Amril Syalim

Learn More
In this paper we compare four risk analysis methods: Mehari, Magerit, NIST800-30 and Microsoft's Security Management Guide. Mehari is a method for risk analysis and risk management developed by CLUSIF (Club de la Securite del' Information Francais). Magerit is a risk analysis and management methodology for information systems developed by CSAE (Consejo(More)
This paper describes how to preserve integrity and confidentiality of a directed acyclic graph (DAG) model of provenance database. We show a method to preserve integrity by using digital signature where both of the provenance owner and the process executors (i.e. contributors) sign the nodes and the relationships between nodes in the provenance graph so(More)
Provenance is defined in some literature as a complete documentation of process that led to an object. Provenance has been utilized in some contexts, i.e. database systems, file systems and grid systems. Provenance can be represented by a directed acyclic graph (DAG). In this paper we show an access control method to the provenance information that is(More)
Database Service Provider (DSP) is a provider in the Internet that provides service in maintaining data so users can access their data anytime and anywhere from the Internet. DSP model introduces several challenges. An important issue is data confidentiality. In this paper we propose a Usage Control (UCON) model and architecture that can be enforced to(More)
There are situations where users of databases cannot fully trust the administrators of databases where they store their data. In this paper we describe an outsourced access control model for such database. In this model, access control to databases is outsourced to trusted third parties. The tasks of the trusted third parties are: mediate access control to(More)
There are many situations where users of databases cannot fully trust the administrators of databases where they store their data. In this paper we propose a partially outsourced access control model for such databases. In this model, access control to databases is partially outsourced to third parties. The tasks of the third parties are: partially mediates(More)
  • 1