Legislators have begun to recognize the importance of how electronically stored data should be maintained and secured. Similarly, the courts have begun to differentiate electronic data from their paper analogs. Examples of some sweeping electronic record management legislation include: the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the Gramm-Leach- Bliley Act (GLBA) of 1999, and the more recent Federal Information Security Management Act (FISMA) and Sarbanes-Oxley Act (SOX) of 2002. Altogether, there exist over 4,000 acts and regulations that govern digital storage, all with a varying range of requirements for maintaining electronic records.
Many current storage solutions fail to meet the new demands legislation placed on storage systems. Systems must now provide confidentiality through encrypted storage and data transmission. Some legislation requires an auditable trail of changes made to electronic records that are accessible in real-time. Other legislation sets limits on the amount of time an organization may be liable for maintaining their electronic data, but for those data that go out of scope, permanently deleting data from magnetic media can be challenging. Because electronic data is dynamic, and therefore easily malleable on disk, new methods for authentication and non- repudiation need to be developed to ensure a binding of an individual to an auditable trail of data changes. Further, these systems must be robust against both external and internal attacks. A data loss or compromise due to negligence may result in an organization falling out of compliance and susceptible to litigation.
We present three technical contributions to the field of regulatory compliant storage. The first is an open-source versioning file system designed to be a platform for developing regulatory compliant storage technologies. We then introduce algorithms and an architecture for the secure deletion of individual versions of a file. Lastly, we construct an audit trail model for a versioning file system so that the changes made to data, and the order in which they occurred, may be verifiable.