Recent litigation and intense regulatory focus on secure retention of electronic records have spurred a rush to introduce Write-Once-Read-Many (WORM) storage devices for retaining business records such as electronic mail. However, simply storing records in WORM storage is insufficient to ensure that the records are trustworthy, i.e., able to provide irrefutable proof and accurate details of past events. For example, some form of index is needed for timely access to the records, but unless the index is maintained securely, the records can in effect be hidden or altered. The index structure hence must also be maintained on WORM. Unfortunately, the dynamic nature of index structures makes it a non-trivial task to maintain them on write-once media. Furthermore, it's not adequate to secure a record on a single WORM device. Many practical considerations will mandate the migration of documents from one storage server to another. Unless this migration process is secured, an adversary can tamper with the records while they are being moved from one server to another. Finally, document retention is only one component of its lifecycle. The ability to delete electronic records once their retention period is over is as important as the act of securely maintaining them. It is relatively simple to delete a document, but much harder to remove its index entries from WORM. Yet if these entries are not obliterated, the contents of the deleted document can often be reconstructed.
In this presentation, I will talk about each of these problems in detail and will give an overview of the solutions that we have developed to address them.
Soumyadeb Mitra is a 4th-year PhD student in the Computer Science Department of UIUC. He works under Prof. Marianne Winslett.