1

Highly Available and Secure Highly Available and Secure Fault-tolerant Mobile Fault-tolerant Mobile

ComputingComputing

Sanjay K. MadriaSanjay K. Madria

Department of Computer ScienceDepartment of Computer Science

University of Missouri-RollaUniversity of Missouri-Rolla

madrias@ieee.edumadrias@ieee.edu

2

Mobile ConstraintsMobile ConstraintsLow bandwidth.Low bandwidth.

Frequent disconnections but predictable.Frequent disconnections but predictable.

High bandwidth variability.High bandwidth variability.

Monetarily Expensive.Monetarily Expensive.

Broadcast is physically supported in a cell.Broadcast is physically supported in a cell.

Limited battery power and storage.Limited battery power and storage.

Fast changing locations.Fast changing locations.

3

MSS

MSS

Fixed Host

Fixed Host Fixed Host

MSS

MSS

Fixed NetworkMbps to Gbps

MH   MH MH

MH  MH

MH     MH

 MH

Cell MSS – Mobile Support Station            

Trusted Part  

MH – Mobile Host

 

Cell Cell

Wireless connection (unreliable)

Fixed and dedicated connection (reliable)

Mobile Architecture.

4

ObjectivesObjectives

To Improve Data Availability in Mobile To Improve Data Availability in Mobile ComputingComputing

- - Transaction models for mobile computingTransaction models for mobile computing((Journal Paper appeared in DPDB’01Journal Paper appeared in DPDB’01))

To provide Secure Fault-tolerant Mobile To provide Secure Fault-tolerant Mobile systemssystems– To provide uninterrupted secure service to the To provide uninterrupted secure service to the

mobile hosts when base station moves or fails.mobile hosts when base station moves or fails.(Paper in IC Internet Computing’00 and Research (Paper in IC Internet Computing’00 and Research

Grants of 80K) Grants of 80K)

5

How Mobile Transactions are different ?How Mobile Transactions are different ?

Long-lived transactions due to the mobility and Long-lived transactions due to the mobility and frequent disconnectionfrequent disconnection..

To split computations, some of which execute on To split computations, some of which execute on mobile host while others on MSS.mobile host while others on MSS.

To share partial results with others.To share partial results with others.

Computations and communications supported by Computations and communications supported by MSS.MSS.

Mobile hosts move from one cell to another, but the Mobile hosts move from one cell to another, but the execution must continue execution must continue

To maintain mutual consistency of data objectsTo maintain mutual consistency of data objects

6

Prewrite Mobile Transaction ModelPrewrite Mobile Transaction Model

Introduce a Introduce a prewrite prewrite operation before a write operation before a write operation; makes visible (the exact or abstract) the operation; makes visible (the exact or abstract) the value that data object will have after the commit of the value that data object will have after the commit of the transaction.transaction.

pre-committedpre-committed – MT has announced all the prewrites – MT has announced all the prewrites values and read all the required data objects, but has values and read all the required data objects, but has not been finally committed (updates on database are not been finally committed (updates on database are not performed).not performed).

A pre-committed MT’s results are made visible at MH A pre-committed MT’s results are made visible at MH and MSSs before the final commitand MSSs before the final commit.

7

Shifts the resource consuming part of the MT’s Shifts the resource consuming part of the MT’s execution (updates of the database on disk) to the execution (updates of the database on disk) to the MSS. MSS.

Pre-committed avoids costly undo or Pre-committed avoids costly undo or compensating action.compensating action.

Pre-read returns a prewrite value whereas a read Pre-read returns a prewrite value whereas a read returns a write value.returns a write value.

MTs are serialized based on their pre-commitMTs are serialized based on their pre-commit orderorder. .

8

Example 1: Long-duration Transaction Example 1: Long-duration Transaction ApplicationApplication

““House-construction” and “House-buying” House-construction” and “House-buying” TransactionsTransactions

– ““Model House” as prewriteModel House” as prewrite

Example 2: Data Structure ApplicationExample 2: Data Structure Application Record Delete Operation in Hashing Record Delete Operation in Hashing Storage allocator and deallocator to work Storage allocator and deallocator to work

concurrentlyconcurrently

9

Mobile Transaction Processing with Mobile Transaction Processing with PrewritesPrewrites

MH has limited server capabilityMH has limited server capability

StartStart________________Reads/PrewriteReads/Prewrite________________Pre-commitPre-commit________________WritesWrites__________________CommitCommit

Part of transaction executed at MH Part of transaction executed at MSS Part of transaction executed at MH Part of transaction executed at MSS

Example – News-reporter TransactionExample – News-reporter Transaction

MH has very slow CPU and small memory; I/O device MH has very slow CPU and small memory; I/O device onlyonly..

