—In this paper we compare four risk analysis methods: Mehari, Magerit, NIST800-30 and Microsoft's Security Management Guide. Mehari is a method for risk analysis and risk management developed by CLUSIF (Club de la Sécurité de l'Information Français). Magerit is a risk analysis and management methodology for information systems developed by CSAE (Consejo… (More)
Provenance is defined in some literature as a complete documentation of process that led to an object. Provenance has been utilized in some contexts, i.e. database systems, file systems and grid systems. Provenance can be represented by a directed acyclic graph (DAG). In this paper we show an access control method to the provenance information that is… (More)
This paper describes how to preserve integrity and confidentiality of a directed acyclic graph (DAG) model of provenance database. We show a method to preserve integrity by using digital signature where both of the provenance owner and the process executors (i.e. contributors) sign the nodes and the relationships between nodes in the prove-nance graph so… (More)
Database Service Provider (DSP) is a provider in the Internet that provides service in maintaining data so users can access their data anytime and anywhere from the Internet. DSP model introduces several challenges. An important issue is data confidentiality. In this paper we propose a Usage Control (UCON) model and architecture that can be enforced to… (More)
Proxy re-encryption is a useful concept and many proxy re-encryption schemes have been proposed in the asymmetric encryption setting. In the asymmetric encryption setting, proxy re-encryption can be beautifully implemented because many operations are available to directly transform a cipher to another cipher without the proxy needs to access the plaintexts.… (More)
i Contents Abstract 1 1 Introduction 3 1.
This manuscript has been published without reviewing and editing as received from the authors: posting the manuscript to SCIS 2006 does not prevent future submissions to any journals or conferences with proceedings. Abstract— There are situations where users of databases cannot fully trust the administrators of databases where they store their data. In this… (More)
There are many situations where users of databases cannot fully trust the administrators of databases where they store their data. In this paper we propose a partially outsourced access control model for such databases. In this model, access control to databases is partially outsourced to third parties. The tasks of the third parties are: partially mediates… (More)