ANNEX F SECURITY CONSIDERATIONS (INFORMATIVE)
CCSDS requires there to be an informative annex which points out security considerations for implementations of its standards, including those implementing archival systems based on this Reference Model. It must be borne in mind that the OAIS Reference Model itself is not a design and does not specify any particular implementation techniques.
General guidance on security issues may be found in the CCSDS Informational Report, The Application of CCSDS Protocols to Secure Systems (reference [D12]) and references therein.
To be conformant to this reference model an implementation should use the Information Model and follow the mandatory requirements in 3.1; therefore the following annotations on those mandatory requirements provide some guidance on security concerns.
– Negotiate for and accept appropriate information from information Producers.
• The identity of the information Producer should be validated where appropriate, not least to ensure that the evidence for authenticity of the information can be relied upon. Communications between the Archive and Producer may require additional safeguards such as electronic signatures and/or digests.
– Obtain sufficient control of the information provided to the level needed to ensure Long Term Preservation.
• Sufficient control includes control of the bits, and would imply adequate security processes for personnel and systems. Security considerations for any agreements with rights holders which may be necessary should be covered by normal business processes. Any restrictions which the original rights holder places on what the archive preserves should also be respected over time and adequate security measures should be put in place to ensure that.
– Determine, either by itself or in conjunction with other parties, which communities should become the Designated Community and, therefore, should be able to understand the information provided, thereby defining its Knowledge Base.
• No specific security issues seem relevant here other than normal business processes involved in communication with any other parties involved.
– Ensure that the information to be preserved is Independently Understandable to the Designated Community. In particular, the Designated Community should be able to understand the information without needing special resources such as the assistance of the experts who produced the information.
• Security considerations here include respecting restrictions imposed by the original rights holders and appropriate security and authenticity of the content of the components of the Archival Information Packages, including Representation Information, Provenance Information, and Access Rights.
– Follow documented policies and procedures which ensure that the information is preserved against all reasonable contingencies, including the demise of the archive, ensuring that it is never deleted unless allowed as part of an approved strategy. There should be no ad-hoc deletions.
• This should include all appropriate security measures such as physical access, backups and periodic integrity checking. In the case of the demise of the archive the identity of any successor organization should be verified and transmission of holdings to that organization should be carried out using tamper-proof techniques, including for example the use of electronic digests and signatures in order to ensure the chain of Provenance.
– Make the preserved information available to the Designated Community and enable the information to be disseminated as copies of, or as traceable to, the original submitted Data Objects with evidence supporting its Authenticity.
• Implementations of Dissemination Information Packages could include electronic signatures and digests, as well as details of any Transformations which may have been performed to create the DIP, for example where the Consumer needs to be able to securely trace back to the originally submitted Data Object. Access controls may also need to be put in place if required. Attacks on an Archive such as denial of service attacks may raise security concerns which would need to be addressed.
--Please retain original text above for reference. Propose amendments or additions below this line or respond using the Discussion tab above--
These wiki pages are licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. Attribute as "Community forum for digital preservation and curation standards http://wiki.dpconline.org/". The content on this wiki represents the opinions of the author and not the Digital Preservation Coalition. This wiki is not associated with ISO, the OAIS Standard or the CCSDS.