research-article

Separation of powers in the cloud: where applications and users become peers

Authors:

David H. Lorenz,

Boaz RosenanAuthors Info & Claims

Onward! 2015: 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!)

Pages 76 - 89

https://doi.org/10.1145/2814228.2814237

Published: 21 October 2015 Publication History

Abstract

We challenge the widely accepted practice that web applications must be trusted with user data. We present an alternative model based on logic programming, where users and applications are equal peers in a shared cloud environment. User data is represented as a set of facts. The application is represented as a set of rules defining how user data is to be processed, but is not given direct access to the data. This way, end users remain the owners of their own data, and are able to determine who can see it and who can modify it. For concreteness, we define a data representation and query language, named Cloudlog, for a new family of deductive databases, named NoDatalog. We add access control to the language for guaranteeing that the rules provided by the application cannot change the choices made by users. We demonstrate how business logic can be expressed in Cloudlog, and discuss how an efficient Cloudlog-based database can be implemented.

References

[1]

M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706– 734, Sept. 1993.

Digital Library

[2]

S. Abiteboul, Z. Abrams, S. Haar, and T. Milo. Diagnosis of asynchronous discrete event systems: Datalog to the rescue! In Proceedings of the 24th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS’05), pages 358–367, Baltimore, Maryland, June 2005. ACM Press.

Digital Library

[3]

S. Abiteboul, R. Hull, and V. Vianu. Foundation of Databases. Addison Wesley, 1995. Available online at: http://webdam. inria.fr/Alice/.

Digital Library

[4]

V. Abramova and J. Bernardino. NoSQL databases: MongoDB vs Cassandra. In Proceedings of the 6th International C* Conference on Computer Science & Software Engineering (C 3 S 2 E’’13), pages 14–22, Porto, Portugal, July 2013.

Digital Library

[5]

P. Alvaro, T. Condie, N. Conway, K. Elmeleegy, J. M. Hellerstein, and R. Sears. BOOM analytics: Exploring data-centric, declarative programming for the cloud. In Proceedings of the 5th European Conference on Computer Systems (EuroSys’10), pages 223–236, Paris, France, Apr. 2010. ACM Press.

Digital Library

[6]

P. Alvaro, W. R. Marczak, N. Conway, J. M. Hellerstein, D. Maier, and R. Sears. Dedalus: Datalog in Time and Space. Springer, 2011.

Digital Library

[7]

P. Bailis, A. Fekete, J. M. Hellerstein, A. Ghodsi, and I. Stoica. Scalable atomic visibility with RAMP transactions. In Proceedings of the 2014 ACM SIGMOD International Conference on Management of Data (SIGMOD/PODS’14), pages 27–38, Snowbird, Utah, June 2014. ACM Press.

Digital Library

[8]

M. Y. Becker, C. Fournet, and A. D. Gordon. SecPAL: Design and semantics of a decentralized authorization language. Journal of Computer Security (JCS), 18(4):597–643, 2010.

Digital Library

[9]

J. L. Bower and C. M. Christensen. Disruptive technologies: Catching the wave. The Journal of Product Innovation Management, 13(1):75–76, 1996.

[10]

E. C. Brady. IDRIS: Systems programming meets full dependent types. In Proceedings of the 5th ACM Workshop on Programming Languages Meets Program Verification (PLPV’11), pages 43–54, Austin, Texas, Jan. 2011. ACM Press.

Digital Library

[11]

M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. In Proceedings of the 24th Annual ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA’09), pages 243–262, Orlando, Florida, Oct. 2009. ACM Press.

Digital Library

[12]

Y. Bu, V. R. Borkar, M. J. Carey, J. Rosen, N. Polyzotis, T. Condie, M. Weimer, and R. Ramakrishnan. Scaling Datalog for machine learning on big data. CoRR, abs/1203.0160, 2012.

[13]

A. Calì, G. Gottlob, and T. Lukasiewicz. A general Datalogbased framework for tractable query answering over ontologies. In Proceedings of the 28th ACM SIGMOD-SIGACTSIGART Symposium on Principles of Database Systems (PODS’09), pages 77–86, Providence, Rhode Island, June 2009. ACM Press.

Digital Library

[14]

S. Ceri, G. Gottlob, and L. Tanca. What you always wanted to know about Datalog (and never dared to ask). IEEE Transactions on Knowledge and Data Engineering, 1(1):146–166, 1989.

Digital Library

[15]

K. L. Clark and S.-A. Tärnlund. Logic Programming. Academic Press, New York, 1982.

Digital Library

[16]

W. F. Clocksin and C. S. Mellish. Programming in Prolog. Springer, fifth edition, 2003.

[17]

J. DeTreville. Binder, a logic-based security language. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (SP’02), pages 105–113, Oakland, California, USA, May 2002. IEEE.

Digital Library

[18]

E. Evans. Cassandra by example, May 2010. http://www. rackspace.com/blog/cassandra-by-example/.

[19]

D. Featherston. Cassandra: Principles and application. CS591 Advanced Seminar, Department of Computer Science, University of Illinois at Urbana-Champaign, Aug. 2010. http: //d2fn.com/cassandra-cs591-su10-fthrstn2.pdf.

[20]

Y. Gurevich and I. Neeman. DKAL: Distributed-knowledge authorization language. In Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF’08), pages 149–162, Pittsburg, Pennsylvania, June 2008. IEEE.

