Fossilization: A Process for Establishing Truly Trustworthy Records

Trustworthy records are vital to an organization. These records help to improve an organization’s operations and aid in reducing its liability and costs. The fundamental purpose of record keeping is to estab­lish solid proof and details of events that have occurred. A trustworthy record management system is, therefore, one that can be relied upon to provide irrefutable evidence of all of the events that have been logged. In other words, trustworthiness has to be established on an end-to-end perspective, from the proper preservation of all of the records to the subsequent delivery of the relevant records to an agent seeking the proof. In this white paper, we show that the current limited focus on storing electronic records in Write-Once-Read-Many (WORM) storage is not adequate to ensure that such records are trustworthy. What is really needed is a process we call fossilization--a holistic approach to storing and managing records that ensures that they are trustworthy. Fossilization is composed of three parts. The first, fossilization of storage, guarantees that all records and their associated metadata are reliably stored and securely protected from any modification. The sec­ond, fossilization of discovery, ensures that all preserved records pertinent to an enquiry can be quickly discovered and retrieved. The third, fossilization of delivery, warrants that the exact pertinent records are delivered to the agent and that the records are delivered in an intact form. Because of the extremely high stakes involved in tampering with the records, fossilization must be realized very securely. The essential principles for securely implementing fossilization include 1) raising the barrier to any attack; 2) focusing on end-to-end trust; 3) limiting what has to be trusted; 4) using a simple, well-defined interface between trusted and untrusted components; and 5) verifying all operations.

By: Windsor W. Hsu; Shauchi Ong

Published in: RJ10331 in 2004


This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.


Questions about this service can be mailed to .