ACE: Audit Control Environment | ||||||||
| Line: 24 to 24 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Added: | ||||||||
| > > |
Witness publication | |||||||
Old | ||||||||
ACE: Audit Control Environment | ||||||||
| Line: 22 to 22 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Added: | ||||||||
| > > |
||||||||
Old | ||||||||
ACE: Audit Control Environment | ||||||||
| Line: 18 to 18 | ||||||||
|---|---|---|---|---|---|---|---|---|
Links | ||||||||
| Added: | ||||||||
| > > |
||||||||
ACE: Audit Control Environment | ||||||||
| Line: 19 to 19 | ||||||||
|---|---|---|---|---|---|---|---|---|
Links | ||||||||
| Added: | ||||||||
| > > |
||||||||
Old | ||||||||
ACE: Audit Control Environment | ||||||||
| Line: 17 to 17 | ||||||||
|---|---|---|---|---|---|---|---|---|
Specifically, ACE is based on creating a small-size integrity token for each digital object upon its deposit into the archive (or upon registration of the object of an existing archive), to be stored either with the object itself or in a registry at the archive as authenticity metadata. Cryptographic summary information that depends on all the objects registered during a dynamic time period is stored and managed separately. The summary information is very compact and is size independent of the number or sizes of the objects ingested. Regular audits will be continuously conducted, which will make use of the integrity tokens and the summary integrity information to ensure the integrity of both the objects and the integrity information. In our prototype, audits can also be triggered by an archive manager or by a user upon data access.
Links | ||||||||
| Added: | ||||||||
| > > |
Old | |||||||
ACE: Audit Control Environment | ||||||||
| Line: 18 to 18 | ||||||||
|---|---|---|---|---|---|---|---|---|
Links | ||||||||
| Added: | ||||||||
| > > |
||||||||
ACE: Audit Control Environment | ||||||||
| Line: 20 to 20 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Added: | ||||||||
| > > |
||||||||
| -- SangChulSong - 24 Jan 2007 | ||||||||
ACE: Audit Control Environment | ||||||||
| Line: 19 to 19 | ||||||||
|---|---|---|---|---|---|---|---|---|
Links | ||||||||
| Deleted: | ||||||||
| < < |
||||||||
| -- SangChulSong - 24 Jan 2007 | ||||||||
ACE: Audit Control Environment | ||||||||
| Line: 20 to 20 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Added: | ||||||||
| > > |
||||||||
| -- SangChulSong - 24 Jan 2007 | ||||||||
| ||||||||
| Changed: | ||||||||
| < < |
ACE Overview | |||||||
| > > |
ACE: Audit Control Environment | |||||||
BackgroudOne of the most challenging problems facing digital archives is how to ensure the authenticity of their holdings over the long term (tens or hundreds of years). Unless the authenticity of an archive can be assured, it would be almost impossible to use the archive’s holdings to support any significant endeavor. Digital information is in general quite fragile, especially over time. | ||||||||
ACE Overview | ||||||||
| Line: 16 to 16 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Specifically, ACE is based on creating a small-size integrity token for each digital object upon its deposit into the archive (or upon registration of the object of an existing archive), to be stored either with the object itself or in a registry at the archive as authenticity metadata. Cryptographic summary information that depends on all the objects registered during a dynamic time period is stored and managed separately. The summary information is very compact and is size independent of the number or sizes of the objects ingested. Regular audits will be continuously conducted, which will make use of the integrity tokens and the summary integrity information to ensure the integrity of both the objects and the integrity information. In our prototype, audits can also be triggered by an archive manager or by a user upon data access. | ||||||||
| Added: | ||||||||
| > > |
Links | |||||||
| -- SangChulSong - 24 Jan 2007 | ||||||||
ACE Overview | ||||||||
| Line: 14 to 14 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Our approach will allow an independent auditor to verify the integrity of every version of an archived digital object as well as link the current version to the original form of the object when it was ingested into the archive. Also, ACE is very cost effective and scalable while making no assumptions about the archive architecture. | ||||||||
| Changed: | ||||||||
| < < |
