Skip to main content
SpringerLink
Log in

Trustworthy Records Retention

  • Chapter
Handbook of Database Security

  • 1730 Accesses

Summary

Trustworthy retention of electronic records has become a necessity to ensure compliance with laws and regulations in business and the public sector. Among other features, these directives foster accountability by requiring organizations to secure the entire life cycle of their records, so that records are created, kept accessible for an appropriate period of time, and deleted, without tampering or interference from organizational insiders or outsiders. In this chapter, we discuss existing techniques for trustworthy records retention and explore the open problems in the area.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bruno Becker, Stephan Gschwind, Thomas Ohler, Bernhard Seeger, and Peter Widmayer. An asymptotically optimal multiversion b-tree. The VLDB Journal, 5(4):264–275, 1996.

    Article  Google Scholar 

  2. Andrei Z. Broder and Anna R. Karlin. Multilevel Adaptive Hashing. In 1st ACM-SIAM Symposium on Discrete Algorithms, 1990.

    Google Scholar 

  3. Centers for Medicare & Medicaid Services. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). Online at http://www.cms.hhs.gov/hipaa/, 1996.

    Google Scholar 

  4. Protiviti Consulting. Frequently Asked Questions About J-SOX. Online at http://www.protiviti.jp/downloads/JSOXOverviewfinal_E.pdf, 2006.

    Google Scholar 

  5. Martin Dietzfelbinger, Anna Karlin, Kurt Mehlhorn, Friedhelm Meyer Auf Der Heide, Hans Rohnert, and Robert E. Tarjan. Dynamic Perfect Hashing: Upper and Lower Bounds. SIAM Journal on Computing, 23(4):738–761, 1994.

    Article  MATH  MathSciNet  Google Scholar 

  6. Malcolm C Easton. Key-sequence data sets on indelible storage. IBM Journal of Research and Development, 30(3):230–241, 1986.

    Article  Google Scholar 

  7. EMC Corp. EMC Centera Content Addressed Storage System. Online at http://www.emc.com/products/systems/centera_ce.jsp, 2006.

    Google Scholar 

  8. R. J. Enbody and H. C. Du. Dynamic Hashing Schemes. ACM Computing Surveys, 20(2), June 1988.

    Google Scholar 

  9. Christos Faloutsos. Access methods for text. ACM Computing Surveys, 17(1):49–74, 1985.

    Article  Google Scholar 

  10. Financial Security Authority. Markets in Financial Instruments Directive. Online at http://www.fsa.gov.uk/, 2006.

    Google Scholar 

  11. Trusted Computing Group. Trusted Platform Module (TPM) Specifications. Online at https://www.trustedcomputinggroup.org/specs/TPM, 2006.

    Google Scholar 

  12. Hitachi Data Systems. Content Archive Platform. Online at http://www.hds.com/products/storage-systems/content-archive-platform/, 2006.

    Google Scholar 

  13. HP. HP Storage Archiving Solutions. Online at http://h18006.www1.hp.com/storage/archiving/index.html, 2006.

    Google Scholar 

  14. Lan Huang, Windsor W. Hsu, and Fengzhou Zheng. CIS: Content Immutable Storage for Trustworthy Record Keeping. In Proceedings of the Conference on Mass Storage Systems and Technologies (MSST), 2006.

    Google Scholar 

  15. IBM Corp. IBM Storage N Series. Online at http://www-03.ibm.com/systems/storage/nas/index.html, 2006.

    Google Scholar 

  16. IBM Corp. IBM TotalStorage DR550. Online at http://www-1.ibm.com/servers/storage/disk/dr, 2006.

    Google Scholar 

  17. IBM Corp. IBM Tivoli Storage Manager. Online at www.ibm.com/software/tivoli/products/storage-mgr/, 2007.

    Google Scholar 

  18. Judicial Conference of the United States. Federal Rules of Civil Procedure. Online at http://judiciary.house.gov/media/pdfs/printers/108th/civil2004.pdf, 2004.

    Google Scholar 

  19. T. Krijnen and L. G. L. T. Meertens. Making B-Trees Work for B.IW219/83. The Mathematical Centre, 1983.

    Google Scholar 

  20. Soumyadeb Mitra, Windsor W. Hsu, and Marianne Winslett. Trustworthy keyword search for regulatory-compliant record retention. In International Conference on Very Large Data Bases, pages 1001–1012, September 2006.

    Google Scholar 

  21. Soumyadeb Mitra and Marianne Winslett. Secure deletion from inverted indexes on compliance storage. In StorageSS: ACM Workshop on Storage Security and Survivability, pages 67–72, 2006.

    Google Scholar 

  22. Soumyadeb Mitra, Marianne Winslett, Windsor W. Hsu, and Xiaonan Ma. Trustworthy Migration and Retrieval of Regulatory Compliant Records. In Proceedings of the Conference on Mass Storage Systems and Technologies (MSST), 2007.

    Google Scholar 

  23. Network Appliance, Inc. SnapLockâ„¢ Compliance and SnapLock Enterprise Software. Online at http://www.netapp.com/products/filer/snaplock.html, 2006.

    Google Scholar 

  24. The U.S. Department of Defense. Directive 5015.2: DOD Records Management Program. Online at http://www.dtic.mil/whs/directives/corres/pdf /50152std_061902/p50152s.pdf, 2002.

    Google Scholar 

  25. The US Department of Education. 20 U.S.C. 1232g; 34 CFR Part 99: The Family Educational Rights and Privacy Act (FERPA). Online at http://www.ed.gov/policy/gen/guid/fpco/ferpa, 1974.

    Google Scholar 

  26. Janet Ecker (Minister of Finance). Bill 198 2002. An Act to Implement Budget Measures and Other Initiatives of the Government. Legislative Assembly of Ontario, 2002.

