Technical Report CS-2015-06

Title: Separation of Powers in the Cloud: Where Applications and Users Become Peers
Authors: David H. Lorenz and Boaz Rosenan
PDFCurrently accessibly only within the Technion network
Abstract: We challenge the widely accepted practice that web applications must be trusted with user data. We present an alternative model based on logic programming, where users and applications are equal peers in a shared cloud environment. User data is represented as a set of facts. The application is represented as a set of rules defining how user data is to be processed, but is not given direct access to the data. This way, end users remain the owners of their own data, and are able to determine who can see it and who can modify it. For concreteness, we define a data representation and query language, named Cloudlog, for a new family of deductive databases, named NoDatalog. We add access control to the language for guaranteeing that the rules provided by the application cannot change the choices made by users. We demonstrate how business logic can be expressed in Cloudlog, and discuss how an efficient Cloudlog-based database can be implemented.

CopyrightThe above paper is copyright by the Technion, Author(s), or others. Please contact the author(s) for more information

Remark: Any link to this technical report should be to this page (, rather than to the URL of the PDF files directly. The latter URLs may change without notice.

To the list of the CS technical reports of 2015
To the main CS technical reports page

Computer science department, Technion