research-article

Free access

Security constructs for regulatory-compliant storage

Authors:

Randal Burns,

Zachary PetersonAuthors Info & Claims

Communications of the ACM, Volume 53, Issue 1

Pages 126 - 130

https://doi.org/10.1145/1629175.1629206

Published: 01 January 2010 Publication History

All formats PDF

Abstract

Introduction

In response to a growing body of electronic records legislation, the storage community has enhanced data stores to include privacy, auditability, and a "chain-of-custody" for data. There are currently over 4,000 federal, state, and local regulations that govern the storage, management, and retrieval of electronic records. Most notably, the Sarbanes-Oxley Act of 2002, which regulates corporate financial records. Storage vendors provide "compliance" platforms that store and manage data in accordance with regulations, which aids customers in meeting compliance guidelines. Examples include: EMC Centera Compliance Edition,™ NetApp SnapLock,™ and IBM Tivoli Security Compliance Manage.™

Many of these platforms add storage management policy to existing systems. Vendors start with systems that manage versions of files or volumes. They add immutability to past versions by preventing writes by policy. They also enforce data retention guidelines by not allowing the deletion of protected files. Enhanced metadata allows users and auditors to examine the store at any point-in-time and investigate the manner in which data have changed throughout their history.

While these features aid organizations in complying with regulations, they do not provide strong evidence of compliance. By following storage management policies, data are versioned and retained for mandated periods. However, there are many opportunities and motivations to subvert such storage policies. In fact, the file system owner represents the most likely attacker. For example, a corporation might alter or destroy data after the corporation comes under suspicion of malfeasance. The shredding of Enron audit documents at Arthur Anderson in 2001 provides a notable paper analog. Similarly, a hospital or private medical practice might attempt to amend or delete a patient's medical records to hide evidence of malpractice. In policy-based storage systems, past data may be altered or destroyed by reverse engineering file system formats and editing the file data on disk--a common and well understood data forensics task.

We assert that these features need to be cryptographically strong, providing irrefutable evidence of compliance with regulations. This can be achieved for data retention and chain of custody. A storage system commits to a version history so that, at a later time, an auditor may access past data and gain conclusive evidence that the data have been retained and are unmodified. Further, all data should be bound to the users that modify, create, or delete that data. Such constructs improve the evidentiary value of electronic records within the courts, increase an auditor's confidence in the veracity of the information on which they report (and for which they are responsible), and enhance an organization's quality of data management.

To these ends, we review three security constructs for versioning file systems. Digital audit trails allow a file system to prove to an independent auditor that it stored data in conformance with regulated retention guidelines. Fine-grained, secure deletion allows a system to efficiently delete individual versions of files to meet confidentiality requirements, limit liability, and allow data to be redacted. Per-block authenticated encryption adds authenticity guarantees to the confidentiality provided by encryption. We also include a distillation of requirements based on a review of relevant legislation and a brief characterization of the performance impact of these techniques based on their implementation within the ext3cow file system.

References

[1]

Bellare, M., Guérin, R., and Rogaway, P. XOR MACs: New methods for message authentication using finite pseudorandom functions. In Advances in Cryptology Lecture Notes in Computer Science, 963, Springer-Verlag, 15--28, 1995.

Digital Library

Google Scholar

[2]

Bellare, M., and Namprempre, C. Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm. In Advances in Cryptology. Lecture Notes in Computer Science, 1976, Springer-Verlag.

Digital Library

Google Scholar

[3]

Gutmann, P. Secure deletion of data from magnetic and solid-state memory. In Proceedings of the USENIX Security Symposium (July 1996), 77--90.

Digital Library

Google Scholar

[4]

Kahn, R. A., and Blair, B. T. Information Nation Warrior: Information Management Compliance Boot Camp. AIIM International, May 2005.

Google Scholar

[5]

Lamport, L. Password authentication with insecure communication. Comm. ACM 24, 11 (Nov. 1981), 770--772.

Digital Library

Google Scholar

[6]

Peterson, Z. N. J., Burns, R., Ateniese, G., and Bono, S. Design and implementation of verifiable audit trails for a versioning file system. In Proceedings of the USENIX Conference on File And Storage Technologies (Feb. 2007), 93--106.