Digital Library

[21]

J. Han, E. Haihong, G. Le, and J. Du. Survey on NoSQL database. In Proceedings of the 6th International Conference on Pervasive Computing and Applications (ICPCA’11), pages 363–366, Port Elizabeth, South Africa, Oct. 2011. IEEE.

[22]

S. S. Huang, T. J. Green, and B. T. Loo. Datalog and emerging applications: an interactive tutorial. In Proceedings of the 2011 ACM SIGMOD International Conference on Management of data, pages 1213–1216. ACM, 2011.

Digital Library

[23]

G. Klein, J. Andronick, K. Elphinstone, G. Heiser, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal verification of an operating-system kernel. Communications of the ACM, 53(6):107–115, June 2010.

Digital Library

[24]

G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal verification of an OS kernel. In Proceedings of the 22nd ACM SIGOPS Symposium on Operating Systems Principles (SOSP’09), pages 207–220, Big Sky, Montana, USA, Oct. 2009.

Digital Library

[25]

R. Kowalski. Algorithm = logic + control. Communications of the ACM, 22(7):424–435, July 1979.

Digital Library

[26]

R. A. Kowalski. The early years of logic programming. Communications of the ACM, 31(1):38–43, Jan. 1988.

Digital Library

[27]

A. Lakshman and P. Malik. Cassandra: A decentralized structured storage system. SIGOPS Oper. Syst. Rev., 44(2):35–40, Apr. 2010.

Digital Library

[28]

R. F. van der Lans. The SQL Standard: A Complete Guide Reference. Prentice Hall, Englewood Cliffs, NJ, 1989.

Digital Library

[29]

G. Lawton. Developing software online with Platform-as-a-Service technology. Computer, 41(6):13–15, June 2008.

Digital Library

[30]

D. H. Lorenz and B. Rosenan. Versionable, branchable, and mergeable application state. In Proceedings of the 2014 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming & Software (Onward! 2014), pages 29––42, Portland, Oregon, USA, Oct. 2014. ACM.

Digital Library

[31]

M. Madden and L. Rainie. Americans’ attitudes about privacy, security and surveillance. Technical report, Pew Research Center, 1615 L Street, NW, Suite 700 Washington, DC 20036, May 2015.

[32]

D. G. Messerschmitt and C. Szyperski. Software Ecosystem: Understanding an Indispensable Technology and Industry. MIT Press, Cambridge, MA, USA, 2003.

Digital Library

[33]

J. Patel. Cassandra data modeling best practices, part 1, July 2012. http://www.ebaytechblog.com/2012/07/16/ cassandra-data-modeling-best-practices-part-1/.

[34]

D. Pritchett. BASE: An ACID alternative. Queue, 6(3):48–55, May 2008.

Digital Library

[35]

R. Ramakrishnan and J. D. Ullman. A survey of deductive database systems. The Journal of Logic Programming, 23(2):125–149, 1995.

[36]

P. J. Sadalage and M. Fowler. NoSQL distilled: a brief guide to the emerging world of polyglot persistence. Addison-Wesley, 2012.

Digital Library

Cited By

Lorenz DRosenan B(2017)Application EmbeddingCompanion Proceedings of the 1st International Conference on the Art, Science, and Engineering of Programming10.1145/3079368.3079380(1-1)Online publication date: 3-Apr-2017
https://dl.acm.org/doi/10.1145/3079368.3079380
Lorenz DRosenan BVisser E(2016)A web application is a domain-specific languageCompanion Proceedings of the 2016 ACM SIGPLAN International Conference on Systems, Programming, Languages and Applications: Software for Humanity10.1145/2984043.2989220(35-36)Online publication date: 20-Oct-2016
https://dl.acm.org/doi/10.1145/2984043.2989220

Index Terms

Separation of powers in the cloud: where applications and users become peers
1. Social and professional topics
  1. Computing / technology policy
2. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language types

Recommendations

PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
Executing Suspended Logic Programs

We present an extension of Logic Programming (LP) which, in addition to ordinary LP clauses, also includes integrity constraints, explicit representation of disjunction in the bodies of clauses and in goals, and suspension of atoms as in concurrent ...
Query evaluation in deductive databases with alternating fixpoint semantics

First-order formulas allow natural descriptions of queries and rules. Van Gelder's alternating fixpoint semantics extends the well-founded semantics of normal logic programs to general logic programs with arbitrary first-order formulas in rule bodies. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

Onward! 2015: 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!)

October 2015

307 pages

ISBN:9781450336888

DOI:10.1145/2814228

Program Chairs:
Gail C. Murphy
University of British Columbia, Canada
,
Guy L. Steele Jr.

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Israel Science Foundation

Conference

SPLASH '15

Sponsor:

SIGPLAN

SPLASH '15: Conference on Systems, Programming, Languages, and Applications: Software for Humanity

October 25 - 30, 2015

PA, Pittsburgh, USA

Acceptance Rates

Overall Acceptance Rate 40 of 105 submissions, 38%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
101
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lorenz DRosenan B(2017)Application EmbeddingCompanion Proceedings of the 1st International Conference on the Art, Science, and Engineering of Programming10.1145/3079368.3079380(1-1)Online publication date: 3-Apr-2017
https://dl.acm.org/doi/10.1145/3079368.3079380
Lorenz DRosenan BVisser E(2016)A web application is a domain-specific languageCompanion Proceedings of the 2016 ACM SIGPLAN International Conference on Systems, Programming, Languages and Applications: Software for Humanity10.1145/2984043.2989220(35-36)Online publication date: 20-Oct-2016
https://dl.acm.org/doi/10.1145/2984043.2989220

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents