ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Enforcing DRM policies across applications
Full text PdfPdf (473 KB)
Source
Conference on Computer and Communications Security archive
Proceedings of the 8th ACM workshop on Digital rights management table of contents
Alexandria, Virginia, USA
SESSION: Implementation and legislation table of contents
Pages 87-94  
Year of Publication: 2008
ISBN:978-1-60558-290-0
Authors
Srijith K. Nair  Vrije Universiteit, Amsterdam, Netherlands
Andrew S. Tanenbaum  Vrije Universiteit, Amsterdam, Netherlands
Gabriela Gheorghe  University of Trento, Trento, Italy
Bruno Crispo  University of Trento, Trento, Italy
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): n/a,   Downloads (12 Months): n/a,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456520.1456535
What is a DOI?

ABSTRACT

In this paper we present Trishul-UCON (T-UCON), a DRM system based on the UCON_ABC model. T-UCON is designed to be capable of enforcing not only application-specific policies, as any existing software-based DRM solution does, but also DRM policies across applications. This is achieved by binding the DRM policy only to the content it protects with no relations to the application(s) which will use this content. Furthermore, to guarantee that the policy is continuously enforced, we designed T-UCON as a JVM-based middleware that mediates the usage requests of any Java application to the protected content. Each request is granted or denied according to the content policy. We illustrate the unique features of T-UCON by using typical examples of DRM policies such as the pay-per-use and the use only N times scenarios. Preliminary results on the overhead of our solution are also provided.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Oasis extensible access control markup language. Website, 2008. http://www.oasis--open.org/committees/xacml/.
 
2
Open mobile alliance digital rights management working group. Website, 2008. http://www.openmobilealliance.org/Technical/DRM.aspx.
 
3
TCG TPM specification version 1.2. Website, 2008. https://www.trustedcomputinggroup.org/specs/TPM/.
4
Agreiter Berthold , Muhammad Alam , Ruth Breu , Michael Hafner , Alexander Pretschner , Jean-Pierre Seifert , Xinwen Zhang, A technical architecture for enforcing usage control requirements in service-oriented architectures, Proceedings of the 2007 ACM workshop on Secure web services, November 02-02, 2007, Fairfax, Virginia, USA  [doi>10.1145/1314418.1314422]
5
John S. Erickson, Fair use, DRM, and trusted computing, Communications of the ACM, v.46 n.4, April 2003  [doi>10.1145/641205.641228]
6
Basel Katt , Xinwen Zhang , Ruth Breu , Michael Hafner , Jean-Pierre Seifert, A general obligation model and continuity: enhanced policy enforcement engine for usage control, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA  [doi>10.1145/1377836.1377856]
 
7
B. A. LaMacchia. Key challenges in DRM: An industry perspective. In Digital Rights Management Workshop, pages 51--60, 2002.
8
Jonathan M. McCune , Bryan J. Parno , Adrian Perrig , Michael K. Reiter , Hiroshi Isozaki, Flicker: an execution infrastructure for tcb minimization, ACM SIGOPS Operating Systems Review, v.42 n.4, May 2008
 
9
Srijith K. Nair , Patrick N. D. Simpson , Bruno Crispo , Andrew S. Tanenbaum, A Virtual Machine Based Information Flow Control System for Policy Enforcement, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.1, p.3-16, February, 2008  [doi>10.1016/j.entcs.2007.10.010]
10
Jaehong Park , Ravi Sandhu, The UCONABC usage control model, ACM Transactions on Information and System Security (TISSEC), v.7 n.1, p.128-174, February 2004  [doi>10.1145/984334.984339]
 
11
C. Schaefer. Usage control reference monitor architecture. Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2007. SECPerU 2007. Third International Workshop on, July.
12
Xinwen Zhang , Masayuki Nakae , Michael J. Covington , Ravi Sandhu, Toward a Usage-Based Security Framework for Collaborative Computing Systems, ACM Transactions on Information and System Security (TISSEC), v.11 n.1, p.1-36, February 2008  [doi>10.1145/1330295.1330298]
 
13
Xinwen Zhang , Jean-Pierre Seifert , Ravi Sandhu, Security Enforcement Model for Distributed Usage Control, Proceedings of the 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008), p.10-18, June 11-13, 2008  [doi>10.1109/SUTC.2008.79]

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls


General Terms:
Design, Security


Keywords:
access control, digital rights management, policy enforcement, usage control

Collaborative Colleagues:
Srijith K. Nair: colleagues
Andrew S. Tanenbaum: colleagues
Gabriela Gheorghe: colleagues
Bruno Crispo: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player