Summary
Trustworthy retention of electronic records has become a necessity to ensure compliance with laws and regulations in business and the public sector. Among other features, these directives foster accountability by requiring organizations to secure the entire life cycle of their records, so that records are created, kept accessible for an appropriate period of time, and deleted, without tampering or interference from organizational insiders or outsiders. In this chapter, we discuss existing techniques for trustworthy records retention and explore the open problems in the area.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bruno Becker, Stephan Gschwind, Thomas Ohler, Bernhard Seeger, and Peter Widmayer. An asymptotically optimal multiversion b-tree. The VLDB Journal, 5(4):264–275, 1996.
Andrei Z. Broder and Anna R. Karlin. Multilevel Adaptive Hashing. In 1st ACM-SIAM Symposium on Discrete Algorithms, 1990.
Centers for Medicare & Medicaid Services. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). Online at http://www.cms.hhs.gov/hipaa/, 1996.
Protiviti Consulting. Frequently Asked Questions About J-SOX. Online at http://www.protiviti.jp/downloads/JSOXOverviewfinal_E.pdf, 2006.
Martin Dietzfelbinger, Anna Karlin, Kurt Mehlhorn, Friedhelm Meyer Auf Der Heide, Hans Rohnert, and Robert E. Tarjan. Dynamic Perfect Hashing: Upper and Lower Bounds. SIAM Journal on Computing, 23(4):738–761, 1994.
Malcolm C Easton. Key-sequence data sets on indelible storage. IBM Journal of Research and Development, 30(3):230–241, 1986.
EMC Corp. EMC Centera Content Addressed Storage System. Online at http://www.emc.com/products/systems/centera_ce.jsp, 2006.
R. J. Enbody and H. C. Du. Dynamic Hashing Schemes. ACM Computing Surveys, 20(2), June 1988.
Christos Faloutsos. Access methods for text. ACM Computing Surveys, 17(1):49–74, 1985.
Financial Security Authority. Markets in Financial Instruments Directive. Online at http://www.fsa.gov.uk/, 2006.
Trusted Computing Group. Trusted Platform Module (TPM) Specifications. Online at https://www.trustedcomputinggroup.org/specs/TPM, 2006.
Hitachi Data Systems. Content Archive Platform. Online at http://www.hds.com/products/storage-systems/content-archive-platform/, 2006.
HP. HP Storage Archiving Solutions. Online at http://h18006.www1.hp.com/storage/archiving/index.html, 2006.
Lan Huang, Windsor W. Hsu, and Fengzhou Zheng. CIS: Content Immutable Storage for Trustworthy Record Keeping. In Proceedings of the Conference on Mass Storage Systems and Technologies (MSST), 2006.
IBM Corp. IBM Storage N Series. Online at http://www-03.ibm.com/systems/storage/nas/index.html, 2006.
IBM Corp. IBM TotalStorage DR550. Online at http://www-1.ibm.com/servers/storage/disk/dr, 2006.
IBM Corp. IBM Tivoli Storage Manager. Online at www.ibm.com/software/tivoli/products/storage-mgr/, 2007.
Judicial Conference of the United States. Federal Rules of Civil Procedure. Online at http://judiciary.house.gov/media/pdfs/printers/108th/civil2004.pdf, 2004.
T. Krijnen and L. G. L. T. Meertens. Making B-Trees Work for B.IW219/83. The Mathematical Centre, 1983.
Soumyadeb Mitra, Windsor W. Hsu, and Marianne Winslett. Trustworthy keyword search for regulatory-compliant record retention. In International Conference on Very Large Data Bases, pages 1001–1012, September 2006.
Soumyadeb Mitra and Marianne Winslett. Secure deletion from inverted indexes on compliance storage. In StorageSS: ACM Workshop on Storage Security and Survivability, pages 67–72, 2006.
Soumyadeb Mitra, Marianne Winslett, Windsor W. Hsu, and Xiaonan Ma. Trustworthy Migration and Retrieval of Regulatory Compliant Records. In Proceedings of the Conference on Mass Storage Systems and Technologies (MSST), 2007.
Network Appliance, Inc. SnapLockâ„¢ Compliance and SnapLock Enterprise Software. Online at http://www.netapp.com/products/filer/snaplock.html, 2006.
The U.S. Department of Defense. Directive 5015.2: DOD Records Management Program. Online at http://www.dtic.mil/whs/directives/corres/pdf /50152std_061902/p50152s.pdf, 2002.
The US Department of Education. 20 U.S.C. 1232g; 34 CFR Part 99: The Family Educational Rights and Privacy Act (FERPA). Online at http://www.ed.gov/policy/gen/guid/fpco/ferpa, 1974.
Janet Ecker (Minister of Finance). Bill 198 2002. An Act to Implement Budget Measures and Other Initiatives of the Government. Legislative Assembly of Ontario, 2002.
The U.S. Department of Health, Human Services Food, and Drug Administration. 21 CFR Part 11: Electronic Records and Signature Regulations. Online at http://www.fda.gov/ora/compliance_ref /part11/FRs/background/pt11finr.pdf, 1997.
Acts of the UK Parliament. Companies (Audit, Investigations and Community Enterprise) Act 2004. Online at http://www.opsi.gov.uk/ACTS/acts2004/20040027.htm, 2004.
Congress of the United States. Gramm-Leach-Bliley Financial Services Modernization Act. Public Law No. 106-102, 113 Stat. 1338, 1999.
Congress of the United States. Sarbanes-Oxley Act. Online at http://thomas.loc.gov, 2002.
Congress of the United States. The E-Government Act. U.S. Public Law 107-347, 2002.
Julie Owens. Best practices for emerging compliance challenges: Electronic messaging and communications. Online at http://www.facetime.com/pdf/reymann.pdf, 2004.
European Parliament. Legislative documents. Online at http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm, 2006.
Quantum Inc. DLTSage WORM. Online at http://www.quantum.com/Products/TapeDrives/Index.aspx, 2006.
Peter Rathmann. Dynamic data structures on optical disks. In Proceedings of the First International Conference on Data Engineering, pages 175–180, Washington, DC, USA, 1984. IEEE Computer Society.
Stephen E. Robertson, Steve Walker, Micheline Hancock-Beaulieu, Aarron Gull, and Marianna Lau. Okapi at TREC. In Text REtrieval Conference, pages 21–30, 1992.
Occupational Safety and Health Administration. Regulation (Standards - 29 CFR), Access to employee exposure and medical records, Section 1910.1020(d)(1)(ii). Online at http://www.osha.gov/, 1993.
Securities and Exchange Commission. Guidance to Broker-Dealers on the Use of Electronic Storage Media under the National Commerce Act of 2000 with Respect to Rule 17a-4(f). Online at http://www.sec.gov/rules/interp/34-44238.htm, 2001.
Australian Securities and Exchange Commission. Clerp 9 corporate reporting and disclosure laws. Online at http://www.asic.gov.au, 2004.
Ontario Securities and Exchange Commission. Multilateral Instrument 52-111 - Reporting on Internal Control over Financial Reporting. Online at http://www.osc.gov.on.ca, 2005.
Radu Sion and Simona Boboila. Strong WORM, Network Security and Applied Cryptography Lab Technical Report 02-2007, Online at http://crypto.cs.stonybrook.edu, 2007.
Richard T. Snodgrass, Shilong (Stanley) Yao, and Christian S. Collberg. Tamper detection in audit logs. In VLDB, pages 504–515, 2004.
Sony Corp. Professional Disc for Data. Online at www.sony.net/prodata, 2006.
Sun Microsystems. Storagetek Volsafe secure media technology. Online at http://www.storagetek.com/products/product_page2441.html, 2006.
Sun Microsystems. Sun StorageTek 5320 NAS Appliance. Online at http://www.sun.com/storagetek/nas/5320/, 2006.
Jeffrey D. Ullman, Hector Garcia-Molina, and Jennifer Widom. Database Systems: The Complete Book. Prentice Hall, 2001.
Ian H. Witten, Alistair Moffat, and Timothy C. Bell. Managing Gigabytes: Compressing and Indexing Documents and Images, Second Edition. Morgan Kaufmann, 1999.
William Yurcik and Ragib Hasan. Toward one strong national breach disclosure law - justification and requirements. In Workshop on the Economics of Securing the Information Infrastructure, Alexandria, VA, USA, October 2006.
Zantaz. Zantaz Digital Safe. Online at http://www.zantaz.com/digital-safe-product-family/, 2006.
Qingbo Zhu and Windsor W. Hsu. Fossilized index: The linchpin of trustworthy non-alterable electronic records. In Proceedings of the ACM SIGMOD International Conference on Management of Data, pages 395–406. ACM, June 2005.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media, LLC.
About this chapter
Cite this chapter
Hasan, R., Winslett, M., Mitra, S., Hsu, W., Sion, R. (2008). Trustworthy Records Retention. In: Gertz, M., Jajodia, S. (eds) Handbook of Database Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-48533-1_15
Download citation
DOI: https://doi.org/10.1007/978-0-387-48533-1_15
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-48532-4
Online ISBN: 978-0-387-48533-1
eBook Packages: Computer ScienceComputer Science (R0)