ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Flexible and secure enterprise rights management based on trusted virtual domains
Full text PdfPdf (1.82 MB)
Source
Conference on Computer and Communications Security archive
Proceedings of the 3rd ACM workshop on Scalable trusted computing table of contents
Alexandria, Virginia, USA
SESSION: Applications of trusted computing table of contents
Pages 71-80  
Year of Publication: 2008
ISBN:978-1-60558-295-5
Authors
Yacine Gasmi  Ruhr-University Bochum, Bochum, Germany
Ahmad-Reza Sadeghi  Ruhr-University Bochum, Bochum, Germany
Patrick Stewin  Ruhr-University Bochum, Bochum, Germany
Martin Unger  Ruhr-University Bochum, Bochum, Germany
Marcel Winandy  Ruhr-University Bochum, Bochum, Germany
Rani Husseiki  Sirrix AG security technologies, Bochum, Germany
Christian Stüble  Sirrix AG security technologies, Bochum, Germany
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 22,   Downloads (12 Months): 219,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456455.1456467
What is a DOI?

ABSTRACT

The requirements for secure document workflows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, fine-grained access control to document information is necessary in certain scenarios where the integrity and confidentiality of parts of documents is of high priority.

In this paper, we present a secure and flexible Enterprise Rights Management (ERM) system based on a refined version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workflow from other tasks on the user platforms, and a role-based document-policy ensuring both confidentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture offers advanced features for secure document workflows such as offline access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on key management, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Adobe Systems Inc. Adobe LiveCycle Policy Server: Document-level persistent protection and dynamic control for multiformat enterprise rights management. http://www.adobe.com/de/products/server/policy/pdfs/ps_datasheet.pdf, 2006.
 
2
A. Arnab and A. Hutchison. Requirement analysis of enterprise DRM systems. In Information Security South Africa, 2005.
 
3
Authentica Inc. Page Recall: The Key to Document Protection. http://www.adobe.com/de/products/server/policy/pdfs/ps_datasheet.pdf, 2002.
 
4
Michael Backes , Alina Oprea, Lazy Revocation in Cryptographic File Systems, Proceedings of the Third IEEE International Security in Storage Workshop, p.1-11, December 13-13, 2005  [doi>10.1109/SISW.2005.7]
 
5
Stefan Berger , Ramón Cáceres , Kenneth A. Goldman , Ronald Perez , Reiner Sailer , Leendert van Doorn, vTPM: virtualizing the trusted platform module, Proceedings of the 15th conference on USENIX Security Symposium, July 31-August 04, 2006, Vancouver, B.C., Canada
6
Stefan Berger , Ramón Cáceres , Dimitrios Pendarakis , Reiner Sailer , Enriquillo Valdez , Ronald Perez , Wayne Schildhauer , Deepa Srinivasan, TVDc: managing security in the trusted virtual datacenter, ACM SIGOPS Operating Systems Review, v.42 n.1, January 2008  [doi>10.1145/1341312.1341321]
 
7
D. F. C. Brewer and M. J. Nash. The Chinese Wall Security Policy. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages 206--214. IEEE, 1989.
 
8
A. Bussani, J. L. Griffin, B. Jasen, K. Julisch, G. Karjoth, H. Maruyama, M. Nakamura, R. Perez, M. Schunter, A. Tanner, L. V. Doorn, E. V. Herreweghen, M. Waidner, and S. Yoshihama. Trusted Virtual Domains: Secure Foundations for Business and IT Services. Technical Report Research Report RC23792, November 2005.
9
Serdar Cabuk , Chris I. Dalton , HariGovind Ramasamy , Matthias Schunter, Towards automated provisioning of secure virtualized networks, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA  [doi>10.1145/1315245.1315275]
 
10
Y. Dodis and N. Fazio. Public key broadcast encryption for stateless receivers. In Proceedings of the Digital Rights Management Workshop 2002, volume 2696 of LNCS, pages 61--80, 2002.
 
11
European Multilaterally Secure Computing Base (EMSCB) Project. Towards Trustworthy Systems with Open Standards and Trusted Computing, 2008. http://www.emscb.de.
12
Glenn Faden, Multilevel filesystems in solaris trusted extensions, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France  [doi>10.1145/1266840.1266859]
13
Yacine Gasmi , Ahmad-Reza Sadeghi , Patrick Stewin , Martin Unger , N. Asokan, Beyond secure channels, Proceedings of the 2007 ACM workshop on Scalable trusted computing, November 02-02, 2007, Alexandria, Virginia, USA  [doi>10.1145/1314354.1314363]
 
14
E. Gaudet. DRM vs. ERM: battle to control data. http://www.networkworld.com/news/tech/2006/121806techupdate.html, December 2006.
 
