of Databases in Microsoft Azure SQL Database Sudipto Das, Miroslav Grbic, Igor Ilic, Isidora Jovandic, Andrija Jovanovic, Vivek R. Narasayya, Miodrag Radulovic, Maja Stikic, Gaoxiang Xu, Surajit Chaudhuri Microsoft Corporation ABSTRACT tools [2, 14, 46] have helped DBAs search the complex search An appropriate set of indexes can result in orders of magni- space of alternative indexes (and other physical structures tude better query performance. Index management is a chal- such as materialized views and partitioning). However, a lenging task even for expert human administrators. Fully au- DBA still drives this tuning process and is responsible for tomating this process is of significant value. We describe the several important tasks, such as: ¹iº identifying a representa- challenges, architecture, design choices, implementation, and tive workload; ¹iiº analyzing the database without impact- learnings from building an industrial-strength auto-indexing ing production instances; ¹iiiº implementing index changes; service for Microsoft Azure SQL Database, a relational data- ¹ivº ensuring these actions do not adversely affect query base service. Our service has been generally available for performance; and ¹vº continuously tuning the database as more than two years, generating index recommendations the workload drifts and the data distributions change. for every database in Azure SQL Database, automatically Cloud database services, such as Microsoft Azure SQL implementing them for a large fraction, and significantly im- Database, automate several important tasks such as provi- proving performance of hundreds of thousands of databases. sioning, operating system and database software upgrades, We also share our experience from experimentation at scale high availability, backups etc, thus reducing the total cost with production databases which gives us confidence in our of ownership (TCO). However, in most cases, performance index recommendation quality for complex real applications. tuning, e.g., index management, remains the user’s responsi- bility. Offering existing on-premises tuning tools hosted asa ACM Reference Format: cloud service still leaves a significant burden on the users, Sudipto Das, Miroslav Grbic, Igor Ilic, Isidora Jovandic, Andrija Jovanovic, Vivek R. Narasayya, Miodrag Radulovic, Maja Stikic, which is daunting for many users of cloud databases who Gaoxiang Xu, Surajit Chaudhuri. 2019. Automatically Indexing Mil- are application developers lacking expert DBA skills. lions of Databases in Microsoft Azure SQL Database. In Proceedings Another pattern we commonly observe is Software-as-a- of ACM SIGMOD conference (SIGMOD’19). ACM, New York, NY, Service (SaaS) vendors and Cloud Software Vendors (CSV) USA, Article 4, 14 pages. https://doi.org/10.475/123_4 deploying hundreds to thousands of databases for customers of their applications. Managing such a huge pool of databases 1 INTRODUCTION is a formidable task even for expert DBAs, where individual 1.1 Motivation DB instances can have different schema, queries, and data distributions [24, 33, 39]. Therefore, being able to fully au- A relational database with an appropriate set of indexes tomate indexing, i.e., not only identifying the appropriate can have orders of magnitude better performance and lower indexes, but also automating the above-mentioned steps cru- resource consumption. Choosing good indexes is challeng- cial for holistic index lifecycle management, is a significant ing even for expert Database Administrators (DBA) since step in the cloud’s promise of reducing the TCO. it is workload, schema, and data dependent. Decades of re- Azure SQL Database is a fully-managed relational database- search [2, 9–11, 13, 14, 18, 40, 46] and many commercial as-a-service with built-in intelligence [6]. Query performance Permission to make digital or hard copies of part or all of this work for is tuned through services such as automated plan correc- personal or classroom use is granted without fee provided that copies are tion [4], automated indexing [5], and intelligent insights [19]; not made or distributed for profit or commercial advantage and that copies here we focus on auto-indexing. Existing approaches that bear this notice and the full citation on the first page. Copyrights for third- party components of this work must be honored. For all other uses, contact rely on human intervention for the critical steps in indexing the owner/author(s). do not scale for Azure SQL Database automating indexing for SIGMOD’19, June 2019, Amsterdam, NL its millions of databases. Therefore, several years back, we © 2019 Copyright held by the owner/author(s). embarked on the journey to build the first industrial-strength ACM ISBN 123-4567-24-567/08/06. fully-automated indexing solution for Azure SQL Database. https://doi.org/10.475/123_4 1 SIGMOD’19, June 2019, Amsterdam, NL Das et al. 1.2 Challenges We explain the user-facing auto-indexing offering (Section 2), The first challenge is to scale the auto-indexing service to all where we expose several controls for expert users to con- databases in Azure SQL Database while meeting the statu- figure the service and provide transparency of the indexes tory and compliance requirements. Azure has more than 50 implemented and their impact on performance. We iden- regions worldwide spread over more than 140 countries [7]. tify the architecture and the key components essential to The auto-indexing service must operate with minimal or fully-automate recommendation and implementation of in- no human intervention to achieve this scale. In addition to dexes (Section 3). These