SQLbox: database access library

introduction

sqlbox is an open source C/C++ secure database access library at this time limited to sqlite3 databases. (postgresql is in the planning phase.) Instead of operating databases in-process, sqlbox uses a multi-process, resource-separated approach to safe-guard the database from the calling application.

some features…

role-based access control on a per-statement and per-source (opening and closing) basis, limiting application database access and manipulation to role purview
in-child filter capabilities allowing for selective scrambling or anonymisation of query results
asynchronous mode for some operations allows all the security benefits with only the slightest performance penalty in one-way interprocess communication
multi-select mode allows forward-caching of step responses, considerably reducing the frequency of synchronous communication

sqlbox is designed to update ksql with higher performance and a simpler implementation. The library is well-documented and has all of its behaviour checked with a large set of regression tests. It may be run on any modern UNIX. It is a BSD.lv project.

latest release…

install

You'll need any modern UNIX system with the sqlite3 library already installed. (Tested on FreeBSD, Linux, OpenBSD; built on OpenBSD.) I strongly suggest using OpenBSD as it provides the pledge facility. Other systems, such as Linux or FreeBSD, are more difficult (hugely so, in the former case) to configure securely. Start by checking that your system's third-party packages system doesn't already have sqlbox. If it does not, proceed.

Download either the latest release (sqlbox.tar.gz | sha512) or the current sources from the GitHub repository.

Download and verify the newest release (if not from the source repository).
```
sha512 -C sqlbox.tar.gz.sh512 sqlbox.tar.gz
tar zvxpf sqlbox.tar.gz
```
Configure for your system and install destination, compile, install. The default is /usr/local.
```
./configure 
make
make install
```
You may need to run this with BSD make (bmake) on non-BSD systems. You shouldn't need to pass any arguments to configure.

That's it! The manpages are the canonical source of information on this library. Start with sqlbox(3).

security

The purpose of sqlbox is to provide security to your data from your application: both from programming errors and compromise. Its security principles are as follows:

only pre-set statements shall be executed
only pre-set databases shall be opened
database components shall not be reachable by process file-system or memory
provide this with an acceptable impact on performance

It effects this by forked a database management process with pre-set database names and statements. Once forked, the names and statements are inherited and can no longer be changed. Communication with the database is via tightly-controlled socket IPC with the control process. Requests for statements are by identifier, not strings.

operation of sqlbox — Not only does this protect the database itself, it also allows fine-grained access controls and other operations opaque to the caller.

When the caller uses a constraint mechanism such as pledge, it makes the database completely inaccessable except via controlled IPC.

This security is built to enforce a role-based access control system, which is useful when a single application has several different roles of operation (e.g., users, administration, analysis). This is enforced within the management process, so a compromised application cannot change its own role except within the transition matrix set during creation. The management process also provides opaque anonymisation of data, which is especially useful for analysis when database information may contain identity information.

performance

The following are a series of performance measurements between raw sqlite3 databases. using the C/C++ API, ksql, and sqlbox. For consistency, all databases in the performance analysis are opened as :memory:.

sqlbox tries to minimise the amount of system calls used to exchange data, and minimise even further instances of synchronous communication where the client requests then waits for data.

performance metric 1 — A full cycle of opening a database, creating a table, and inserting a single row of data (four integers, to be precise). This is re-run for the number of iterations on the x-axis. Since these operations use asynchronous sqlbox, the performance penalty is only for interprocess communication.

performance metric 2 — A series of statement preparations, binding parameters to the query, and executing the query. The step function is synchronous and constitutes the majority of the delay in the sqlbox case.

performance metric 3 — This prepares then, in a loop, rebinds and steps a statement. The step function, again, is synchronous and constitutes the majority of overhead.

performance metric 4 — This showcases how quickly selection occurs with sqlbox's multiple-select option, where rows are cached ahead of time by the server and returned quickly to the client.

In general, the slowness of ksql is that each operation involves a synchronous read and write between server and client. In sqlbox, there are asynchronous versions of most functions to significantly reduce contention. Moreover, the wire format is optimised for one unfragmented read (or write) in the general case.

documentation

The canonical documentation for using sqlbox is its manpages. Below is a list of all bundled manuals. These apply to the current version of this software, which is 0.1.13.

This library makes use of pkg-config, so testing for installation, compile and link flags, etc., are all accomplished using that way.

sqlbox(3): database access library
sqlbox_alloc(3): allocate sqlbox context
sqlbox_close(3): close a database
sqlbox_exec(3): execute a statement with bound parameters
sqlbox_finalise(3): finalise a statement
sqlbox_free(3): frees sqlbox context
sqlbox_msg_set_dat(3): set message private data
sqlbox_open(3): open a database
sqlbox_parm_float(3): convert sqlbox results
sqlbox_ping(3): test whether sqlbox context is active
sqlbox_prepare_bind(3): prepare a statement and bind parameters
sqlbox_rebind(3): rebind parameters to a statement
sqlbox_role(3): change role of sqlbox context
sqlbox_role_hier_alloc(3): allocate hierarchical role generator
sqlbox_role_hier_child(3): add a child to a role
sqlbox_role_hier_free(3): free hierarchical role generator
sqlbox_role_hier_gen(3): generate hierarchical roles
sqlbox_role_hier_gen_free(3): free generated roles
sqlbox_role_hier_sink(3): add a sink node to a hierarchy
sqlbox_role_hier_start(3): add a start (source) node to a hierarchy
sqlbox_role_hier_stmt(3): add a permission to a role
sqlbox_step(3): execute a prepared statement
sqlbox_trans_commit(3): end a database transaction
sqlbox_trans_deferred(3): begin a database transaction