Abstract
Securing electronic business documents is an increasing necessity nowadays. Enterprise Rights Management (ERM) is a comparatively new technical approach aimed at enforcing access and usage rights policies to sensitive electronic documents throughout their lifecycles within and across organizations [YuCh05]. While ERM systems in the market are increasingly deployed in today’s enterprises, they still lack fundamental security properties. One important security weakness is the ERM client software running on the end-user’s machine [TuCh04]. Users can always circumvent the rights enforcement by running exploits and manipulating their operating system or particular components of the ERM client application, thereby obtaining an unprotected copy of the document’s content [SeSt06, ReCa05]. In this paper, we emphasize this particular security weakness, and propose a security infrastructure based on Trusted Computing technology that can thwart most possible attacks on an ERM client, preventing therefore any circumvention of the policy enforcement over the document.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Avoco Secure: Choosing an Enterprise Rights Management System: Architectural Approaches, http:// www.windowsecurity.com/uplarticle/AuthenticationandAccessControl/ERM-architectural-approaches.pdf, 2007
Sebes, J., Stamp, M.: Solvable Problems in Enterprise Digital Rights Management, http://www.cs.sjsu. edu/faculty/stamp/papers/DRMJMCS2.doc, 2006
Yu, Y., Chiueh, T.: Enterprise Digital Rights Management: Solutions against Information Theft by Insiders. http://www.ecsl.cs.sunysb.edu/tr/TR169.pdf 2005
Stamp, M.: Digital Rights Management: The Technology Behind the Hype, http://www.csulb.edu/web/ journals/jecr/issues/20033/paper3.pdf 2003
Kubasch, B-O.: Informations und Documentschutz im Unternehmen, SAP AG — Corporate Security, 2005, p. 45–47.
Scheibel, M., Stueble, C, Wolf, M.: Design and Implementation of an Architecture for Vehicular Software Protection. Embedded Security in Cars Workshop (escar, 06), 2006
Reid, J. Caelli, W.: DRM, Trusted Computing and Operating System Architecture, http://crpit.com/ confpapers/CRPITV44Reid.pdf 2005
Yu, Y., Chiueh, T.: Display-Only File Server: A Solution against Information Theft Due to Insider Attack. http://www.ecsl.cs.sunysb.edu/tr/TR170.pdf 2004
Liquid Machines, Inc. Microsoft Windows Rights Management Services: Liquid Machines and Microsoft RMS: End-to-end Rights Management for the Enterprise, 2006.
Liquid Machines: Enterprise Rights Management: A Superior Approach to Confidential Data Security. Enterprise Strategy Group, 2006.
Microsoft Corporation: Microsoft Windows Rights Management Services for Windows Server 2003 — Helping Organizations Safeguard Digital Information from Unauthorized Use. Whitepaper, 2003.
Authentica Inc.: Page Recall: The Key to Document Protection, 2002
Adobe Systems Inc.: Adobe LiveCycle Policy Server: Document-level persistent protection and dynamic control for multiformat enterprise rights management, http://www.adobe.com/de/products/ server/policy/pdfs/psdatasheet.pdf 2006
Gartner, Inc.: Navisware E-DRM Buy Could Give Adobe a One-Stop-Shopping Solution. http://www.adobe.com/manufacturing/pdfs/gartner_1691.pdf 2006
EMSCB Project Consortium: The EMSCB project, http://www.emscb.org, 2006.
University of Cambridge Computer Laboratory: Xen virtual machine monitor, http://www.cl.cam.ac.uk/Research/SRG/netos/xen, 2006.
Advanced Micro Devices, Inc.: AMD virtualization solutions. http://enterprise.amd.com/us-en/Solutions/Consolidation/virtualization.aspx, 2006.
Intel Corporation: Intel virtualization technology, http://www.intel.com/technology/computing/vptech/, 2006.
Sailer, R., Zhang, X., Jaeger, T., and van Doom, L.: Design and implementation of a tcg-based integrity measurement architecture. 13th Usenix Security Symposium, San Diego, California, August 2004.
Bussani, A., Griffin, J.L., Jansen, B., Julisch, K., Karjoth, G., Maruyama, H., Nakamura, M., Perez, R., Schunter, M., Tanner, A., Van Doom, L., Van Herreweghen, E.A., Waidner, M., Yoshihama, S., Trusted Virtual Domains: Secure Foundations for Business and IT Services (Whitepaper, RC23792), 2005.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2007 Friedr. Vieweg & Sohn Verlag | GWV Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Alkassar, A., Husseiki, R., Stüble, C., Hartmann, M. (2007). A Security Architecture for Enterprise Rights Management. In: ISSE/SECURE 2007 Securing Electronic Business Processes. Vieweg. https://doi.org/10.1007/978-3-8348-9418-2_18
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9418-2_18
Publisher Name: Vieweg
Print ISBN: 978-3-8348-0346-7
Online ISBN: 978-3-8348-9418-2
eBook Packages: Computer ScienceComputer Science (R0)