components are: ¹aº control plane: ensuring the proper health and operation of this service, we the backbone of our automation that drives index lifecy- need to be able to debug the quality of the recommendations cle management and coordinates the other components in as the workloads and databases change. Moreover, the data- the system (Section 4); ¹bº index recommender: analyzes the base server bits are frequently upgraded, our service itself workload to identify an appropriate set of indexes to create goes through upgrades, and we must tolerate a wide variety or drop (Section 5); ¹cº validator: a novel component that of software and hardware failures we see at Azure-scale. Un- analyzes the impact of implementing the indexes, detects if like a DBA tuning a database who can examine the queries performance has improved or regressed, and takes corrective or understand the applications, due to compliance reasons, action if it detects a significant regression (Section 6). all of the above actions must be performed without the engi- The control plane is crucial to scale the service to millions neers having knowledge of the application, its workload, or of databases in Azure SQL Database. It is a fault-tolerant data distributions, which further amplifies the challenge! service that automatically invokes the recommender, imple- The second challenge is to automate generating the sev- ments indexes (with user’s permission), validates them, moni- eral critical inputs to the index tuner needed for high quality tors the service health, detects issues, and wherever possible recommendations. Unlike a DBA who can use additional ap- takes corrective actions. To meet the compliance require- plication context, we need to automatically identify a work- ments, any system component that accesses sensitive cus- load to tune indexes for and specify other tuning constraints, tomer data, e.g., query text or data distributions, runs within e.g., the types of indexes to recommend, storage budget, or Azure’s compliance boundaries that is guarded by multi- maximum number of indexes, etc. ple levels of security, authentication, and auditing. Health The third challenge is that the state-of-the-art index rec- signals of the service and debugging is primarily through ommenders [9, 14, 31, 46] rely on the query optimizer’s cost anonymized and aggregated data. estimates to determine the benefits of new index configu- The index recommender analyzes query execution sta- rations. However, users care about actual query execution tistics to automatically identify inputs, such as a workload cost (e.g., query’s CPU time). Due to well-known limitations to tune. To generate high quality index recommendations, of the query optimizer’s estimates [20, 21], there are many we adapt and extend two building blocks for index recom- instances where an index, which is estimated to improve mendations in SQL Server: ¹aº Missing Indexes [34]; and query performance based on the optimizer’s cost, makes (b) Database Engine Tuning Advisor (DTA) [2, 10]. These query execution costs (or performance) worse once imple- approaches provide complementary benefits which we to- mented [8, 16, 17]. Having the ability to ideally avoid or at gether leverage to support the huge diversity requirements least quickly detect and correct query performance regres- in Azure SQL Database, e.g., tuning databases with very sions due to index changes is crucial in a production setting. different workload complexity and available resources [28]. The fourth challenge is to ensure auto-indexing, which The validator compares the execution costs before and af- is a built-in service, does not significantly impact normal ter implementing an index change, detects large regressions, application workload and interfere or disrupt application and takes corrective actions (e.g., automatically reverting the processes. This has two facets:
Load more

Recommended publications
  • System Requirements and Installation
    SCAD Office System Requirements and I nstallation SCAD Soft Contents System Requirements ...................................................................................................................... 3 Recommendations on Optimization of an Operational Environment ............................................. 4 Turn on (or off) the Indexing Service .......................................................................................... 4 Defragment Regularly ................................................................................................................. 4 Start Word and Excel once before Starting SCAD Office .......................................................... 4 Memory Fragmentation by the Service Programs ....................................................................... 4 Settings of the PDF-printing ........................................................................................................ 4 SCAD Office Installation ................................................................................................................ 5 Program Installation .................................................................................................................... 5 English Versions of Windows ..................................................................................................... 5 Privileges ..................................................................................................................................... 5 Network Licensing .....................................................................................................................
