ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Fossilized index: the linchpin of trustworthy non-alterable electronic records
Full text PdfPdf (885 KB)
Source International Conference on Management of Data archive
Proceedings of the 2005 ACM SIGMOD international conference on Management of data table of contents
Baltimore, Maryland
SESSION: Research papers: correctness and trust table of contents
Pages: 395 - 406  
Year of Publication: 2005
ISBN:1-59593-060-4
Authors
Qingbo Zhu  University of Illinois at Urbana-Champaign, Urbana, IL
Windsor W. Hsu  IBM Almaden Research Center, San Jose, CA
Sponsors
ACM: Association for Computing Machinery
SIGMOD: ACM Special Interest Group on Management of Data
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 8,   Downloads (12 Months): 53,   Citation Count: 8
Additional Information:

abstract   references   cited by   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1066157.1066203
What is a DOI?

Warning: The download time has expired please click on the item to try again.


ABSTRACT

As critical records are increasingly stored in electronic form, which tends to make for easy destruction and clandestine modification, it is imperative that they be properly managed to preserve their trustworthiness, i.e., their ability to provide irrefutable proof and accurate details of events that have occurred. The need for proper record keeping is further underscored by the recent corporate misconduct and ensuing attempts to destroy incriminating records. Currently, the industry practice and regulatory requirements (e.g., SEC Rule 17a-4) rely on storing records in WORM storage to immutably preserve the records. In this paper, we contend that simply storing records in WORM storage is increasingly inadequate to ensure that they are trustworthy. Specifically, with the large volume of records that are typical today, meeting the ever more stringent query response time requires the use of direct access mechanisms such as indexes. Relying on indexes for accessing records could, however, provide a means for effectively altering or deleting records, even those stored in WORM storage.In this paper, we establish the key requirements for a fossilized index that protects the records from such logical modification. We also analyze current indexing methods to determine how they fall short of these requirements. Based on our insights, we propose the Generalized Hash Tree (GHT). Using both theoretical analysis and simulations with real system data, we demonstrate that the GHT can satisfy the requirements of a fossilized index with performance and cost that are comparable to regular indexing techniques such as the B-tree. We further note that as records are indexed on multiple fields to facilitate search and retrieval, the records can be reconstructed from the corresponding index entries even after the records expire and are disposed of, Therefore, we also present a novel method to eliminate this disclosure risk by allowing an index entry to be effectively disposed of when its record expires.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
P. Bagwell. Ideal Hash Trees. Technical report, Programming Methods Laboratory, Institute of Core Computing Science, School of Computer and Communication Sciences, Swiss Institute of Technology Lausanne, 2001.
 
2
Bruno Becker , Stephan Gschwind , Thomas Ohler , Bernhard Seeger , Peter Widmayer, An asymptotically optimal multiversion B-tree, The VLDB Journal — The International Journal on Very Large Data Bases, v.5 n.4, p.264-275, December 1996  [doi>10.1007/s007780050028]
 
3
Andrei Z. Broder , Anna R. Karlin, Multilevel adaptive hashing, Proceedings of the first annual ACM-SIAM symposium on Discrete algorithms, p.43-53, January 22-24, 1990, San Francisco, California, United States
 
4
Cohasset Associates, Inc. The role of optical storage technology. White Paper, Apr. 2003.
 
5
Congress of the United States of America. Sarbanes-Oxley Act of 2002, 2002. Available at http://thomas.loc.gov.
 
6
Martin Dietzfelbinger , Anna Karlin , Kurt Mehlhorn , Friedhelm MeyerAuf Der, Dynamic Perfect Hashing: Upper and Lower Bounds, SIAM Journal on Computing, v.23 n.4, p.738-761, Aug. 1994  [doi>10.1137/S0097539791194094]
 
7
Malcolm C Easton, Key-sequence data sets on indelible storage, IBM Journal of Research and Development, v.30 n.3, p.230-241, May 1986
 
8
EMC Corp. EMC Centera Content Addressed Storage System, 2003. Available at http://www.emc.com/products/systems/centera_ce.jsp.
9
R. J. Enbody , H. C. Du, Dynamic hashing schemes, ACM Computing Surveys (CSUR), v.20 n.2, p.850-113, June 1988  [doi>10.1145/46157.330532]
 
10
P. Gutmann. Secure Deletion of Data from Magnetic and Solid-State Memory. In 6th USENIX Security Symposium, July 1996.
 
11
W. W. Hsu and S. Ong. Fossilization: A process for establishing truly trustworthy records. Research Report RJ 10331, IBM Almaden Research Center, San Jose, CA, 2004. Available at http://www.research.ibm.com/resources/paper_search.shtml.
 