Example – Image Retrieval TransactionExample – Image Retrieval Transaction

10

Concurrent OperationsConcurrent Operations

Case 1Case 1: : Suppose a pre-read is currently being Suppose a pre-read is currently being executed at MH and at the same time, the executed at MH and at the same time, the transaction that has announced the prewrite transaction that has announced the prewrite values finally commits at MSSvalues finally commits at MSS

T1T1____________________r(x),pw(x)r(x),pw(x)______________pcpc_______ _______ w(x)w(x)______________c At MSSc At MSS

T2T2____ ____ pr(x) pr(x) __________ __________ c At MHc At MH

TimeTime

11

Case 2Case 2: : Consider a case where a read Consider a case where a read transaction commits at MH after the transaction commits at MH after the transaction that announced the prewrite transaction that announced the prewrite operation, has been pre-committed.operation, has been pre-committed.

T1T1____________________r(x),pw(x)r(x),pw(x)______________pcpc______________w(x)w(x)________________c At MSSc At MSS T2T2____________________r(x)r(x)____________________c At MHc At MH

TimeTime

12

Operation Compatibility MatrixOperation Compatibility Matrix

  Pre-read Read Pre-write Write

Pre-read Yes Yes No Yes

Read Yes Yes Yes No

Pre-write No Yes No Yes

Write Yes No Yes No

13

PerformancePerformance(Simulation Parameters)(Simulation Parameters)

System ParametersSystem Parameters DescriptionDescription ValueValue

DB-sizeDB-size Average size of the databaseAverage size of the database 500500

Num-MHNum-MH Number of MHsNumber of MHs Simulation parameterSimulation parameter

Num-MSSNum-MSS Number of MSSsNumber of MSSs 22

Trans-sizeTrans-size Average no. of objects per Average no. of objects per transactiontransaction

6 objects6 objects

Pre-value-sizePre-value-size Average size of pre-write valuesAverage size of pre-write values 1/40 of write value1/40 of write value

Max-SizeMax-Size Maximum number of objects per Maximum number of objects per transactiontransaction

10 objects10 objects

Min-SizeMin-Size Minimum number of objects per Minimum number of objects per transactiontransaction

2 objects2 objects

Local-object-MHLocal-object-MH Ratio of objects found in cache at Ratio of objects found in cache at MHMH

0.40.4

CPU-timeCPU-time Time taken by CPU per requestTime taken by CPU per request 12 msec12 msec

14

Simulation Parameters (Table continued)Simulation Parameters (Table continued)

I/O TimeI/O Time Time taken by I/O per request Time taken by I/O per request both at MSS and MHboth at MSS and MH

30 msec30 msec

Num-transactions-Num-transactions-MSSMSS

Transactions at each MSSTransactions at each MSS Simulation parameterSimulation parameter

Wireless-bandwidthWireless-bandwidth Data transfer rate from MH to Data transfer rate from MH to MSSMSS

0.5 Mbps0.5 Mbps

Write-probWrite-prob Probability that object read will be Probability that object read will be written alsowritten also

Simulation parameterSimulation parameter

Trans-delayTrans-delay Inter-arrival delay timeInter-arrival delay time 500 msecs500 msecs

Prewrite-to-writePrewrite-to-write Delay in writeDelay in write 0.2 msecs0.2 msecs

15

Throughput v/s MPLThroughput v/s MPL

0

0.5

1

1.5

2

2.5

3

3.5

4

4.5

5

0 1.2 2 4 6 8 10 12 14 15 17 20

MPL

Thro

ughp

ut

2PL

WDL

OL

PTM

Write-prob = 1/2

16

Throughput v/s MPLThroughput v/s MPL

0

2

4

6

8

10

12

0 1.2 2 4 6 8 10 12 14 15 17 20

MPL

Thro

ughp

ut

2PL

WDL

OL

PTM

Write-prob = 1/4

17

Transaction-Abort-ratio v/s MPLTransaction-Abort-ratio v/s MPL

0

0.5

1

1.5

2

2.5

3

3.5

4

0 1.2 2 4 6 8 10 12 14 15 17 20

MPL

Tra

nsac

tion

Abo

rt-R

atio

2PL

WDL

OL

PTM

Write-prob = 1/2

18

Transaction-Abort-ratio v/s MPLTransaction-Abort-ratio v/s MPL

0

0.5

1

1.5

2

2.5

3

3.5

4

0 1.2 2 4 6 8 10 12 14 15 17 20

MPL

Tra

nsac

tion

Abo

rt-R

atio

2PL

WDL

OL

PTM

Write-prob = 3/4

19

Serializable Schedules in Mobile Transaction ModelSerializable Schedules in Mobile Transaction Model

