Towards Multilateral-Secure DRM Platforms

  • Ahmad-Reza Sadeghi
  • Christian Stüble
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3439)


Digital Rights Management (DRM) systems aim at providing the appropriate environment for trading digital content while protecting the rights of authors and copyright holders. Existing DRM systems still suffer from a variety of problems that hamper their deployment: they (i) cannot guarantee policy enforcement on open platforms such as today’s PCs, (ii) offer only unilateral security, i.e., focus mainly on requirements of the content owners/providers and not on those of consumers such as privacy, and (iii) restrict users regarding many legally authorized uses (fair use), e.g., disallow consumers to make backups.

In this paper we present a security architecture for computing platforms that, in the sense of multilateral security, is capable of enforcing policies defined by end-users and content providers. Our model provides methods and principles to practitioners to model and construct such systems based on a small set of assumptions. Further, we show how such a platform can be implemented based on a microkernel, existing operating system technology, and trusted computing hardware available today. Moreover, the platform’s functionality can be extended with a mechanism called property-based attestation to prevent discrimination of open-source software and to protect the consumers’ privacy.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alkassar, A., Sadeghi, A.-R., Stüble, C.: Secure object identification - or: Solving the chess grandmaster problem. In: Proceedings of the New Security Paradigm Workshow (NSPW), pp. 77–86 (2003)Google Scholar
  2. 2.
    Altmeyer, O., Sadeghi, A.-R., Selhorst, M., Stüble, C.: Enhancing security of computing platforms with TC-technology. In: Information Security Solutions Europe (ISSE 2004), pp. 346–361. Vieweg Verlag (2004)Google Scholar
  3. 3.
    Anderson, R.J.: Security in open versus closed systems — the dance of Boltzmann, Coase and Moore. Technical report, Cambridge University, England (2002)Google Scholar
  4. 4.
    Arbaugh, W.A., Farber, D.J., Smith, J.M.: A reliable bootstrap architecture. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1997, pp. 65–71. IEEE Computer Society, Los Alamitos (1997), Technical Committee on Security and PrivacyGoogle Scholar
  5. 5.
    Buhse, W.: Implication of digital rights management for online music – a business perspective. In: ACM DRM Workshop, pp. 201–212 (2001)Google Scholar
  6. 6.
    Burk, D.L., Cohen, J.E.: Fair use infrastructure for rights management systems. Harward Journal of Law and Technology 15(1) (2001)Google Scholar
  7. 7.
    ElcomSoft. ebook security: theory and practice (July 2001),
  8. 8.
    Erickson, J.S.: Fair use, DRM, and trusted computing. Communications of ACM 46(4) (2003)Google Scholar
  9. 9.
    Fox, B.L., LaMacchia, B.: Encouraging recognition of fair uses in DRM systems. Communications of ACM 46(4) (2003)Google Scholar
  10. 10.
    Gleb Nauvomich, N.M.: Preventing piracy, reverse engineering, and tampering. Computer 37(7), 64–71 (2003)Google Scholar
  11. 11.
    Group, T.C.: TPM main specification. Version 1.2 (November 2003),
  12. 12.
    Guth, S.: A sample DRM system. In: Digital Rights Management, Technological, Economics, Legal and Political Aspects, pp. 150–161 (2003)Google Scholar
  13. 13.
    Itoi, N., Arbaugh, W.A., Pollack, S.J., Reeves, D.M.: Personal secure booting. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 130–144. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Liedke, J.: On u-kernel construction. In: Proceedings of the 15th ACM Symposium on Operating Systems Principles (SOSP 1995), Copper Mountain Resort, Colorado (December 1995), Appeared as ACM Operating Systems Review 29.5.Google Scholar
  15. 15.
    Liedke, J.: Towards real micro-kernels. Communications of the ACM 39(9) (1996)Google Scholar
  16. 16.
    Lynch, N.A., Tuttle, M.R.: An introduction to Input/Output automata. CWI-Quarterly 2(3), 219–246 (1989)MATHMathSciNetGoogle Scholar
  17. 17.
    Mulligan, D.K.: Digital rights management and fair use by design. Communications of the ACM 46(4), 31–33 (2003)CrossRefGoogle Scholar
  18. 18.
    National Research Council. The Digital Dilemma, Intellectual Property in the Information Age. National Academy Press, Washington DC (2000)Google Scholar
  19. 19.
    Pfitzmann, B., Riordan, J., Stüble, C., Waidner, M., Weber, A.: The PERSEUS system architecture. Technical Report RZ 3335 (#93381), IBM Research Division, Zurich Laboratory (April 2001)Google Scholar
  20. 20.
    Pfitzmann, B., Schunter, M., Waidner, M.: Cryptographic security of reactive systems. In: Electronic Notes in Theoretical Computer Science (ENTCS). Workshop on Secure Architectures and Information Flow, Royal Holloway, University of London, December 1 - 3 (1999)Google Scholar
  21. 21.
    Pfitzmann, B., Schunter, M., Waidner, M.: Provably secure certified mail. Research Report RZ 3207 (#93253), IBM Research (August 2000)Google Scholar
  22. 22.
    Poritz, J., Schunter, M., Herreweghen, E.V., Waidner, M.: Property attestation—scalable and privacy-friendly security assessment of peer computers. Technical Report RZ 3548, IBM Research (May 2004)Google Scholar
  23. 23.
    Rosenblatt, W., Trippe, W., Mooney, S.: Digital Rights Management: Business and Technology. John Wiley & Sons, Chichester (2001)Google Scholar
  24. 24.
    Sadeghi, A.-R., Stüble, C.: Bridging the gap between TCPA/Palladium and personal security. Technical report, Saarland University, Germany (2003)Google Scholar
  25. 25.
    Sadeghi, A.-R., Stüble, C.: Taming “trusted computing” by operating system design. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. LNCS, vol. 2908, pp. 286–302. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  26. 26.
    Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: Caring about properties, not mechanisms. In: The 2004 New Security Paradigms Workshop. ACM SIGSAC, Virginia Beach, VA, USA, September 2004. ACM Press, New York (2004)Google Scholar
  27. 27.
    Sadeghi, A.-R., Stüble, C.: Towards multilateral-secure drm platforms. Technical report, Horst Görtz Institute, Ruhr-University Bochum (January 2005)Google Scholar
  28. 28.
    Samuelson, P.: DRM, AND, OR, VS, The Law. Communications of ACM 46(4), 41–45 (2003)CrossRefGoogle Scholar
  29. 29.
    Trusted Computing Platform Alliance (TCPA). Main specification, Version 1.1b (February 2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ahmad-Reza Sadeghi
    • 1
  • Christian Stüble
    • 1
  1. 1.Horst Görtz Institute for IT-SecurityRuhr-University BochumGermany

Personalised recommendations