A secure query language for XML documents

Tao Ku Chang, Gwan-Hwan Hwang

Research output: Contribution to journalArticle

Abstract

The intrinsic standardized property of an XML document provides a convenient way to carry out data exchanges between heterogeneous platforms among organizations via the Internet. The Internet is a public network, and traditionally there has been little protection against unauthorized access to sensitive information, and attacks. Although the W3C proposed the XQuery language [3], which is designed to be broadly applicable across all types of XML data sources, this language does not provide a security mechanism in its query expressions. In this paper, we propose a new XML query language, called the secure XML Query (sXQuery) language. sXQuery is derived from XQuery, and reinforced with a security mechanism; sXQuery combines the specification ability of both the XQuery language and the document security language which is designed to specify the scope and encryption details of XML [9, 11]. The user can specify the query and corresponding encryption details at the same time, that is, in the same sXQuery document. We have designed an sXQuery editor which enables users to generate sXQuery documents without having to write sXQuery source codes directly. Also, we present a scheme to implement an sXQuery engine by using the existing XQuery engine.

Original languageEnglish
Pages (from-to)1901-1916
Number of pages16
JournalJournal of Information Science and Engineering
Volume24
Issue number6
Publication statusPublished - 2008 Nov 1

Fingerprint

Query languages
XML
language
Internet
data exchange
editor
Cryptography
ability
Engines
Electronic data interchange

Keywords

  • DSL
  • Database
  • SXQuery
  • Security
  • XML
  • XQuery

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Hardware and Architecture
  • Library and Information Sciences
  • Computational Theory and Mathematics

Cite this

A secure query language for XML documents. / Chang, Tao Ku; Hwang, Gwan-Hwan.

In: Journal of Information Science and Engineering, Vol. 24, No. 6, 01.11.2008, p. 1901-1916.

Research output: Contribution to journalArticle

@article{3fe61f6223244946b1a3678928e983ac,
title = "A secure query language for XML documents",
abstract = "The intrinsic standardized property of an XML document provides a convenient way to carry out data exchanges between heterogeneous platforms among organizations via the Internet. The Internet is a public network, and traditionally there has been little protection against unauthorized access to sensitive information, and attacks. Although the W3C proposed the XQuery language [3], which is designed to be broadly applicable across all types of XML data sources, this language does not provide a security mechanism in its query expressions. In this paper, we propose a new XML query language, called the secure XML Query (sXQuery) language. sXQuery is derived from XQuery, and reinforced with a security mechanism; sXQuery combines the specification ability of both the XQuery language and the document security language which is designed to specify the scope and encryption details of XML [9, 11]. The user can specify the query and corresponding encryption details at the same time, that is, in the same sXQuery document. We have designed an sXQuery editor which enables users to generate sXQuery documents without having to write sXQuery source codes directly. Also, we present a scheme to implement an sXQuery engine by using the existing XQuery engine.",
keywords = "DSL, Database, SXQuery, Security, XML, XQuery",
author = "Chang, {Tao Ku} and Gwan-Hwan Hwang",
year = "2008",
month = "11",
day = "1",
language = "English",
volume = "24",
pages = "1901--1916",
journal = "Journal of Information Science and Engineering",
issn = "1016-2364",
publisher = "Institute of Information Science",
number = "6",

}

TY - JOUR

T1 - A secure query language for XML documents

AU - Chang, Tao Ku

AU - Hwang, Gwan-Hwan

PY - 2008/11/1

Y1 - 2008/11/1

N2 - The intrinsic standardized property of an XML document provides a convenient way to carry out data exchanges between heterogeneous platforms among organizations via the Internet. The Internet is a public network, and traditionally there has been little protection against unauthorized access to sensitive information, and attacks. Although the W3C proposed the XQuery language [3], which is designed to be broadly applicable across all types of XML data sources, this language does not provide a security mechanism in its query expressions. In this paper, we propose a new XML query language, called the secure XML Query (sXQuery) language. sXQuery is derived from XQuery, and reinforced with a security mechanism; sXQuery combines the specification ability of both the XQuery language and the document security language which is designed to specify the scope and encryption details of XML [9, 11]. The user can specify the query and corresponding encryption details at the same time, that is, in the same sXQuery document. We have designed an sXQuery editor which enables users to generate sXQuery documents without having to write sXQuery source codes directly. Also, we present a scheme to implement an sXQuery engine by using the existing XQuery engine.

AB - The intrinsic standardized property of an XML document provides a convenient way to carry out data exchanges between heterogeneous platforms among organizations via the Internet. The Internet is a public network, and traditionally there has been little protection against unauthorized access to sensitive information, and attacks. Although the W3C proposed the XQuery language [3], which is designed to be broadly applicable across all types of XML data sources, this language does not provide a security mechanism in its query expressions. In this paper, we propose a new XML query language, called the secure XML Query (sXQuery) language. sXQuery is derived from XQuery, and reinforced with a security mechanism; sXQuery combines the specification ability of both the XQuery language and the document security language which is designed to specify the scope and encryption details of XML [9, 11]. The user can specify the query and corresponding encryption details at the same time, that is, in the same sXQuery document. We have designed an sXQuery editor which enables users to generate sXQuery documents without having to write sXQuery source codes directly. Also, we present a scheme to implement an sXQuery engine by using the existing XQuery engine.

KW - DSL

KW - Database

KW - SXQuery

KW - Security

KW - XML

KW - XQuery

UR - http://www.scopus.com/inward/record.url?scp=57049108200&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=57049108200&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:57049108200

VL - 24

SP - 1901

EP - 1916

JO - Journal of Information Science and Engineering

JF - Journal of Information Science and Engineering

SN - 1016-2364

IS - 6

ER -