Records Retention: Addressing Insider Threats to Data Integrity

Inaccurate financial statements from major companies, dead people who still vote in elections, world-class gymnasts with uncertain birth dates: insiders often have the power and ability to make inappropriate changes to the content of electronic records. As electronic records replace paper records, it becomes easy to make such alterations without leaving behind evidence that can be used to detect the changes and determine who made them. The US Sarbanes-Oxley Act is perhaps the most (in)famous law that addresses these problems, but it is just one of many regulations that require long-term high-integrity retention of electronic records, all with the goal of ensuring that societal trust in business and government at reasonable cost. In this talk, we will discuss some of the technical challenges posed by the need for ”tamper-proof” retention of records. We will describe how industry has responded to these challenges, the security weaknesses in current product offerings, and the role that researchers and government can play in addressing these weaknesses. We will give an overview of research progress to date and describe the major open research problems in this area. Bio: Marianne Winslett has been a professor in the Department of Computer Science at the University of Illinois since 1987. She has been the director of the Advanced Digital Sciences Center in Singapore since 2009. She is an ACM Fellow and the recipient of a Presidential Young Investigator Award from the US National Science Foundation. She is the former vice-chair of ACM SIGMOD and has served on the editorial boards of ACM Transactions on the Web, ACM Transactions on Database Systems, IEEE Transactions on Knowledge and Data Engineering, ACM Transactions on Information and Systems Security, and the Very Large Data Bases Journal. She has received best paper awards for research on managing regulatory compliance data (VLDB and SSS), analyzing browser extensions to detect security vulnerabilities (Usenix Security), and keyword search (ICDE). Her PhD is from Stanford University. International Conference on Management of Data COMAD 2011, Bangalore, India, December 19–21, 2011 c ©Computer Society of India, 2011