Authentic time-stamps for archival storage
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
WORM-SEAL: trustworthy data retention and verification for regulatory compliance
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Efficient data structures for tamper-evident logging
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Hi-Fi: collecting high-fidelity whole-system provenance
Proceedings of the 28th Annual Computer Security Applications Conference
Hi-index | 0.00 |
We introduce a Write-Once Read-Many (WORM) storage system providing strong assurances of data retention and compliant migration, by leveraging trusted secure hardware in close data proximity. This is important because existing compliance storage products and research prototypes are fundamentally vulnerable to faulty or malicious behavior, as they rely on simple enforcement primitives ill-suited for their threat model. This is hard because tamper-proof processing elements are significantly constrained in both computation ability and memory capacity – as heat dissipation concerns under tamper-resistant requirements limit their maximum allowable spatial gate-density. We achieve efficiency by (i) ensuring the secure hardware is accessed sparsely, minimizing the associated overhead for expected transaction loads, and (ii) using adaptive overhead-amortized constructs to enforce WORM semantics at the throughput rate of the storage servers ordinary processors during burst periods. With a single secure co-processor, on single-CPU commodity x86 hardware, our architecture can support over 2500 transactions per second.