Securely Managing the Lifetime of Versions in Digital Archives

安全管理数字档案中版本的生命周期

• 批准号: 0456027
• 负责人: Randal Burns
• 金额: --
• 依托单位: Johns Hopkins University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2005
• 资助国家: 美国
• 起止时间: 2005-07-01 至 2008-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0456027&HistoricalAwards=false
• 关键词: Securely; Managing; Lifetime; Versions; Digital

Intellectual MeritThe proposed research will develop sophisticated techniques for managing the lifetime of data in secure versioning systems, a practical application of the AON transform that leverages its semantics, rather than just its security properties. The problem of revocation will also be addressed in order to refine the security and granularity of key regression techniques.Recent legislation has created new requirements for retaining and securing electronic information. More than 4,000 state, local, and federal acts govern archives. The specifics of each act vary by domain, but, when taken as a whole, they can be distilled down to a set of technical requirements. An archive must provide privacy, confidentiality, and non-repudiation for information. Archives must use strong encryption with authentication for data on disk, as well as a means for secure transmission. Legislation mandates an auditable trail of changes made to electronic records that can be accessed on-line, which requires versioning data over time and providing access to past versions. Governmental and corporate organizations must ensure that compliance does not degrade security, privacy, or the enforcement of retention policies. The combination of regulatory and organizational requirements bring up two technical problems for secure versioning systems. First, there is no efficient way to securely delete information, i.e. so that no computationally practical way to recover deleted data exists. Second, systems must provide an efficient means to change the accessibility of information throughout time. This includes downgrading information, e.g. declassifying information as part of the Freedom of Information Act, or, revoking privileges, e.g. disallowing future access to information after an employee leaves the company or transferring the rights to medical records from one health care provider to another. Without technical solutions to these problems, organizations and individuals will be subject to informationleakage and will fail to comply with regulations. Data that are not securely deleted are recoverable and subject to subpoena or cryptographic attacks. After a legislated retention period, information often represents a legal and competitive liability. Also, some regulations require that personal medical and financial records be deleted based on time or circumstance. Again, this deletion must be permanent, and thus, secure. Existing solutions for secure deletion and for scoping access to information over the lifetime of data are inadequate. They either fail to meet requirements or they are intolerably inefficient. In this project, mew technologies will be created that efficiently implement secure deletion and revocation in versioning systems. A novel application of All-or-Nothing (AON) encryption will be applied that both provides authenticated, strong encryption of data on disk and pioneers efficient secure deletion. ImpactThe project will lead to curriculum development at Johns Hopkins, including a short course on the Policy and Technology in Data Storage. The PIs will offer three tutorials based on the short course; one geared toward governmental agencies, one toward health care providers, and one toward corporations. Tutorials will be organized and promoted through StorageNetworking.org, an initiative for the education of storage professionals and will be freely available to the community. The proposed research will address problems introduced by recent legislation, which effect financial and medical organizations and all levels of government. Because the solutions are general to all storage systems that share content among versions, they apply to file systems, distributed archives, and databases. Open-source software produced by the project will permit anyone to construct a compliantstorage system, with security and deletion guarantees, at little expense.

智力MeritThe拟议的研究将开发复杂的技术，用于管理安全版本系统中的数据的生命周期，AON变换的实际应用，利用其语义，而不仅仅是其安全属性。撤销的问题也将得到解决，以改善关键回归技术的安全性和粒度。最近的立法为保留和保护电子信息制定了新的要求。4,000多个州、地方和联邦法案管理档案。每项法案的具体内容因领域而异，但是，当作为一个整体时，它们可以被提炼为一套技术要求。归档必须提供信息的隐私性、机密性和不可否认性。归档必须对磁盘上的数据使用强加密和身份验证，以及安全传输的方法。立法要求对可以在线访问的电子记录进行可审计的更改跟踪，这需要随着时间的推移对数据进行版本控制，并提供对过去版本的访问。政府和企业组织必须确保法规遵从性不会降低安全性、隐私性或保留策略的执行。法规和组织要求的结合为安全版本控制系统带来了两个技术问题。首先，不存在安全地删除信息的有效方式，即，使得不存在恢复已删除数据的计算上实用的方式。第二，系统必须提供一种有效的手段来改变信息的可访问性。这包括降低信息等级，例如作为《信息自由法》的一部分对信息进行解密，或者撤销特权，例如在员工离开公司后不允许未来访问信息，或者将医疗记录的权利从一个医疗保健提供者转移到另一个医疗保健提供者。如果没有这些问题的技术解决方案，组织和个人将受到信息泄露的影响，并且无法遵守法规。未被安全删除的数据是可恢复的，并且会受到传票或密码攻击。在法定的保留期之后，信息通常代表法律的和竞争性的责任。此外，一些法规要求根据时间或情况删除个人医疗和财务记录。同样，这种删除必须是永久的，因此是安全的。用于安全删除和用于在数据的生命周期内确定对信息的访问范围的现有解决方案是不够的。它们要么达不到要求，要么效率低得令人难以忍受。在这个项目中，将创建新的技术，有效地实现安全删除和撤销版本系统。将应用All-or-Nothing（AON）加密的一种新应用，该应用既提供对磁盘上数据的身份验证、强加密，又开创了高效安全删除的先河。该项目将导致约翰霍普金斯大学的课程开发，包括关于数据存储政策和技术的短期课程。PI将提供三个基于短期课程的教程;一个面向政府机构，一个面向医疗保健提供者，一个面向企业。Tuesday将通过StorageNetworking.org组织和推广，这是一项存储专业人员教育计划，并将免费提供给社区。拟议的研究将解决最近的立法所带来的问题，这些立法影响到金融和医疗组织以及各级政府。由于这些解决方案适用于在版本之间共享内容的所有存储系统，因此它们也适用于文件系统、分布式归档和数据库。 该项目开发的开源软件将允许任何人以很低的成本构建一个具有安全和删除保证的兼容存储系统。