Specifically, ACE is based on creating a small-size integrity token for each digital object upon its deposit into the archive (or upon registration of the object of an existing archive), to be stored either with the object itself or in a registry at the archive as authenticity metadata. Cryptographic summary information that depends on all the objects registered during a dynamic time period is stored and managed separately. The summary information is very compact and is size independent of the number or sizes of the objects ingested. Regular audits will be continuously conducted, which will make use of the integrity tokens and the summary integrity information to ensure the integrity of both the objects and the integrity information. In our prototype, audits can also be triggered by an archive manager or by a user upon data access. However we are assuming that the auditing services are not allowed to change the content of the archive even if errors are detected. The responsibility for correcting errors is left to the archive administrator after being alerted by the auditing service. | |||||||
| > > |
Specifically, ACE is based on creating a small-size integrity token for each digital object upon its deposit into the archive (or upon registration of the object of an existing archive), to be stored either with the object itself or in a registry at the archive as authenticity metadata. Cryptographic summary information that depends on all the objects registered during a dynamic time period is stored and managed separately. The summary information is very compact and is size independent of the number or sizes of the objects ingested. Regular audits will be continuously conducted, which will make use of the integrity tokens and the summary integrity information to ensure the integrity of both the objects and the integrity information. In our prototype, audits can also be triggered by an archive manager or by a user upon data access. | |||||||
| -- SangChulSong - 24 Jan 2007 | ||||||||
| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Added: | ||||||||
| > > |
ACE OverviewBackgroudOne of the most challenging problems facing digital archives is how to ensure the authenticity of their holdings over the long term (tens or hundreds of years). Unless the authenticity of an archive can be assured, it would be almost impossible to use the archive’s holdings to support any significant endeavor. Digital information is in general quite fragile, especially over time. Errors can be introduced because of hardware and media degradation, hardware and software malfunction, operational errors, security breaches, and malicious alterations, to name a few of the obvious ones. Other potential sources of errors, which are particularly relevant for long term archives, include major hardware and software systems changes due to technology evolution, and the possibility of major natural hazards and disasters such as fires, floods, and hurricanes. Two additional factors complicate this problem further. First, an object will typically be subjected to a number of transformations during its lifetime, including those migrative transformations due to format obsolescence. These transformations may alter the object in unintended ways. Second, most current integrity checking mechanisms are based on some type of cryptographic techniques, most of which are likely to become less immune to potential attacks over time and hence they will need to be replaced by stronger techniques.Our ApproachACE (Auditing Control Environment) is a prototype system that incorporates a new methodology to address the integrity of long term archives using rigorous cryptographic techniques.ACE continuously audits the contents of the various objects according to the policy set by the archive, and provides mechanisms for an independent third-party auditor to certify the integrity of any object. Our approach will allow an independent auditor to verify the integrity of every version of an archived digital object as well as link the current version to the original form of the object when it was ingested into the archive. Also, ACE is very cost effective and scalable while making no assumptions about the archive architecture. Specifically, ACE is based on creating a small-size integrity token for each digital object upon its deposit into the archive (or upon registration of the object of an existing archive), to be stored either with the object itself or in a registry at the archive as authenticity metadata. Cryptographic summary information that depends on all the objects registered during a dynamic time period is stored and managed separately. The summary information is very compact and is size independent of the number or sizes of the objects ingested. Regular audits will be continuously conducted, which will make use of the integrity tokens and the summary integrity information to ensure the integrity of both the objects and the integrity information. In our prototype, audits can also be triggered by an archive manager or by a user upon data access. However we are assuming that the auditing services are not allowed to change the content of the archive even if errors are detected. The responsibility for correcting errors is left to the archive administrator after being alerted by the auditing service. -- SangChulSong - 24 Jan 2007 | |||||||