Towards Multilateral-Secure DRM Platforms

  • Ahmad-Reza Sadeghi
  • Christian Stüble
Conference paper

DOI: 10.1007/978-3-540-31979-5_28

Part of the Lecture Notes in Computer Science book series (LNCS, volume 3439)
Cite this paper as:
Sadeghi AR., Stüble C. (2005) Towards Multilateral-Secure DRM Platforms. In: Deng R.H., Bao F., Pang H., Zhou J. (eds) Information Security Practice and Experience. ISPEC 2005. Lecture Notes in Computer Science, vol 3439. Springer, Berlin, Heidelberg

Abstract

Digital Rights Management (DRM) systems aim at providing the appropriate environment for trading digital content while protecting the rights of authors and copyright holders. Existing DRM systems still suffer from a variety of problems that hamper their deployment: they (i) cannot guarantee policy enforcement on open platforms such as today’s PCs, (ii) offer only unilateral security, i.e., focus mainly on requirements of the content owners/providers and not on those of consumers such as privacy, and (iii) restrict users regarding many legally authorized uses (fair use), e.g., disallow consumers to make backups.

In this paper we present a security architecture for computing platforms that, in the sense of multilateral security, is capable of enforcing policies defined by end-users and content providers. Our model provides methods and principles to practitioners to model and construct such systems based on a small set of assumptions. Further, we show how such a platform can be implemented based on a microkernel, existing operating system technology, and trusted computing hardware available today. Moreover, the platform’s functionality can be extended with a mechanism called property-based attestation to prevent discrimination of open-source software and to protect the consumers’ privacy.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ahmad-Reza Sadeghi
    • 1
  • Christian Stüble
    • 1
  1. 1.Horst Görtz Institute for IT-SecurityRuhr-University BochumGermany

Personalised recommendations