    [Show full text]
  • Differential Fuzzing the Webassembly
    Master’s Programme in Security and Cloud Computing Differential Fuzzing the WebAssembly Master’s Thesis Gilang Mentari Hamidy MASTER’S THESIS Aalto University - EURECOM MASTER’STHESIS 2020 Differential Fuzzing the WebAssembly Fuzzing Différentiel le WebAssembly Gilang Mentari Hamidy This thesis is a public document and does not contain any confidential information. Cette thèse est un document public et ne contient aucun information confidentielle. Thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Technology. Antibes, 27 July 2020 Supervisor: Prof. Davide Balzarotti, EURECOM Co-Supervisor: Prof. Jan-Erik Ekberg, Aalto University Copyright © 2020 Gilang Mentari Hamidy Aalto University - School of Science EURECOM Master’s Programme in Security and Cloud Computing Abstract Author Gilang Mentari Hamidy Title Differential Fuzzing the WebAssembly School School of Science Degree programme Master of Science Major Security and Cloud Computing (SECCLO) Code SCI3084 Supervisor Prof. Davide Balzarotti, EURECOM Prof. Jan-Erik Ekberg, Aalto University Level Master’s thesis Date 27 July 2020 Pages 133 Language English Abstract WebAssembly, colloquially known as Wasm, is a specification for an intermediate representation that is suitable for the web environment, particularly in the client-side. It provides a machine abstraction and hardware-agnostic instruction sets, where a high-level programming language can target the compilation to the Wasm instead of specific hardware architecture. The JavaScript engine implements the Wasm specification and recompiles the Wasm instruction to the target machine instruction where the program is executed. Technically, Wasm is similar to a popular virtual machine bytecode, such as Java Virtual Machine (JVM) or Microsoft Intermediate Language (MSIL).
    [Show full text]
  • XML a New Web Site Architecture
    XML A New Web Site Architecture Jim Costello Derek Werthmuller Darshana Apte Center for Technology in Government University at Albany, SUNY 1535 Western Avenue Albany, NY 12203 Phone: (518) 442-3892 Fax: (518) 442-3886 E-mail: [email protected] http://www.ctg.albany.edu September 2002 © 2002 Center for Technology in Government The Center grants permission to reprint this document provided this cover page is included. Table of Contents XML: A New Web Site Architecture .......................................................................................................................... 1 A Better Way? ......................................................................................................................................................... 1 Defining the Problem.............................................................................................................................................. 1 Partial Solutions ...................................................................................................................................................... 2 Addressing the Root Problems .............................................................................................................................. 2 Figure 1. Sample XML file (all code simplified for example) ...................................................................... 4 Figure 2. Sample XSL File (all code simplified for example) ....................................................................... 6 Figure 3. Formatted Page Produced
    [Show full text]
  • Document Object Model
    Document Object Model DOM DOM is a programming interface that provides a way for the values and structure of an XML document to be accessed and manipulated. Tasks that can be performed with DOM . Navigate an XML document's structure, which is a tree stored in memory. Report the information found at the nodes of the XML tree. Add, delete, or modify elements in the XML document. DOM represents each node of the XML tree as an object with properties and behavior for processing the XML. The root of the tree is a Document object. Its children represent the entire XML document except the xml declaration. On the next page we consider a small XML document with comments, a processing instruction, a CDATA section, entity references, and a DOCTYPE declaration, in addition to its element tree. It is valid with respect to a DTD, named root.dtd. <!ELEMENT root (child*)> <!ELEMENT child (name)> <!ELEMENT name (#PCDATA)> <!ATTLIST child position NMTOKEN #REQUIRED> <!ENTITY last1 "Dover"> <!ENTITY last2 "Reckonwith"> Document Object Model Copyright 2005 by Ken Slonneger 1 Example: root.xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE root SYSTEM "root.dtd"> <!-- root.xml --> <?DomParse usage="java DomParse root.xml"?> <root> <child position="first"> <name>Eileen &last1;</name> </child> <child position="second"> <name><![CDATA[<<<Amanda>>>]]> &last2;</name> </child> <!-- Could be more children later. --> </root> DOM imagines that this XML information has a document root with four children: 1. A DOCTYPE declaration. 2. A comment. 3. A processing instruction, whose target is DomParse. 4. The root element of the document. The second comment is a child of the root element.
