Key Challenges in DRM: An Industry Perspective

salmonbrisketΛογισμικό & κατασκευή λογ/κού

2 Νοε 2013 (πριν από 4 χρόνια και 8 μέρες)

109 εμφανίσεις

Key Challenges in DRM: An Industry Perspective

Brian A. LaMacchia

Microsoft Corporation


The
desires

for robust digital rights management (DRM) systems are not new to
the
commercial world. Indeed, industrial research, development and deployment of
systems

with DRM aspects (most notably crude copy
-
control schemes) have a long
history. Yet to date the industry has not seen much commercial success from shipping
these systems

on top of platforms

that support general
-
purpose computing
.

There are
many factors c
ontributing to this lack of acceptance of current DRM systems
, but I see
three specific areas of work that are key adoption blockers today and ripe for further
academic and commercial research
. The lack of widely
-
available trustworthy computing
devices, r
obust trust management engines and a general
-
purpose rights
expression/authorization language all hamper industrial development and deployment of
DRM systems for digital content.

The most pressing concern today for the DRM industry is, by far, the lack of
“tru
stworthy computing devices,” by which I mean computing devices whose behavior is
defined, understood and

acceptable to all parties in a content transaction.
Fear about
platform behavior is anathema to the distribution of information, and such fear is
rampant
today across all segments of potential DRM users. Obviously owners of digital audio or
video content will not distribute their works to platforms they consider “
potentially
hostile
,” and the same is true of
individual users
requested to
reveal
pri
vate information
to remote systems. Every content owner needs some way to be convinced that the remote
system receiving his or her valuable inform
ation will behave as expected, which
ultimately means that the platform must have (a) an open, auditable and
comprehensible
trusted computing base (TCB), and (b) the means to
prove
the possession and operation
of such
a TCB remotely to another party. The combination of these two features is what
we call an “attestable TCB,” and we can build trustworthy computing

devices once we
have that core component.

Part of the job of the attestable TCB is to protect and regulate access to a set of
resources. Thus, the TCB must b
e

able to grant conditional access to these resources,
which leads to the need for a
robust, gen
eral
-
pur
pose trust management engine.
Starting
with the development of PolicyMaker
[1]
in 1996 we have seen a succession of active
research [
2, 3
] and commercial deployment [
4
] of trust management engines. The
attractiveness of this approach has grown wi
th the increased complexity of distributed
systems as well as the types of resources
that
need to be protected. In the .NET
Framework’s Common Language Runtime, for example, the trust management engine at
the core of the policy system is responsible for d
ynamically associating authorizations
with

every piece of executable code loaded into a process.

Content distribution adds
another dimension

(or two)

to the problem,
because
the set of resources to be protected is
in fact
the entire set of content potenti
ally available to the TCB over the network, and the
types of activities authorized with respect to any particular piece of content may be
arbitrarily precise. There is an obvious tension here between the need to make the policy
evaluation engine more comp
lex (to handle the various types of authorizations and
resources) and the need to make it open, auditable and comprehensible (to make it part of
the attestable TCB). We need to address both requirements
for our

DRM systems to meet
the needs of all content

creators and consumer
s.

The third component required for the success of DRM systems is a

general
-
purpose


rights expression language


an extensible syntax and semantics for expressing
grants of authorizations. The

need for a rights expression language
goes hand
-
in
-
hand
with the
requirement of
trust management engine
, for the inputs to the engine are (a)
policy specifications, and (b) some “evidence” proving that authorization to
use
a
resource
in a particular way
has been granted by the owner of that re
source to the entity
requesting
use of
it.
The need for industry
-
standard authorization languages is much
broader than just the DRM space; as we continue to build larger and larger distributed
systems we need
lingua franca
for communicating authorizations
among all networked
nodes. The need is especially apparent in the “web services” model of distributed
programming as it is expected that any networked node can dynamically discover, learn
how to communicate with and access any available

service (with prop
er authorization).
There are a number of concurrent ongoing efforts to develop and standardize such
languages [
5, 6, 7
]. The keys to acceptance of any of these languages for DRM systems
are a similar to those for the attestable TCB and the TM engine:
T
he

language must be
sufficiently extensible that any authorization of interest to a content owner may be
expressed with appropriate schema extensions for syntax and semantics, and
implementations of the language must be
attestable (
open, auditable,
comprehen
sible and
provable) to the same degree as the other components of the DRM core.

Creating attestable TCBs, trust management engines and authorization languages
are the three key challenges facing development, deployment and acceptance of DRM
systems. In
this talk I’ll describe each of these challenges
, provide examples of how

the
industry is approaching each problem, and discuss how
the solutions to each one of them
are dependent on the others.


References


[1]
M. Blaze, J. Feigenbaum, and J. Lacy. Dec
entralized trust management. In
Proceedings 1996 IEEE Symposium on S
ecurity and Privacy, 164
--
173, May 1996.


[2]
M. Blaze, J. Feigenbaum, and A.

D. Keromytis. KeyNote: Trust management for
publickey infrastructures. In Proc. Cambridge 1998 Security Proto
cols International
Workshop, 59
--
63, 1998. See also IETF RFC 2704.


[3]
Y
.
-
H
.

Chu
, J.
Feigenbaum,
B. LaMacchia, P. Resnick and M.

Strauss,
REFEREE:
Trust Management for Web Applications
,
P
roceedings of the Sixth International World
Wide Web Conference
, Santa Clara, CA, April 1997.


Reprinted in
Computer Networks
and ISDN Systems

29

(1997), 953
-
964.


[4]
B. LaMacchia, S. Lange, M. Lyons, R. Martin and K. Price,
.NET Framework
Security
, Addi
son
-
Wesley, April 2002, 45

119.


[5]
“Assertions and Protocol for the OASIS Security Assertion Markup Language
(SAML),” P. Hallam
-
Baker and E. Maler, eds. OASIS XML
-
Based Security Services
Technical Committee,
May 2002.


[6]

OASIS eXtensible Access Contr
ol Markup Language (XACML)
,”
S. Godik, T.
Moses, eds.

OASIS
OASIS eXtensible Access Control Markup

Language
Technical
Committee,
Working Draft, September

2002.


[7]

eXtensible Rights Markup Language (XrML) 2.1,” submission by ContentGuard to
the OASIS Rig
hts Language Technical Committee, May 2002.

Available at
http://www.oasis
-
open.org/committees/rights/documents/xrml200205.zip.