1 / 23

A Critical Analysis of the Transaction Internet Protocol

A Critical Analysis of the Transaction Internet Protocol. Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland www.dcs.ed.ac.uk. Overview of the Talk. What is TIP and what kind of services does it provide. How do Internet applications enlist in Internet transactions.

Download Presentation

A Critical Analysis of the Transaction Internet Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Critical Analysis of the Transaction Internet Protocol Tim Kempster (tdk@dcs.ed.ac.uk) University of Edinburgh Scotland www.dcs.ed.ac.uk

  2. Overview of the Talk • What is TIP and what kind of services does it provide. • How do Internet applications enlist in Internet transactions. • How can we model these transactions. • Discussion of problems/features of TIP within this model.

  3. What Is TIP? • TIP is an IETF standard proposed by Microsoft and Tandem and supported by other vendors. • It provides transactional semantics to a group of actions carried out by E-Commerce style Internet applications. • TIP provides Atomicity.

  4. Traditional E-Commerce Involve a Customer and a single Merchant. Shopping by visiting one Merchant at a time. Multi-Party E-Commerce Involve a customer and two or more Merchants. Merchants come together on an ad hoc basis to provide a package of goods. These may be transient relationships. Changing Style of E-Commerce

  5. E-Commerce Example I Hotel Reservation System Airline Reservation System I Only need a flight if I can get a Hotel Room Travel Agency Browser

  6. E-Commerce Example II Government Bonds Broker Futures Trader Packaged financial product available from a WWW broker DOW Futures Broker Equities Broker

  7. Two pipe connection based model. TM TM TM Application Application Application The Participants In a Transaction TM Application

  8. B C E F G H I Growing a Transaction PULL R PUSH D

  9. PUSH TM X TM Y TID PUSHED tip_open() tip_push() TID TID do_some_work(TID) Application B Application A done Push Enlistment

  10. PULLED TM X TM Y PULL(TID) tip_open() tip_pull(TID) TID do_some_work(TID) Application B Application A done Pull Enlistment

  11. PREPARE PREPARE PREPARED A e e PREPARE PREPARE PREPARED p p Terminating Transaction I e = Enlisted R p = prepared e p p e e p p e B p p e e C D

  12. COMMIT COMMIT COMMITED A p p COMMIT COMMIT COMMITED c c Terminating Transactions II p = prepared R c= committed c p p c p c p c A B c c p p C D

  13. ABORT A p p ABORT ABORT ABORTED a a Terminating Transactions III p = prepared R a= aborted a p a ABORTED p a a A B a a p p C D

  14. R e e a a a a p a a p p a a p Failure Before Preparation e e B B e e e C D

  15. QUERY RECONNECT RECONNECTED Failure After Preparation R p p e p B B p p p p C D

  16. Failure Tends to Cause Aborts • If connections are lost between enlisted TMs this will cause the transaction to abort. • TMs connections will often be in the enlisted state. • Therefore the unreliability of the Internet will cause many transactions to abort. • An enhancement to TIP should allow enlisted TMs to reconnect.

  17. R p p e Blocking In TIP Prepared transactions cannot terminate and must hold resources. p p e p p

  18. Why is Blocking Such a Problem? • Resources (database locks) will need to be held until failure in some part of the Internet is repaired. • A application has little control of who or where a transaction is pushed. Its resources therefore are vulnerable. • Connection failure is common over the Internet. • Commit protocols which are less blocking exist.

  19. PREPARE PREPARED PREPARE Jamming a Transaction Gold Futures Pension Fund Government Bonds Government bonds dealer waits for news. If it is favorable she replies PREPARED otherwise she aborts the transaction. Thus gaining a competitive advantage. She could also fake failure to cause the abort.

  20. Security in TIP • If A with local TM X enlists B with local TM Y, then no other transaction can be mistakenly enlisted. Furthermore A’s identity is authenticated to B and vice versa. • No outside parties can detect that the messages exchanged pertain to a TIP transaction. • TIP Specification says use TLS but how ?

  21. PULLED TM X TM Y PULL(TID) Pull must come from Y tip_pull(TID) TID do_some_work(TID) Application B Application A done Secure Pull Associate TID with TM Y’s public key TM X Only Replies PULLED if PULL came from TM Y. Secure authenticated pipe

  22. ABORT Pull must come from Y tip_pull(TID) TID Man in the Middle MIM replaces TID with a bogus TID to hijack the transaction Why Must the Application Pipe be Secure? Associate TID with TM Y’s public key TM X TM X Bogus TM A B

  23. Conclusions • TIP provides transaction atomicity across Internet applications. • Transactions are grown dynamically and terminated using a hierarchical 2PC. • TIP behaves badly if connections fail. • Security issues arise during transaction enlistment. • There are issues when applications are not cooperative.

More Related