    [Show full text]
  • SLDXA /T /L1 – SLX Component List
    SLDXA /T /L1 – SLX Component List SLDXA.exe ver 1.0 Copyright (c) 2004-2006 SJJ Embedded Micro Solutions, LLC All Rights Reserved SLXDiffC.exe ver 2.0 / SLXtoTXTC.exe ver 2.0 www.sjjmicro.com Processing... File1 to TXT file. Opening XSL File Reading RTF for final conversion F:\SLXTEST\LOCKDOWN_DEMO2.SLX has the following Components Total Count is: 577 -------------------------------------------------- .NET Framework 1.1 - Security Update KB887998 Accessibility Control Panel Accessibility Core ACPI Fixed Feature Button Active Directory Service Interface (ADSI) Core Active Directory Service Interface (ADSI) LDAP Provider Active Directory Service Interface (ADSI) Windows NT Provider Active Template Library (ATL) Add Hardware Control Panel Add/Remove Programs Control Panel Administration Support Tools Administrator Account Advanced Configuration and Power Interface (ACPI) PC Analog TV Application Compatibility Core Audio Codecs Audio Control Panel Base Component Base Performance Counters Base Support Binaries CD-ROM Drive Certificate Request Client &amp; Certificate Autoenrollment Certificate User Interface Services Class Install Library - Desk Class Install Library - Mdminst Class Install Library - Mmsys Class Install Library - Msports Class Install Library - Netcfgx Class Install Library - Storprop Class Install Library - System Devices Class Installer - Computer Class Installer - Disk drives Class Installer - Display adapters Class Installer - DVD/CD-ROM drives Class Installer - Floppy disk controllers Class Installer - Floppy disk drives
    [Show full text]
  • Extensible Markup Language (XML) and Its Role in Supporting the Global Justice XML Data Model
    Extensible Markup Language (XML) and Its Role in Supporting the Global Justice XML Data Model Extensible Markup Language, or "XML," is a computer programming language designed to transmit both data and the meaning of the data. XML accomplishes this by being a markup language, a mechanism that identifies different structures within a document. Structured information contains both content (such as words, pictures, or video) and an indication of what role content plays, or its meaning. XML identifies different structures by assigning data "tags" to define both the name of a data element and the format of the data within that element. Elements are combined to form objects. An XML specification defines a standard way to add markup language to documents, identifying the embedded structures in a consistent way. By applying a consistent identification structure, data can be shared between different systems, up and down the levels of agencies, across the nation, and around the world, with the ease of using the Internet. In other words, XML lays the technological foundation that supports interoperability. XML also allows structured relationships to be defined. The ability to represent objects and their relationships is key to creating a fully beneficial justice information sharing tool. A simple example can be used to illustrate this point: A "person" object may contain elements like physical descriptors (e.g., eye and hair color, height, weight), biometric data (e.g., DNA, fingerprints), and social descriptors (e.g., marital status, occupation). A "vehicle" object would also contain many elements (such as description, registration, and/or lien-holder). The relationship between these two objects—person and vehicle— presents an interesting challenge that XML can address.