12
IBM Corp. IBM TotalStorage DR550, 2004. Available at http://www-1.ibm.com/servers/storage/disk/dr.
13
Eugene W. Myers, Efficient applicative data types, Proceedings of the 11th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, p.66-75, January 15-18, 1984, Salt Lake City, Utah, United States  [doi>10.1145/800017.800517]
 
14
National Institute of Standards and Technology. FIPS 180-1. Secure Hash Standard. US Department of Commerce, 1995.
 
15
National Institute of Standards and Technology. FIPS PUB 197, Advanced Encryption Standard (AES), 2001.
 
16
Network Appliance, Inc. SnapLock#8482; Compliance and SnapLock Enterprise Software, 2003. Available at http://www.netapp.com/products/filer/snaplock.html.
 
17
Peter Rathmann, Dynamic Data Structures on Optical Disks, Proceedings of the First International Conference on Data Engineering, p.175-180, April 24-27, 1984
18
Thomas Reps , Tim Teitelbaum , Alan Demers, Incremental Context-Dependent Analysis for Language-Based Editors, ACM Transactions on Programming Languages and Systems (TOPLAS), v.5 n.3, p.449-477, July 1983  [doi>10.1145/2166.357218]
19
Neil Sarnak , Robert E. Tarjan, Planar point location using persistent search trees, Communications of the ACM, v.29 n.7, p.669-679, July 1986  [doi>10.1145/6138.6151]
20
Falk Scholer , Hugh E. Williams , John Yiannis , Justin Zobel, Compression of inverted indexes For fast query evaluation, Proceedings of the 25th annual international ACM SIGIR conference on Research and development in information retrieval, August 11-15, 2002, Tampere, Finland  [doi>10.1145/564376.564416]
 
21
Securities and Exchange Commission. SEC Interpretation: Commission Guidance to Broker-Dealers on the Use of Electronic Storage Media under the Electronic Signatures in Global and National Commerce Act of 2000 with Respect to Rule 17a-4(f), 2001. Available at http://www.sec.gov/rules/interp/34--44238.htm.
 
22
Socha Consulting LLC. The 2004 Socha-Gelbmann Electronic Discovery Survey, 2004.
 
23
Sony Corp. AIT-2/AIT-3 WORM Drives & Libraries, 2003. Available at http://www.storagebysony.com/products/prod_hilite4.asp.
 
24
Michael Stonebraker, The Design of the POSTGRES Storage System, Proceedings of the 13th International Conference on Very Large Data Bases, p.289-300, September 01-04, 1987
 
25
T. Krijnen and L. G. L. T. Meertens. Making B-Trees Work for B.IW 219/83. The Mathematical Centre, Amsterdam, The Netherlands, 1983.
 
26
The Enterprise Storage Group, Inc. Compliance: The effect on information management and the storage industry, May 2003.
 
27
D. Wilton. How Many Words Are There In The English Language? Wilton's Word and Phrase Origins, 2001.

CITED BY  8
Pieter H. Hartel , Leon Abelmann , Mohammed G. Khatib, Towards tamper-evident storage on patterned media, Proceedings of the 6th USENIX Conference on File and Storage Technologies, p.1-14, February 26-29, 2008, San Jose, California
Soumyadeb Mitra , Marianne Winslett, Secure deletion from inverted indexes on compliance storage, Proceedings of the second ACM workshop on Storage security and survivability, October 30-30, 2006, Alexandria, Virginia, USA
Nikolai Joukov , Harry Papaxenopoulos , Erez Zadok, Secure deletion myths, issues, and solutions, Proceedings of the second ACM workshop on Storage security and survivability, October 30-30, 2006, Alexandria, Virginia, USA
Soumyadeb Mitra , Windsor W. Hsu , Marianne Winslett, Trustworthy keyword search for regulatory-compliant records retention, Proceedings of the 32nd international conference on Very large data bases, September 12-15, 2006, Seoul, Korea
Kyriacos Pavlou , Richard T. Snodgrass, Forensic analysis of database tampering, Proceedings of the 2006 ACM SIGMOD international conference on Management of data, June 27-29, 2006, Chicago, IL, USA
Windsor W. Hsu , Shauchi Ong, Technical forum: worm storage is not enough, IBM Systems Journal, v.46 n.2, p.363-369, April 2007
Soumyadeb Mitra , Marianne Winslett , Nikita Borisov, Deleting index entries from compliance storage, Proceedings of the 11th international conference on Extending database technology: Advances in database technology, March 25-29, 2008, Nantes, France
Kyriacos E. Pavlou , Richard T. Snodgrass, Forensic analysis of database tampering, ACM Transactions on Database Systems (TODS), v.33 n.4, p.1-47, November 2008
Collaborative Colleagues:
Qingbo Zhu: colleagues
Windsor W. Hsu: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player