Digital Library

Google Scholar

[7]

Peterson, Z. N. J., Burns, R., Herring, J., Stubblefield, A., and Rubin, A. Secure deletion for a versioning file system. In Proceedings of the USENIX Conference on File And Storage Technologies (Dec. 2005), 143--154.

Digital Library

Google Scholar

[8]

Rivest, R. L. All-or-nothing encryption and the package transform. In Proceedings of the Fast Software Encryption Conference (1997), 1267, 210--218. Lecture Notes in Computer Science.

Digital Library

Google Scholar

Cited By

View all

Opala ORahman SAlelaiwi A(2016)Enterprise Cloud AdoptionWeb-Based Services10.4018/978-1-4666-9466-8.ch057(1283-1315)Online publication date: 2016
https://doi.org/10.4018/978-1-4666-9466-8.ch057
Opala ORahman SAlelaiwi A(2014)Enterprise Cloud AdoptionHandbook of Research on Architectural Trends in Service-Driven Computing10.4018/978-1-4666-6178-3.ch022(554-588)Online publication date: 2014
https://doi.org/10.4018/978-1-4666-6178-3.ch022

Index Terms

Security constructs for regulatory-compliant storage

Recommendations

Towards regulatory compliant storage systems
Building regulatory compliant storage systems
dg.o '06: Proceedings of the 2006 international conference on Digital government research

In the past decade, informational records have become entirely digital. These include financial statements, health care records, student records, private consumer information and other sensitive data. Because of the delicate nature of the data these ...
Regulatory-compliant data management
VLDB '07: Proceedings of the 33rd international conference on Very large data bases

Digital societies and markets increasingly mandate consistent procedures for the access, processing and storage of information. In the United States alone, over 10,000 such regulations can be found in financial, life sciences, health - care and ...

Reviews

Reviewer: Amos O Olagunju

The massive compliance legislation and guidelines on the storage, administration, and retrieval (SAR) of electronic records [1,2] create major challenges for the healthcare and financial industries. How should investors and customers be shielded from unnecessary confidentiality raids__?__ How should the entire versions of all electronic records (ERs) be made faultless, resistant to denial of modification by users, accessible instantaneously, and impervious to leaks and illegal use__?__ Burns and Peterson propose secure digital audit trails (SDATs), an authenticated encryption technique (AET), and a secure deletion mechanism (SDM) for acquiring evidence of compliance with SAR regulations of ERs. The SDATs are augmented message authentication codes (MACs) stored at a third party for validating the credibility and legitimacy of the contents of files. This incremental verification scheme offers the third party the advantages of storage space and network bandwidth since SDAT does not obligate circulating all MACs of a file. The AET independently encrypts each file data block to generate the encrypted data block and a stub. The AET produces confirmation facts on each write, and authenticates on each read of a file block. The SDM obliterates bulky data blocks by overwriting the associated small stub block, with no direct contact with the data blocks. The constructs of SDATs, SDM, and AET have been put into practice in a file versioning and snapshot system (FVSS). The security, storage, and data management features put into place to augment regulatory compliance only minimally degrade performance. Consequently, I highly recommend the FVSS for generating unarguable evidence of compliance with the changing SAR regulations of ERs. The FVSS is a useful tool for reducing the risks of ER legal responsibilities, and for providing security assurance to stakeholders. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

Communications of the ACM Volume 53, Issue 1

Amir Pnueli: Ahead of His Time

January 2010

142 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/1629175

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 January 2010

Published in CACM Volume 53, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Popular
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
944
Total Downloads

Downloads (Last 12 months)134
Downloads (Last 6 weeks)40

Reflects downloads up to 01 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Opala ORahman SAlelaiwi A(2016)Enterprise Cloud AdoptionWeb-Based Services10.4018/978-1-4666-9466-8.ch057(1283-1315)Online publication date: 2016
https://doi.org/10.4018/978-1-4666-9466-8.ch057
Opala ORahman SAlelaiwi A(2014)Enterprise Cloud AdoptionHandbook of Research on Architectural Trends in Service-Driven Computing10.4018/978-1-4666-6178-3.ch022(554-588)Online publication date: 2014
https://doi.org/10.4018/978-1-4666-6178-3.ch022

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Towards regulatory compliant storage systems

Building regulatory compliant storage systems

Regulatory-compliant data management

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Magazine Site

Login options

Full Access

Share

Share this Publication link

Share on social media

Affiliations