    [Show full text]
  • An XML Model of CSS3 As an XƎL ATEX-TEXML-HTML5 Stylesheet
    An XML model of CSS3 as an XƎLATEX-TEXML-HTML5 stylesheet language S. Sankar, S. Mahalakshmi and L. Ganesh TNQ Books and Journals Chennai Abstract HTML5[1] and CSS3[2] are popular languages of choice for Web development. However, HTML and CSS are prone to errors and difficult to port, so we propose an XML version of CSS that can be used as a standard for creating stylesheets and tem- plates across different platforms and pagination systems. XƎLATEX[3] and TEXML[4] are some examples of XML that are close in spirit to TEX that can benefit from such an approach. Modern TEX systems like XƎTEX and LuaTEX[5] use simplified fontspec macros to create stylesheets and templates. We use XSLT to create mappings from this XML-stylesheet language to fontspec-based TEX templates and also to CSS3. We also provide user-friendly interfaces for the creation of such an XML stylesheet. Style pattern comparison with Open Office and CSS Now a days, most of the modern applications have implemented an XML package format that includes an XML implementation of stylesheet: InDesign has its own IDML[6] (InDesign Markup Language) XML package format and MS Word has its own OOXML[7] format, which is another ISO standard format. As they say ironically, the nice thing about standards is that there are plenty of them to choose from. However, instead of creating one more non-standard format, we will be looking to see how we can operate closely with current standards. Below is a sample code derived from OpenOffice document format: <style:style style:name=”Heading_20_1” style:display-name=”Heading
    [Show full text]
  • Markup Languages SGML, HTML, XML, XHTML
    Markup Languages SGML, HTML, XML, XHTML CS 431 – February 13, 2006 Carl Lagoze – Cornell University Problem • Richness of text – Elements: letters, numbers, symbols, case – Structure: words, sentences, paragraphs, headings, tables – Appearance: fonts, design, layout – Multimedia integration: graphics, audio, math – Internationalization: characters, direction (up, down, right, left), diacritics • Its not all text Text vs. Data • Something for humans to read • Something for machines to process • There are different types of humans • Goal in information infrastructure should be as much automation as possible • Works vs. manifestations • Parts vs. wholes • Preservation: information or appearance? Who controls the appearance of text? • The author/creator of the document • Rendering software (e.g. browser) – Mapping from markup to appearance •The user –Window size –Fonts and size Important special cases • User has special requirements – Physical abilities –Age/education level – Preference/mood • Client has special capabilities – Form factor (mobile device) – Network connectivity Page Description Language • Postscript, PDF • Author/creator imprints rendering instructions in document – Where and how elements appear on the page in pixels Markup languages •SGML, XML • Represent structure of text • Must be combined with style instructions for rendering on screen, page, device Markup and style sheets document content Marked-up document & structure style sheet rendering rendering software instructions formatted document Multiple renderings from same
    [Show full text]
  • Microsoft Patches Were Evaluated up to and Including CVE-2020-1587
    Honeywell Commercial Security 2700 Blankenbaker Pkwy, Suite 150 Louisville, KY 40299 Phone: 1-502-297-5700 Phone: 1-800-323-4576 Fax: 1-502-666-7021 https://www.security.honeywell.com The purpose of this document is to identify the patches that have been delivered by Microsoft® which have been tested against Pro-Watch. All the below listed patches have been tested against the current shipping version of Pro-Watch with no adverse effects being observed. Microsoft Patches were evaluated up to and including CVE-2020-1587. Patches not listed below are not applicable to a Pro-Watch system. 2020 – Microsoft® Patches Tested with Pro-Watch CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability CVE-2020-1577 DirectWrite Information Disclosure Vulnerability CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1565 Windows Elevation of Privilege Vulnerability CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability
    [Show full text]
  • User's Guide O&O Defrag
    Last changes: 19.09.2018 Table of contents About O&O Defrag 22 4 Features at a glance 5 Differences between the various Editions 7 System requirements 8 Installation 10 Screen Saver 12 Online registration 14 Getting started 16 Analyze your drives 17 Defragmenting your Drives 19 Selecting a defragmentation method 22 Standard defragmentation methods 25 User Interface (GUI) 32 Drive List 33 Cluster View 34 Defragmentation summary 36 Job View and Reports 37 Status Views 38 Tray icon (Notification area icon) 40 O&O DiskCleaner 41 O&O DiskStat 44 Schedule defragmentation at regular intervals 45 Create job - General 46 Plan a schedule 48 Screen Saver Mode 50 Select drives 51 Exclude and include files 52 O&O ActivityMonitor for Jobs 54 Further job settings 56 Edit/Duplicate/Delete jobs 59 Status reports 60 Extras 62 TRIM Compatibility 68 Work within the network 79 Zone filing 82 Rules for individual drives 84 Notation for rules 86 Settings 87 General Settings 88 Boot time defragmentation 91 Automatic optimization 93 Select files for defragmentation 95 O&O ActivityMonitor 97 Technical information 99 Using the command line version 101 Status notices and program output 103 Data Security and Integrity 105 Supported hardware 106 Supported File Systems 107 Free space needed for defragmentation 108 Recommendations and FAQs 109 O&O DiskStat 3 113 System requirements 114 Installation 115 Getting started 116 End user license agreement 118 User's guide O&O Defrag About O&O Defrag 22 About O&O Defrag 22 Thank you for choosing O&O Defrag! O&O Defrag activates the hidden performance of your computer and packs file fragments efficiently and securely together.
    [Show full text]
  • Remote Indexing Feature Guide Eventtracker Version 7.X
    Remote Indexing Feature Guide EventTracker Version 7.x EventTracker 8815 Centre Park Drive Columbia MD 21045 Publication Date: Aug 10, 2015 www.eventtracker.com EventTracker Feature Guide - Remote Indexing Abstract The purpose of this document is to help users install, configure, and use EventTracker Indexer service on remote machines and index CAB files on the EventTracker Server machine. Intended Audience • Users of EventTracker v7.x who wish to deploy EventTracker Indexer service on remote machine to index CAB files on the EventTracker Server thus reducing the workload and improving the performance of the EventTracker Server. • Technical evaluator of EventTracker who seeks to understand how the feature is implemented and its limitations. The information contained in this document represents the current view of Prism Microsystems, Inc. on the issues discussed as of the date of publication. Because Prism Microsystems, Inc. must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Prism Microsystems, Inc. and Prism Microsystems, Inc. cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. Prism Microsystems, Inc. MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this Guide may be freely distributed without permission from Prism, as long as its content is unaltered, nothing is added to the content and credit to Prism is provided. Prism Microsystems, Inc. may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document.
    [Show full text]
  • Swivel: Hardening Webassembly Against Spectre
    Swivel: Hardening WebAssembly against Spectre Shravan Narayan† Craig Disselkoen† Daniel Moghimi¶† Sunjay Cauligi† Evan Johnson† Zhao Gang† Anjo Vahldiek-Oberwagner? Ravi Sahita∗ Hovav Shacham‡ Dean Tullsen† Deian Stefan† †UC San Diego ¶Worcester Polytechnic Institute ?Intel Labs ∗Intel ‡UT Austin Abstract in recent microarchitectures [41] (see Section 6.2). In con- We describe Swivel, a new compiler framework for hardening trast, Spectre can allow attackers to bypass Wasm’s isolation WebAssembly (Wasm) against Spectre attacks. Outside the boundary on almost all superscalar CPUs [3, 4, 35]—and, browser, Wasm has become a popular lightweight, in-process unfortunately, current mitigations for Spectre cannot be im- sandbox and is, for example, used in production to isolate plemented entirely in hardware [5, 13, 43, 51, 59, 76, 81, 93]. different clients on edge clouds and function-as-a-service On multi-tenant serverless, edge-cloud, and function as a platforms. Unfortunately, Spectre attacks can bypass Wasm’s service (FaaS) platforms, where Wasm is used as the way to isolation guarantees. Swivel hardens Wasm against this class isolate mutually distursting tenants, this is particulary con- 1 of attacks by ensuring that potentially malicious code can nei- cerning: A malicious tenant can use Spectre to break out of ther use Spectre attacks to break out of the Wasm sandbox nor the sandbox and read another tenant’s secrets in two steps coerce victim code—another Wasm client or the embedding (§5.4). First, they mistrain different components of the under- process—to leak secret data. lying control flow prediction—the conditional branch predic- We describe two Swivel designs, a software-only approach tor (CBP), branch target buffer (BTB), or return stack buffer that can be used on existing CPUs, and a hardware-assisted (RSB)—to speculatively execute code that accesses data out- approach that uses extension available in Intel® 11th genera- side the sandbox boundary.
    [Show full text]