Databases Reference
In-Depth Information
15
Trustworthy Records Retention
Ragib Hasan
1
, Marianne Winslett
1
, Soumyadeb Mitra
1
,Windsor Hsu
2
,Radu
Sion
3
1
Department of Computer Science, University of Illinois at Urbana-Champaign,
(rhasan,winslett,mitra1)@cs.uiuc.edu
2
Data Domain, Inc.
windsor.hsu@datadomain.com
3
Network Security and Applied Cryptography Lab, Stony Brook University
sion@cs.stonybrook.edu
Summary.
Trustworthy retention of electronic records has become a necessity to
ensure compliance with laws and regulations in business and the public sector.
Among other features, these directives foster accountability by requiring organi-
zations to secure the entire life cycle of their records, so that records are created,
kept accessible for an appropriate period of time, and deleted, without tampering
or interference from organizational insiders or outsiders. In this chapter, we discuss
existing techniques for trustworthy records retention and explore the open problems
in the area.
1 Introduction
Modern enterprises create, process, and store large quantities of records. The
internal operations of an enterprise rely heavily on these records when making
business decisions. Further, public confidence in an enterprise depends on its
ability to maintain the confidentiality, integrity, and authenticity of its records
throughout their life cycle. In response to a number of incidents of corporate
fraud involving inappropriate modification and/or disclosure of financial and
personal records, governments have issued laws and regulations that mandate
organizations to provide trustworthy storage of their records for a guaranteed
retention period, and to completely dispose of the records after their retention
period has passed.
Unfortunately, most traditional security techniques are of little help in
ensuring trustworthy retention of records, because traditional techniques fo-
cus on outsiders as the source of threats to the system. With organizational
fraud, the threat comes from inside the organization, often from highly-placed
employees who can coerce system administrators into aiding their coverup at-
tempts. Trustworthy records retention requires new types of storage servers
and database management systems, along with new techniques for indexing,
record placement, data migration, and deletion.
