Databases Reference
In-Depth Information
•
The
price per byte of storage must be modest
, as data volumes are
very high. The conflict between security, cost-effectiveness, and eciency
makes the design of compliance storage extremely challenging.
To respond to regulations for trustworthy document retention, the stor-
age industry has developed a variety of
compliance storage
products that
aim to address the requirements outlined in the previous section. Vendors
in this marketplace include IBM [16], HP [13], EMC [7], Hitachi Data Sys-
tems [12], Zantaz [49], StorageTek [44], Network Appliance [23], and Quantum
Inc. [34]. Often their products are referred to simply as WORM (write once,
read many) devices, though of course any product that supports deletion of
expired records is not a true WORM device. In this section, we briefly discuss
a set of representative systems and their security properties.
Tape-based products.
Due to the favorable cost-per-MB ratio of tape-
based storage in the past, tape was a natural choice for massive data storage in
commercial enterprise deployments where regulatory compliance is of concern.
Thus storage vendors offered tape-based compliance storage first. The Quan-
tum DLTSage predictive, preventative and diagnostic tools for tape storage
environments [34] are a representative instance. The WORM assurances of
the tape systems are provided under the assumption that only Quantum tape
readers are deployed: “DLTSage WORM provides features to assure compli-
ance, placing an electronic key on each cartridge to ensure WORM integrity.
This unique identifier cannot be altered, providing a tamper-proof archive
cartridge that meets stringent compliance requirements to ensure integrity
protection and full accessibility with reliable duplication” [34]. Such systems,
however, make impractical assumptions. Given the nature of magnetic tape,
an attacker can easily dismantle the plastic tape enclosure and access the
underlying data on a different customized reader, thus compromising its in-
tegrity. Relying on the physical integrity of a “plastic yellow label,” as in one
product, to safeguard essential enterprise information is likely to be unaccept-
able in high-stakes commercial scenarios.
Optical-disk products.
Optical disk media (CDs) have been around
experimentally since 1969 and commercially available since 1983. Given the
prohibitive costs of high-powered lasers in small form factors, in the early
days, most CD devices were only capable of reading disk information. As the
technology matured, write-once (and later read-write) media appeared. Opti-
cal WORM-disk solutions rely on irreversible physical write effects to ensure
the inability to alter existing content. However, with ever increasing amounts
of information being produced and requiring constant low-latency accessibil-
ity in commercial scenarios, it is challenging to deploy a scalable optical-only
WORM solution. Moreover, optical WORM disks are plagued with other prac-
tical issues such as the inability to fine-tune WORM and secure deletion gran-
ularity (problems partially shared also by tape-based solutions). Moreover,
due to bulk production requirements, optical disks are vulnerable to simple
data replication attacks, with the end result that they do not provide any