15
J. L. Griffin, T. Jaeger, R. Perez, R. Sailer, L. van Doorn, , and R. C-aceres. Trusted Virtual Domains: Toward Secure Distributed Services. In 1st IEEE Workshop on Hot Topics in System Dependability, June 2005.
 
16
Vivek Haldar , Deepak Chandra , Michael Franz, Semantic remote attestation: a virtual machine directed approach to trusted computing, Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium, p.3-3, May 06-07, 2004, San Jose, California
17
Trent Jaeger , Reiner Sailer , Umesh Shankar, PRIMA: policy-reduced integrity measurement architecture, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA  [doi>10.1145/1133058.1133063]
 
18
Y. Katsuno, M. Kudo, P. Perez, and R. Sailer. Towards Multi-Layer Trusted Virtual Domains, 2006.
 
19
The 2nd Workshop on Advances in Trusted Computing.
20
J. Liedtke, On micro-kernel construction, Proceedings of the fifteenth ACM symposium on Operating systems principles, p.237-250, December 03-06, 1995, Copper Mountain, Colorado, United States
 
21
V. Likitalo. Remote Attestation and Peer-to-Peer Net. http://www.tml.tkk.fi/Publications/C/18/likitalo.pdf, 2005.
22
Merv Matson , Mihaela Ulieru, Persistent information security: beyond the e-commerce threat model, Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet, August 13-16, 2006, Fredericton, New Brunswick, Canada  [doi>10.1145/1151454.1151500]
 
23
Microsoft. Microsoft Windows Rights Management Services for Windows Server 2003 -- Helping Organizations Safeguard Digital Information from Unauthorized Use. Whitepaper, 2003.
 
24
Jaehong Park , R. Sandhu , J. Schifalacqua, Security architectures for controlled digital information dissemination, Proceedings of the 16th Annual Computer Security Applications Conference, p.224, December 11-15, 2000
 
25
Siani Pearson, Trusted Computing Platforms: TCPA Technology in Context, Prentice Hall PTR, Upper Saddle River, NJ, 2002
 
26
J. Reid and W. Caelli. DRM, Trusted Computing and Operating System Architecture. 2005.
 
27
A. Sadeghi, M. Wolf, C. Stuble, N. Asokan, and J. Ekberg. Enabling Fairer Digital Rights Management with Trusted Computing, October 2007.
 
28
Reiner Sailer , Trent Jaeger , Enriquillo Valdez , Ramon Caceres , Ronald Perez , Stefan Berger , John Linwood Griffin , Leendert van Doorn, Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor, Proceedings of the 21st Annual Computer Security Applications Conference, p.276-285, December 05-09, 2005  [doi>10.1109/CSAC.2005.13]
 
29
Reiner Sailer , Xiaolan Zhang , Trent Jaeger , Leendert van Doorn, Design and implementation of a TCG-based integrity measurement architecture, Proceedings of the 13th conference on USENIX Security Symposium, p.16-16, August 09-13, 2004, San Diego, CA
30
Ravi Sandhu , Kumar Ranganathan , Xinwen Zhang, Secure information sharing enabled by Trusted Computing and PEI models, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan  [doi>10.1145/1128817.1128820]
31
Ravi Sandhu , Xinwen Zhang, Peer-to-peer access control architecture using trusted computing technology, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden  [doi>10.1145/1063979.1064005]
 
32
S. Schechter, R. Greenstadt, and M. Smith. Trusted Computing, Peer-To-Peer Distribution, and the Economics of Pirated Entertainment. In The Second Annual Workshop on Economics and Information Security, May 2003.
 
33
E. Sebes and M. Stamp. Solvable Problems in Enterprise Digital Rights Management. http://home.earthlink.net/~mstamp1/papers/DRMsebes.pdf, 2004.
 
34
Towards a Multi-dimensional Characterization of Dissemination Control, Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, p.197, June 07-09, 2004
 
35
Trusted Computing Group. TCG Specification Architecture Overview. Trusted Computing Group: https://www.trustedcomputinggroup.org/groups/TCG_1_3_Architecture_Overview.pdf, Mar. 2003. Specification Revision 1.3 28th March 2007.
 
36
Trusted Computing Group. TPM Main Specification v1.2. https://www.trustedcomputinggroup.org, November 2003.
 
37
Y. Yu and T. Chiueh. Display-Only File Server: A Solution against Information Theft Due to Insider Attack. October 2004.

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.4 Distributed Systems
          Subjects: Client/server

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection


General Terms:
Design, Management, Reliability, Security


Keywords:
enterprise rights management (ERM), security policy, trusted computing, trusted virtual domain (TVD)

Collaborative Colleagues:
Yacine Gasmi: colleagues
Ahmad-Reza Sadeghi: colleagues
Patrick Stewin: colleagues
Martin Unger: colleagues
Marcel Winandy: colleagues
Rani Husseiki: colleagues
Christian Stüble: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player