Case 1Case 1: In case of simple data objects, a history with a : In case of simple data objects, a history with a prewrite is same as the history without a prewrite.prewrite is same as the history without a prewrite.

Case 2Case 2: Once a transaction’s prewrite-lock is updated to the : Once a transaction’s prewrite-lock is updated to the write-lock, it can not acquire any other lock. write-lock, it can not acquire any other lock.

Case 3Case 3: A prewrite-lock can not be updated to a write-lock : A prewrite-lock can not be updated to a write-lock if some other transaction is holding a conflicting lock.if some other transaction is holding a conflicting lock.

Case 4Case 4: A transaction, which returns an old value, can be : A transaction, which returns an old value, can be serialized in the historyserialized in the history

20

Multi-version Model to Exploit Multi-version Model to Exploit Availability in Mobile ComputingAvailability in Mobile Computing

Start StateStart State, , CommitCommit, , TerminationTerminationMH process ops, but Terminate at MSS MH process ops, but Terminate at MSS One Terminated version, but many One Terminated version, but many

committed versioncommitted versionMSS terminates them in–order of MSS terminates them in–order of

commitmentcommitment

21

Read-write Availability

MH MSSMH MSS

 

 

XXii0 0 XX

jjts(j) ts(j) XX

ii00

ZZkkts(k)ts(k) --- Z --- Zii

00 Z Zkkts(k)ts(k)

   

Transaction Tj Transaction Tk

terminatecommit

22

Write-Write Availability

MH MSSMH MSS

 

 

XXkkts(k) ts(k) XX

jjts(j) ts(j) XX

ii0 0 XX

kkts(k) ts(k)

ZZkkts(k)ts(k) --- Z --- Zii

00 Z Zkkts(k)ts(k)

   

Transaction Tj Transaction Tk

Two committed versions

23

Fault Tolerant Authentication Fault Tolerant Authentication in Mobile Computingin Mobile Computing

24

ObjectiveObjective

To provide uninterrupted secure service to To provide uninterrupted secure service to the mobile hosts when base station moves the mobile hosts when base station moves or fails.or fails. – Example – Battle FieldExample – Battle Field

25

Mobile IP EntitiesMobile IP EntitiesMobile Host (MH) - Changes its point of Mobile Host (MH) - Changes its point of

attachment to the internet from one link to attachment to the internet from one link to another.another.

Home Agent (HA) - Router on MH’s home Home Agent (HA) - Router on MH’s home network which tunnels datagrams (packets network which tunnels datagrams (packets of data) to MH when it is away from home. of data) to MH when it is away from home.

Foreign Agent (FA) - Router on MH’s Foreign Agent (FA) - Router on MH’s visited network which provides routing visited network which provides routing services to the MH while registered.services to the MH while registered.

26

To ensure security and theft of resources (like To ensure security and theft of resources (like bandwidth), all the packets originating inside the bandwidth), all the packets originating inside the network should be authenticated.network should be authenticated.

MH sends a packet to its HA along with the MH sends a packet to its HA along with the authentication information.authentication information.

Authentication is successful-> HA forwards the Authentication is successful-> HA forwards the packet. Otherwise, dropped.packet. Otherwise, dropped.

Arbitrary Topology

Mobile Node

Internet

Home Agent

Authentication andForwarding Services

27

Disadvantages of Typical SetupDisadvantages of Typical Setup

Home Agent becomes a single point of failure.

Home Agent becomes an attractive spot for attackers.

Not scalable – large number of hosts overload the Home Agent.

28

Research GoalsResearch Goals

Eliminate the single point of failure.

Distribute the load and enhance scalability and survivability of the system.