    Google Scholar 

  27. The U.S. Department of Health, Human Services Food, and Drug Administration. 21 CFR Part 11: Electronic Records and Signature Regulations. Online at http://www.fda.gov/ora/compliance_ref /part11/FRs/background/pt11finr.pdf, 1997.

    Google Scholar 

  28. Acts of the UK Parliament. Companies (Audit, Investigations and Community Enterprise) Act 2004. Online at http://www.opsi.gov.uk/ACTS/acts2004/20040027.htm, 2004.

    Google Scholar 

  29. Congress of the United States. Gramm-Leach-Bliley Financial Services Modernization Act. Public Law No. 106-102, 113 Stat. 1338, 1999.

    Google Scholar 

  30. Congress of the United States. Sarbanes-Oxley Act. Online at http://thomas.loc.gov, 2002.

    Google Scholar 

  31. Congress of the United States. The E-Government Act. U.S. Public Law 107-347, 2002.

    Google Scholar 

  32. Julie Owens. Best practices for emerging compliance challenges: Electronic messaging and communications. Online at http://www.facetime.com/pdf/reymann.pdf, 2004.

    Google Scholar 

  33. European Parliament. Legislative documents. Online at http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm, 2006.

    Google Scholar 

  34. Quantum Inc. DLTSage WORM. Online at http://www.quantum.com/Products/TapeDrives/Index.aspx, 2006.

    Google Scholar 

  35. Peter Rathmann. Dynamic data structures on optical disks. In Proceedings of the First International Conference on Data Engineering, pages 175–180, Washington, DC, USA, 1984. IEEE Computer Society.

    Google Scholar 

  36. Stephen E. Robertson, Steve Walker, Micheline Hancock-Beaulieu, Aarron Gull, and Marianna Lau. Okapi at TREC. In Text REtrieval Conference, pages 21–30, 1992.

    Google Scholar 

  37. Occupational Safety and Health Administration. Regulation (Standards - 29 CFR), Access to employee exposure and medical records,  Section 1910.1020(d)(1)(ii). Online at http://www.osha.gov/, 1993.

    Google Scholar 

  38. Securities and Exchange Commission. Guidance to Broker-Dealers on the Use of Electronic Storage Media under the National Commerce Act of 2000 with Respect to Rule 17a-4(f). Online at http://www.sec.gov/rules/interp/34-44238.htm, 2001.

    Google Scholar 

  39. Australian Securities and Exchange Commission. Clerp 9 corporate reporting and disclosure laws. Online at http://www.asic.gov.au, 2004.

    Google Scholar 

  40. Ontario Securities and Exchange Commission. Multilateral Instrument 52-111 - Reporting on Internal Control over Financial Reporting. Online at http://www.osc.gov.on.ca, 2005.

    Google Scholar 

  41. Radu Sion and Simona Boboila. Strong WORM, Network Security and Applied Cryptography Lab Technical Report 02-2007, Online at http://crypto.cs.stonybrook.edu, 2007.

    Google Scholar 

  42. Richard T. Snodgrass, Shilong (Stanley) Yao, and Christian S. Collberg. Tamper detection in audit logs. In VLDB, pages 504–515, 2004.

    Google Scholar 

  43. Sony Corp. Professional Disc for Data. Online at www.sony.net/prodata, 2006.

    Google Scholar 

  44. Sun Microsystems. Storagetek Volsafe secure media technology. Online at http://www.storagetek.com/products/product_page2441.html, 2006.

    Google Scholar 

  45. Sun Microsystems. Sun StorageTek 5320 NAS Appliance. Online at http://www.sun.com/storagetek/nas/5320/, 2006.

    Google Scholar 

  46. Jeffrey D. Ullman, Hector Garcia-Molina, and Jennifer Widom. Database Systems: The Complete Book. Prentice Hall, 2001.

    Google Scholar 

  47. Ian H. Witten, Alistair Moffat, and Timothy C. Bell. Managing Gigabytes: Compressing and Indexing Documents and Images, Second Edition. Morgan Kaufmann, 1999.

    Google Scholar 

  48. William Yurcik and Ragib Hasan. Toward one strong national breach disclosure law - justification and requirements. In Workshop on the Economics of Securing the Information Infrastructure, Alexandria, VA, USA, October 2006.

    Google Scholar 

  49. Zantaz. Zantaz Digital Safe. Online at http://www.zantaz.com/digital-safe-product-family/, 2006.

    Google Scholar 

  50. Qingbo Zhu and Windsor W. Hsu. Fossilized index: The linchpin of trustworthy non-alterable electronic records. In Proceedings of the ACM SIGMOD International Conference on Management of Data, pages 395–406. ACM, June 2005.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Illinois at Urbana-Champaign, Urbana-Champaign

    Ragib Hasan, Marianne Winslett & Soumyadeb Mitra

  2. Data Domain, Inc., Illinois

    Windsor Hsu

  3. Network Security and Applied Cryptography Lab, Stony Brook University, Stony Brook

    Radu Sion

Authors
  1. Ragib Hasan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marianne Winslett
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Soumyadeb Mitra
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Windsor Hsu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Radu Sion
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science, University of California at Davis, One Shields Avenue, Davis, CA 95616-8562

    Michael Gertz

  2. George Mason University Center for Secure Information Systems Research I, Suite 417, Fairfax, VA 22030-4444

    Sushil Jajodia

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer Science+Business Media, LLC.

About this chapter

Cite this chapter

Hasan, R., Winslett, M., Mitra, S., Hsu, W., Sion, R. (2008). Trustworthy Records Retention. In: Gertz, M., Jajodia, S. (eds) Handbook of Database Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-48533-1_15

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-48533-1_15

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-48532-4

  • Online ISBN: 978-0-387-48533-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation