Digital societies and markets increasingly mandate consistent procedures for the access, processing and storage of information. In the United States alone, over 10,000 such regulations can be found in financial, life sciences, health-care and government sectors, including the Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, and Sarbanes-Oxley Act. A recurrent theme in these regulations is the need for regulatory-compliant storage as an underpinning to ensure data confidentiality, access integrity and authentication; provide audit trails, guaranteed deletion, and data migration; and deliver Write Once Read Many (WORM) assurances, essential for enforcing long-term data retention and life-cycle policies.
Unfortunately, current compliance storage WORM mechanisms are fundamentally vulnerable to faulty behavior or insiders with incentives to alter stored data because they rely on simple enforcement primitives such as software and/or hardware device-hosted on/off switches, ill-suited to their target threat model.
In this project, we will build a strongly compliant storage system for realistic adversarial settings, delivering guaranteed document retention and deletion, quick lookup, and compliant migration, together with support for litigation holds and several key aspects of data confidentiality.
Recent compliance regulations are intended to foster and restore humans trust in digital information records and, more broadly, in our businesses, hospitals, and educational enterprises. As increasing amounts of information are created and live digitally, compliance storage will be a vital tool in restoring this trust and ferreting out corruption and data abuse at all levels of society. This project will greatly advance the state of the art and create a strong foundation for secure regulatory compliant designs.
Resources:
- An up to date list of publications can be found here.
Sponsors:
The National Science Foundation Cyber Trust CNS 0716608, CRI CNS 0708025