The amount of security critical information that is only available in digital form is increasing constantly. Some of these data, such as medical or tax data, need to be preserved for long periods of time. Thus, several schemes for long-term integrity protection of long-lived and archived data were developed. However, a comprehensive security analysis is still missing. In this paper we discuss existing security models for long lived systems and show to what extend they allow to prove the security of those schemes. Then, we introduce a new model that overcomes the shortcomings of the state of the art and allows to formally analyze timestamp-based long-term integrity schemes. Finally, we show how the security level of the long-term integrity scheme can be determined for concrete instantiations.