Failures -- transparent to applications

Easy to implement

29

Traditional ApproachesTraditional Approaches

Using a Proxy Server that takes up the Using a Proxy Server that takes up the responsibilities of the Base Stationresponsibilities of the Base Station

Using a Second Base Station that forwards Using a Second Base Station that forwards the packets to the actual Home Agent, using the packets to the actual Home Agent, using Mobile IP, which is now at a Foreign Mobile IP, which is now at a Foreign Network.Network.

30

Proxy-based solutionProxy-based solution

BS1

BS

Source Network

Arbitrary Network

Foreign Network

Arbitrary Network

Destination Network

31

Traditional ApproachesTraditional Approaches Disadvantages:Disadvantages:

Manual updating of the routing tablesManual updating of the routing tablesNot transparent to applicationsNot transparent to applicationsCommunication Delays Communication Delays Additional security threats as the packets Additional security threats as the packets

now traverse long paths through Internet.now traverse long paths through Internet.

32

Proposed SchemesProposed Schemes

We propose two schemes: – Virtual Home Agent– Hierarchical Authentication

They differ in the architecture and the responsibilities that the Mobile Hosts and Base Stations hold.

33

Authentication Using Virtual Authentication Using Virtual Home AgentHome Agent

Entities in the proposed schemeVirtual Home Agent(VHA) is an abstract

entity identified by a network address.

Master Home Agent(MHA) is the physical entity that carries out the responsibilities of the VHA.

34

Authentication Using Virtual Authentication Using Virtual Home AgentHome Agent

Backup Home Agent(BHA) is the entity that backs-up a VHA. When MHA fails, BHA having the highest priority becomes MHA.

Shared Secrets Database Server is the entity that manages and processes the queries on the secret database.

35

Virtual Home Agent Set upVirtual Home Agent Set up

Shared Secrets Database

Database ServerMaster Home Agent(MHA)

Backup Home Agents

VHA ID = IP ADDR1

Other hosts in the network

36

Protocol DescriptionProtocol DescriptionAll the MHAs and BHAs join a pre-All the MHAs and BHAs join a pre-

configured multicast group.configured multicast group.

MHA and each BHA is assigned a priority MHA and each BHA is assigned a priority that indicates its preference to become a that indicates its preference to become a MHA, when the current MHA fails.MHA, when the current MHA fails.

MHA has the highest priority at any given MHA has the highest priority at any given point of time.point of time.

37

Protocol DescriptionProtocol DescriptionPeriodically, MHA sends an advertisement Periodically, MHA sends an advertisement

packet to the configured multicast group.packet to the configured multicast group.

Purpose of this advertisement packet is to Purpose of this advertisement packet is to let the BHAs know that MHA is still alivelet the BHAs know that MHA is still alive

Time-to-live is set to 1 in each Time-to-live is set to 1 in each advertisement as they never have to be advertisement as they never have to be transmitted outside the network.transmitted outside the network.

38

Protocol DescriptionProtocol Description

Advertisement Packet FormatAdvertisement Packet Format

VHA’s ID indicates the VHA that this Agent VHA’s ID indicates the VHA that this Agent

is the Master.is the Master.MHA’s priority is the priority of this MHA.MHA’s priority is the priority of this MHA.Authentication Information is necessary to Authentication Information is necessary to

void the masquerading attacks (i.e. anybody void the masquerading attacks (i.e. anybody posing as a Master after compromising it).posing as a Master after compromising it).

VHA’s ID MHA’s priority

Authentication Information

39

Protocol DescriptionProtocol Description BHAs only listen for advertisements, they do not BHAs only listen for advertisements, they do not

send the advertisements.send the advertisements.

If a BHA did not receive any advertisement for If a BHA did not receive any advertisement for some period, starts the Down Interval Timer, some period, starts the Down Interval Timer, computed as followscomputed as follows

Down Time Interval = 5*Advertisement Interval Down Time Interval = 5*Advertisement Interval + ((MHA’s priority-BHA’s priority)/MHA’s + ((MHA’s priority-BHA’s priority)/MHA’s priority)priority)

40

Protocol DescriptionProtocol Description

Down Interval Time takes care of packet Down Interval Time takes care of packet losses (as it is atleast 5 advertisement losses (as it is atleast 5 advertisement intervals)intervals)

Down Interval Time is a function of BHA’s Down Interval Time is a function of BHA’s configured priority (if the priority is more, configured priority (if the priority is more, Down Interval Time is less).Down Interval Time is less).

41

Protocol DescriptionProtocol Description

Down Interval Timer of the BHA having Down Interval Timer of the BHA having the highest priority will expire first and that the highest priority will expire first and that guarantee BHA transitions from BHA to guarantee BHA transitions from BHA to MHA.MHA.

New MHA sends advertisements from now New MHA sends advertisements from now onwards.onwards.

42

Protocol DescriptionProtocol Description

Advantages of this Election ProtocolAdvantages of this Election ProtocolNo communication between the BHAs is No communication between the BHAs is

required.required.There is no confusion about which BHA There is no confusion about which BHA

becomes MHA (only the one whose timer becomes MHA (only the one whose timer expires first)expires first)

No additional security threats (like No additional security threats (like manipulating priorities of BHAs)manipulating priorities of BHAs)

43

Protocol DescriptionProtocol Description

Start State

Backup State

Master State

State Transitions

44

Advantages of the proposed Advantages of the proposed schemescheme

Has only 3 states and hence the overhead of state Has only 3 states and hence the overhead of state maintenance is negligible.maintenance is negligible.

Very few tasks need to be performed in each stateVery few tasks need to be performed in each state

Flexible – there could be multiple VHAs in the Flexible – there could be multiple VHAs in the same LAN and a MHA could be a BHA for same LAN and a MHA could be a BHA for another VHA, a BHA could be a BHA for more another VHA, a BHA could be a BHA for more than one VHA at the same time.than one VHA at the same time.

45

Hierarchical Authentication Hierarchical Authentication SchemeScheme

Multiple Home Agents in a LAN are Multiple Home Agents in a LAN are organized in a hierarchy (like a tree data organized in a hierarchy (like a tree data structure).structure).

A Mobile Host shares a key with each of the A Mobile Host shares a key with each of the Agents above it in the tree (Multiple Keys).Agents above it in the tree (Multiple Keys).

At any time, highest priority key is used for At any time, highest priority key is used for sending packets or obtaining any other kind sending packets or obtaining any other kind of service.of service.

46

Hierarchical Authentication Hierarchical Authentication SchemeScheme

A

B C

D E F G

K1

K2

Database

Database

(K1, P1)

(K2, P2)

47

Hierarchical Authentication Hierarchical Authentication SchemeScheme

Key Priority depends on several factors and Key Priority depends on several factors and computed as cumulative sum of weighted computed as cumulative sum of weighted priorities of each factor.priorities of each factor.

Example factors:Example factors: Communication DelaysCommunication Delays Processing Speed of the AgentsProcessing Speed of the Agents Secret Key UsageSecret Key Usage Life Time of the KeyLife Time of the Key Configurable PrioritiesConfigurable Priorities Availability of secret key information to an AgentAvailability of secret key information to an Agent

48

Hierarchical Authentication Hierarchical Authentication SchemeScheme

Hosts detect the Home Agent’s failure or Hosts detect the Home Agent’s failure or mobility when the Home Agent does not mobility when the Home Agent does not send an acknowledgement for a request.send an acknowledgement for a request.

When the failure is detected, host reduces When the failure is detected, host reduces the priority of the current key and picks up the priority of the current key and picks up highest priority key to be used now highest priority key to be used now onwards.onwards.

49

VHA Scheme Flat structure Host has only one key

Failure is transparent to the user

Hierarchical Scheme Tree structure number of keys depend on height of the tree. Hosts should be aware of the failure of BS as which key to be used depends on the base station serving it.

No Priority is assigned to the keys

Each key has priority, the key with the highest priority is used for authentication.

50

Cluster for scalabilityCluster for scalability

Front End

Back-endClients

RequestsRequestDistribution

One IP Add.

51

Locality-Aware Request DistributionLocality-Aware Request Distribution

R1,R1,R1,R2,R3,R2,R1,R1,R2,R3

Front-end nodeBack-end nodes

R1,R1,R1,R1,R1

R2,R3,R2,R2,R3

R1Cache

R2, R3

Cache

52

Back-end ForwardingBack-end Forwarding

Host Front-end

Back-end nodes

Forwarded Request

53

Request RedirectionRequest Redirection

1. Request

Front End

Front End

2. Redirect to Back End

Back-end

3. Redirected Request

54

ConclusionsConclusions

Discuss Transactions design to Increase Data Availability (Application Oriented)

Flat-model and tree based schemes for fault-tolerant authentication in mobile environment (System Oriented)

55

Future workFuture work

Quantifying the priorities for each factor Quantifying the priorities for each factor and computing the overall key priority as a and computing the overall key priority as a weighted function of all these factors.weighted function of all these factors.

