The design and implementation of an application program interface for securing XML documents

Tao Ku Chang, Gwan-Hwan Hwang

Research output: Contribution to journalArticle

7 Citations (Scopus)

Abstract

The encryption and signature standards proposed by W3C specifying the format for encrypted XML documents are important advances towards XML security [Eastlake, Donald, Reagle, Joseph, Imamura, Takeshi, Dillaway, Blair, Simon, Ed, 2002. XML Encryption Syntax and Processing. W3C Recommendation 10 December 2002 <http://www.w3.org/TR/xmlenc-core/>, Eastlake, Donald, Reagle, Joseph, Solo, David, Bartel, Mark, Boyer, John, Fox, Barb, LaMacchia, Brian, Simon, Ed, 2002. XML-Signature Syntax and Processing W3C Recommendation, 12 February 2002. <http://www.w3.org/TR/xmldsig-core/>]. Related works include the proposal of a specification language that allows a programmer to describe the security details of XML documents [Hwang, Gwan-Hwan, Chang, Tao-Ku, 2004. An operational model and language support for securing XML documents. Computers & Security 23(6), 498-529, Hwang, Gwan-Hwan, Chang, Tao-Ku, 2001. Document security language (DSL) and an efficient automatic securing tool for XML documents. International Conference on Internet Computing, Las Vegas, Nevada, USA, 24-28 June 2001, pp. 393-399]. Despite the success of these works, we consider them to be insufficient from the viewpoint of software engineering. In this paper, we employ some real examples to demonstrate that it is necessary to design an appropriate API for the securing system of subtree encryption for XML documents. The goal is to increase productivity and reduce the cost of maintaining this kind of software, for which we propose a document security language (DSL) API. We describe the implementation of the DSL API, and use experimental results to demonstrate its practicality.

Original languageEnglish
Pages (from-to)1362-1374
Number of pages13
JournalJournal of Systems and Software
Volume80
Issue number8
DOIs
Publication statusPublished - 2007 Aug 1

Fingerprint

Application programs
XML
Interfaces (computer)
Application programming interfaces (API)
Cryptography
Specification languages
Processing
Software engineering
Productivity
Internet
Costs

Keywords

  • Decryption
  • Digital signature
  • Document security language
  • Encryption
  • Security
  • XML

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture

Cite this

The design and implementation of an application program interface for securing XML documents. / Chang, Tao Ku; Hwang, Gwan-Hwan.

In: Journal of Systems and Software, Vol. 80, No. 8, 01.08.2007, p. 1362-1374.

Research output: Contribution to journalArticle

@article{111219e6d28f4113872be243c25ae4f4,
title = "The design and implementation of an application program interface for securing XML documents",
abstract = "The encryption and signature standards proposed by W3C specifying the format for encrypted XML documents are important advances towards XML security [Eastlake, Donald, Reagle, Joseph, Imamura, Takeshi, Dillaway, Blair, Simon, Ed, 2002. XML Encryption Syntax and Processing. W3C Recommendation 10 December 2002 , Eastlake, Donald, Reagle, Joseph, Solo, David, Bartel, Mark, Boyer, John, Fox, Barb, LaMacchia, Brian, Simon, Ed, 2002. XML-Signature Syntax and Processing W3C Recommendation, 12 February 2002. ]. Related works include the proposal of a specification language that allows a programmer to describe the security details of XML documents [Hwang, Gwan-Hwan, Chang, Tao-Ku, 2004. An operational model and language support for securing XML documents. Computers & Security 23(6), 498-529, Hwang, Gwan-Hwan, Chang, Tao-Ku, 2001. Document security language (DSL) and an efficient automatic securing tool for XML documents. International Conference on Internet Computing, Las Vegas, Nevada, USA, 24-28 June 2001, pp. 393-399]. Despite the success of these works, we consider them to be insufficient from the viewpoint of software engineering. In this paper, we employ some real examples to demonstrate that it is necessary to design an appropriate API for the securing system of subtree encryption for XML documents. The goal is to increase productivity and reduce the cost of maintaining this kind of software, for which we propose a document security language (DSL) API. We describe the implementation of the DSL API, and use experimental results to demonstrate its practicality.",
keywords = "Decryption, Digital signature, Document security language, Encryption, Security, XML",
author = "Chang, {Tao Ku} and Gwan-Hwan Hwang",
year = "2007",
month = "8",
day = "1",
doi = "10.1016/j.jss.2006.10.051",
language = "English",
volume = "80",
pages = "1362--1374",
journal = "Journal of Systems and Software",
issn = "0164-1212",
publisher = "Elsevier Inc.",
number = "8",

}

TY - JOUR

T1 - The design and implementation of an application program interface for securing XML documents

AU - Chang, Tao Ku

AU - Hwang, Gwan-Hwan

PY - 2007/8/1

Y1 - 2007/8/1

N2 - The encryption and signature standards proposed by W3C specifying the format for encrypted XML documents are important advances towards XML security [Eastlake, Donald, Reagle, Joseph, Imamura, Takeshi, Dillaway, Blair, Simon, Ed, 2002. XML Encryption Syntax and Processing. W3C Recommendation 10 December 2002 , Eastlake, Donald, Reagle, Joseph, Solo, David, Bartel, Mark, Boyer, John, Fox, Barb, LaMacchia, Brian, Simon, Ed, 2002. XML-Signature Syntax and Processing W3C Recommendation, 12 February 2002. ]. Related works include the proposal of a specification language that allows a programmer to describe the security details of XML documents [Hwang, Gwan-Hwan, Chang, Tao-Ku, 2004. An operational model and language support for securing XML documents. Computers & Security 23(6), 498-529, Hwang, Gwan-Hwan, Chang, Tao-Ku, 2001. Document security language (DSL) and an efficient automatic securing tool for XML documents. International Conference on Internet Computing, Las Vegas, Nevada, USA, 24-28 June 2001, pp. 393-399]. Despite the success of these works, we consider them to be insufficient from the viewpoint of software engineering. In this paper, we employ some real examples to demonstrate that it is necessary to design an appropriate API for the securing system of subtree encryption for XML documents. The goal is to increase productivity and reduce the cost of maintaining this kind of software, for which we propose a document security language (DSL) API. We describe the implementation of the DSL API, and use experimental results to demonstrate its practicality.

AB - The encryption and signature standards proposed by W3C specifying the format for encrypted XML documents are important advances towards XML security [Eastlake, Donald, Reagle, Joseph, Imamura, Takeshi, Dillaway, Blair, Simon, Ed, 2002. XML Encryption Syntax and Processing. W3C Recommendation 10 December 2002 , Eastlake, Donald, Reagle, Joseph, Solo, David, Bartel, Mark, Boyer, John, Fox, Barb, LaMacchia, Brian, Simon, Ed, 2002. XML-Signature Syntax and Processing W3C Recommendation, 12 February 2002. ]. Related works include the proposal of a specification language that allows a programmer to describe the security details of XML documents [Hwang, Gwan-Hwan, Chang, Tao-Ku, 2004. An operational model and language support for securing XML documents. Computers & Security 23(6), 498-529, Hwang, Gwan-Hwan, Chang, Tao-Ku, 2001. Document security language (DSL) and an efficient automatic securing tool for XML documents. International Conference on Internet Computing, Las Vegas, Nevada, USA, 24-28 June 2001, pp. 393-399]. Despite the success of these works, we consider them to be insufficient from the viewpoint of software engineering. In this paper, we employ some real examples to demonstrate that it is necessary to design an appropriate API for the securing system of subtree encryption for XML documents. The goal is to increase productivity and reduce the cost of maintaining this kind of software, for which we propose a document security language (DSL) API. We describe the implementation of the DSL API, and use experimental results to demonstrate its practicality.

KW - Decryption

KW - Digital signature

KW - Document security language

KW - Encryption

KW - Security

KW - XML

UR - http://www.scopus.com/inward/record.url?scp=34248523976&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34248523976&partnerID=8YFLogxK

U2 - 10.1016/j.jss.2006.10.051

DO - 10.1016/j.jss.2006.10.051

M3 - Article

VL - 80

SP - 1362

EP - 1374

JO - Journal of Systems and Software

JF - Journal of Systems and Software

SN - 0164-1212

IS - 8

ER -