Designing a adaptable replication and Designing a adaptable replication and partitioning scheme for secret keys that partitioning scheme for secret keys that increases the system performance.increases the system performance.

Simulation of these approaches and Simulation of these approaches and obtaining performance statistics.obtaining performance statistics.

56

Current ProjectsCurrent ProjectsWAP and WML for Web Engineering on

Mobile Platforms– Different Approach to Content Management

and caching– Developing Device dependent Software for

web Access (minimum number of clicks, textual input, reduce latency)

– Requirement Engineering (capturing, structuring, and accurately representing users requirements)

Data, operational, functional constraints

– Performance and Design constraints

57

ReferencesReferences

IP Mobility Support - RFC 2002.Group Key Management Protocol (GKMP)

Architecture - RFC 2094.Key Management for multicast : Issues and

Architectures - RFC 2627.Secure Group Communications using Key

Graphs, Chung Kei Wong, Md. Gouda

58

Concurrency Control and LockingConcurrency Control and Locking

Pre-Read-Lock(X):Pre-Read-Lock(X): Grant the requested pre-read-lock to a Grant the requested pre-read-lock to a transaction T on X if no other transaction holds a prewrite-transaction T on X if no other transaction holds a prewrite-lock on X.lock on X.

Read-Lock(X):Read-Lock(X): Grant the requested read-lock to a transaction T Grant the requested read-lock to a transaction T on X if no other transaction holds a write-lock on X.on X if no other transaction holds a write-lock on X.

Prewrite-Lock(X):Prewrite-Lock(X): Grant the prewrite-lock to a transaction T on Grant the prewrite-lock to a transaction T on X if no other transaction holds are Prewrite- or pre-read-lock X if no other transaction holds are Prewrite- or pre-read-lock on X.on X.

(continued……….)

59

Write-Lock(X):Write-Lock(X): Update a prewrite-lock on X held by a Update a prewrite-lock on X held by a transaction T to write-lock iftransaction T to write-lock if

BeginBeginIf the write-lock-wait queue for X is empty thenIf the write-lock-wait queue for X is empty then BeginBegin If the transaction T is pre-committed and no other If the transaction T is pre-committed and no other

transaction holds a read-or write-lock on X then convert transaction holds a read-or write-lock on X then convert prewrite-lock to write-lock;prewrite-lock to write-lock;

End;End; elseelse BeginBegin put the transaction T in a write-lock-wait queue for X;put the transaction T in a write-lock-wait queue for X; End;End;End.End.

60

Serializable Schedules in Mobile Transaction ModelSerializable Schedules in Mobile Transaction Model

1. T1. Tii { pr { prii(x), r(x), rii(x), pw(x), pwii(x), w(x), wii(x)(x)x is a design object} x is a design object} {pc {pcii, c, cii, a, aii}}

2. If a2. If ai i T Ti i if and only if pcif and only if pcii T Tii and c and ci i T Tii

3. If it is c3. If it is ci i or aor ai i then for any other operation p then for any other operation p T Ti i , p <, p <ii t and if t is t and if t is pcpcii, then pc, then pcii < <i i ccii. .

4. If pr4. If prii(x), r(x), rii(x), pw(x), pwii(x), w(x), wii(x) (x) T then either pr T then either prii(x) <(x) <i i wwii(x), or w(x), or wii(x) (x) <<i i rrii(x), or r(x), or rii(x) <(x) <i i wwii(x), pw(x), pwii(x) <(x) <i i prprii(x) or pw(x) or pwii(x) <(x) <i i wwii(x), or pr(x), or prii(x) (x) <<i i rrii(x).(x).

Consider a set of transactions in T=(TConsider a set of transactions in T=(T1 1 , T, T2 2 ………… TTn n ) which are ) which are modeled by a structure called a history. Formally [BHG], a history modeled by a structure called a history. Formally [BHG], a history H over T is a partial orderH over T is a partial order

((, <, <nn) where) where

i) H = i) H = nnUUi=1 i=1 TTii;;

ii) <ii) <HH nnUUi=1 i=1 <<i i ; and; and

iii) for any two conflicting operations p and q either p <iii) for any two conflicting operations p and q either p <H H q or q <q or q <HH p. p.

61

Case 1Case 1: In this case we consider simple data objects and see that a : In this case we consider simple data objects and see that a history with a prewrite is same as the history without a prewrite.history with a prewrite is same as the history without a prewrite.

Consider the following history H:Consider the following history H:

pwlpwl11(x)pw(x)pw11(x)rl(x)rl22(x)r(x)r11(x)rul(x)rul11(x)c(x)c22pcpc11(pwl(pwl11(x)(x) wl wl11(x))prl(x))prl33(x)pr(x)pr33(x)(x)

prulprul33(x)c(x)c33ww11(x)wul(x)wul11(x)c(x)c11

After taking into account these commutative operations, the above After taking into account these commutative operations, the above history will be Equivalent to:history will be Equivalent to:

rlrl22(x)r(x)r22(x)rul(x)rul22(x)c(x)c22pwlpwl11(x)pw(x)pw11(x)pc(x)pc11(pwl(pwl11(x)(x) wl wl11(x)) prl(x)) prl33(x) pr(x) pr33(x)(x)

prulprul33(x)c(x)c33ww11(x) wul(x) wul11(x)c(x)c11

Consider another history H’:Consider another history H’:

pwlpwl11(x)pw(x)pw11(x)rl(x)rl22(x)r(x)r22(x)rul(x)rul22(x)c(x)c22pcpc11(pwl(pwl11(x)(x) wl wl11(x))pwl(x))pwl33(x)pw(x)pw33(x)(x)

pcpc33ww11(x)wul(x)wul11(x)c(x)c11(pwl(pwl33(x) (x) wl wl33(x))wl(x))wl33(x)wul(x)wul33(x)c(x)c33

62

Case 2Case 2: In this case we see that once a transaction’s prewrite-lock is updated to : In this case we see that once a transaction’s prewrite-lock is updated to the write-lock, it can not acquire any other lock. the write-lock, it can not acquire any other lock.

Consider the following history:Consider the following history:

pwlpwl11(x)pw(x)pw11(x)pc(x)pc11(pwl(pwl11(x)(x) wl wl11(x))prl(x))prl22(x)pr(x)pr22(x)pwl(x)pwl22(y)pw(y)pw22(y)pc(y)pc22

(pwl(pwl22(y) (y) wl wl22(y))w(y))w22(y)prul(y)prul22(x) wul(x) wul22(x)c(x)c22ww11(x) rl(x) rl11(y)r(y)r11(y)rul(y)rul11(y)wul(y)wul11(x)c(x)c11

Case 3Case 3: In this case, we see that a prewrite-lock can not be updated to a write-: In this case, we see that a prewrite-lock can not be updated to a write-lock if some other transaction is holding a conflicting lock.lock if some other transaction is holding a conflicting lock.

Consider a partial history:Consider a partial history:

rlrl11(x)r(x)r11(x) pwl(x) pwl11(x) pw(x) pw11(x)rl(x)rl22(x)r(x)r22(x) pc(x) pc11(pwl(pwl11(x) (x) wl wl11(x))(x))

Consider another partial history:Consider another partial history:

pwlpwl11(x) pw(x) pw11(x) pc(x) pc11(pwl(pwl11(x) (x) wlwl11(x)) plw(x)) plw22(x) pw(x) pw22(x)w(x)w11(x) pc(x) pc22(pwl(pwl22(x) (x) w w22(x)) (x))

Case 4Case 4: In this case, we see that a transaction, which returns an old value, can be : In this case, we see that a transaction, which returns an old value, can be serialized in the history.serialized in the history.

Consider a history:Consider a history:

rlrl11(x)r(x)r11(x)pwl(x)pwl11(x) pw(x) pw11(x)rl(x)rl22(x)r(x)r22(x)pc(x)pc11rulrul22(x)c(x)c22(pwl(pwl11(x) (x) wl wl11(x))(x))

63

Proof of CorrectnessProof of Correctness

Property 1Property 1: If o is an operation then ol(x) < o(x) < ou(x).: If o is an operation then ol(x) < o(x) < ou(x).

Property 2Property 2: If p: If pii(x) and q(x) and qii(y) are two operations under T(y) are two operations under Ti i then plthen plii(x) < (x) <

qulqulii(y),(y),

i.e., for all lock operations li.e., for all lock operations li i TTi i and un-lock operations ul and un-lock operations uli i TTi i , l, li i <<

ululii

Property 3Property 3: If (pwl: If (pwlii(x)(x)wlwlii(x)) (x)) TTi i thenthen

1) For any operational ol1) For any operational oli i TTi i , ol, oli i <<ii (pwl (pwlii(x)(x)wlwlii(x)). That is, once a (x)). That is, once a

prewrite-lock is converted to a write-lock, no other operation can prewrite-lock is converted to a write-lock, no other operation can lock any data object.lock any data object.

2) For any operational pul2) For any operational pulii TTii, (pwl, (pwlii(x) (x) wlwlii(x)) < pul(x)) < pulii(x).(x).

That is, a prewrite-lock is converted to a write-lock before any lock That is, a prewrite-lock is converted to a write-lock before any lock is released.is released.

64

Property 4Property 4: If p: If pii(x)(x) and qand qj j (x) are two conflicting operations then either(x) are two conflicting operations then either

1) pul1) pulii(x) (x) <<H H qlqljj(x). If (x). If ppii(x) is a prewrite operation then (pwl(x) is a prewrite operation then (pwlii(x)(x)wlwlii(x)) (x)) <<H H qlqljj(x).(x).

If pIf pii(x) is a read operation then pul(x) is a read operation then pul jj(x) (x) <<H H (pwl(pwljj(x)(x)wlwljj(x)). or(x)). or

2) qul2) quljj(x) (x) <<H H plplii(x). If (x). If qqjj(x) is a prewrite operation then (pwl(x) is a prewrite operation then (pwljj(x)(x)wlwljj(x)) (x)) <<H H plplii(x).(x).

If qIf qjj(x) is a read operation then qul(x) is a read operation then qul jj(x) (x) <<H H (pwl(pwlii(x)(x)wlwlii(x)). (x)).

Property 5Property 5: If pc: If pci i andand cci i are pre-commit and commit then pcare pre-commit and commit then pc i i <<ii c ci i inin TTi i and for any pcand for any pcjj, if pc, if pci i << pcpci i then cthen ci i << ccii . However, if the transaction . However, if the transaction TTjj is a read-only transaction and pcis a read-only transaction and pc i i << prprjj then c then cj j << cci i or cor ci i << ccj j ..

Property 6Property 6: If pc: If pcii T Tii then no a then no aii T Tii..

Property 7Property 7: If pw: If pwii(x), w(x), wii(x) (x) T Ti i and pwand pwjj(x), w(x), wjj(x) (x) T Tj j and if Tand if Tii T Tjj thenthen

1) If pwl1) If pwlii(x) < pwl(x) < pwljj(x) then wl(x) then wlii(x) < wl(x) < wljj(x).(x).

2) If wl2) If wlii(x) < pwl(x) < pwljj(x) then pwl(x) then pwljj(x) < w(x) < wii(x) < wl(x) < wljj(x) or wl(x) or wlii(x) < pw(x) < pwjj(x) < (x) < wwjj(x). (x).

65

Lemma 1Lemma 1: If T: If T1 1 T T2 2 in SG(H) then there exists an unlock operation in SG(H) then there exists an unlock operation

pulpul11 T T1 1 or a lock convert operation (pwlor a lock convert operation (pwl1 1 wl wl11) ) T T1 1 such that such that

for all lock operations for all lock operations

qlql22 T T2 2 or a lock convert operation (pwlor a lock convert operation (pwl2 2 wl wl22) ) T T22 , pul , pul11(x) < (x) <

qlql22(x) or (x) or

(pwl(pwl11(x) (x) wl wl11(x))< ql(x))< ql22(x) or pul(x) or pul11(x) < (pwl(x) < (pwl22(x)(x) wl wl22(x)).(x)).

Lemma 2Lemma 2: Let T: Let T1 1 T T2 2 …. …. T Tnn be a path in SG(H) where n>1. be a path in SG(H) where n>1.

Then for data objects x and y and some operations pThen for data objects x and y and some operations p11(x) and q(x) and qnn(y) (y)

in H, puin H, pu11(x)< ql(x)< qlnn(y) or (y) or

(pwl(pwl11(x) (x) wl wl11(x))< ql(x))< qlnn(y) or pul(y) or pul11(x) < (pwl(x) < (pwlnn(y)(y) wl wlnn(y)).(y)).

Theorem Theorem : Every history H obtained by the locking protocols given : Every history H obtained by the locking protocols given before is serializable.before is serializable.