ABSTRACT
This paper examines the architecture of present day systems and shows that they are not trustworthy enough to support certain DRM features/restrictions, even when the DRM delivery system exclusively utilizes signed and protected operating system components. This weakness was discovered while creating a technique for remote transfer of audio streams generated by a Virtual Machine Monitor (VMM), to achieve network transparency for audio devices. The technique is based on the implementation of hosted I/O VMMs that intercept device I/O instructions executed by a "guest" O/S and emulate them through system calls processed by device drivers of a "host" O/S. The design consists of a virtual audio device driver that forwards sound streams to a user-level network server. Because (1) the virtual device intercepts audio data in an unprotected format (WAV), regardless of which application and file format are in use by the guest O/S, (2) modern virtual machine-based systems already achieve performance levels that allow for real-time audio playback, the playback only model of service/restriction imposed by some content delivery businesses is rendered ineffective by this technique. It enables Fair Use of DRM enabled media by allowing the user to make a copy of legally purchased audio media and time-shifting of Internet Radio stations. Experiments have shown that audibly perfect copies of media played by a VM "guest" can be made in PCM/WAV format, even though DRM-enabling features are present in the "guest" O/S drivers and media players. This paper also draws attention to the fact that the VM should be considered while designing the security and DRM capabilities in future general-purpose systems since a device driver in between the VMM and the host O/S has the potential of being an eavesdropper and a malicious end user.
- Secure audio path. http://msdn.microsoft.com/library/default.asp?url=/library/enus/wmrm10/htm/wmrm_sdk_guide_ncbj.asp.Google Scholar
- Total recorder. http://www.highcriteria.com.Google Scholar
- M. Kozuch and M. Satyanarayanan. Internet Suspend Resume. Proceedings of the Workshop on Mobile Computing Systems and Applications, pages 40--46, June 2003. Google ScholarDigital Library
- ALSA. Advanced Linux Sound Architecture. http://www.alsa-project.org.Google Scholar
- Mark Boyns. rplay. http://rplay.doit.org/, 1999.Google Scholar
- Microsoft Corporation. Digital rights management for audio drivers, December 2001.Google Scholar
- R. J. Creasy. The Origin of the VM/370 Time-Sharing System. IBM Journal of Resarch and Development, 25(5):pp 483--490, 1981.Google ScholarDigital Library
- Cynthia Dwork, Andrew Goldberg, and Moni Naor. On Memory-Bound Functions for Fighting Spam. Proceedings of Crypto 03, 2729:426--444, August 2003.Google Scholar
- Robert P. Goldberg. Survey of Virtual Machine Research. IEEE Computer Magazine, 7(6):34--45, 1974.Google ScholarDigital Library
- Rick Kennel and Leah H Jamieson. Establishing the genuity of remote computer systems. In Proceedings of the 12th USENIX Security Symposium, pages 295--310, August 2003. Google ScholarDigital Library
- Thomas M. Levergood, Andrew C. Payne, James Gettys, G. Winfield Treese, and Lawrence C. Stewart. Audiofile: A Network-Transparent System for Distributed Audio Applications. Proceedings of the USENIX Summer Conference, pages 219--236, June 1993.Google Scholar
- Qiong Liu, Reihaneh Safavi-Naini, and Nicholas Paul Sheppard. Digital Rights Management for Content Distribution. Australasian Information Security Workshop, 21, 2003. Google ScholarDigital Library
- Microsoft. Security Model for the Next-Generation Secure Computing Base. Windows Platform Design Notes, 2003.Google Scholar
- Microsoft. NGSCB: Trusted Computing Base and Software Authentication. Windows Platform Design Notes, 2003.Google Scholar
- G. Popek and R. Goldberg. Requirements for Virtualizable Third Generation Architectures. Communication of the ACM, 17(7), July 1974. Google ScholarDigital Library
- Tristan Richardson, Quentin Stafford-Fraser, Kenneth R. Wood, and Andy Hopper. Virtual network computing. IEEE Internet Computing, 2(1):33--38, 1998. Google ScholarDigital Library
- Ahmad-Reza Sadeghi and Christian Stüuble. Bridging the Gap between TCPA/Palladium and Personal Security. Technical report, Saarland University, 2003.Google Scholar
- Pamela Samuelson. Anticircumvention rules: Threat to science. 293 Science 2028, Sept 2001.Google Scholar
- Pamela Samuelson. DRM fAND, OR, VS.g the Law. Communications of the ACM, 46:4, April 2003. Google ScholarDigital Library
- Jeremy Sugerman, Ganesh Venkitchalam, and Beng-Hong Lim. Virtualizing I/O devices on VMware Workstation's Hosted Virtual Machine Monitor. Proceedings of the 2001 USENIX Annual Technical Conference, Boston, MA, US, June 2001. Google ScholarDigital Library
- Jon Trulson. The Network Audio System. http://radscan.com/nas.html, 2002.Google Scholar
- Carl A Waldspurger. Memory Resource Management in VMware ESX Server. Proceedings of the 5th Symposium of Operating Systems Design and Implementation, December 2002. Google ScholarDigital Library
- Pete Wyckoff. Audio Forwarder. http://www.osc.edu/~pw/afwd/, 2001.Google Scholar
Index Terms
- On the implications of machine virtualization for DRM and fair use: a case study of a virtual audio device driver
Recommendations
Improving machine virtualisation with 'hotplug memory'
Machine virtualisation is a key technology for server consolidation and on-demand server provisioning. To support this trend, it is essential to improve the performance of virtualisation software and enable the efficient running of many virtual ...
High performance and scalable I/O virtualization via self-virtualized devices
HPDC '07: Proceedings of the 16th international symposium on High performance distributed computingWhile industry is making rapid advances in system virtualization, for server consolidation and for improving system maintenance and management, it has not yet become clear how virtualization can contribute to the performance of high end systems. In this ...
Delusional boot: securing hypervisors without massive re-engineering
EuroSys '12: Proceedings of the 7th ACM european conference on Computer SystemsThe set of virtual devices offered by a hypervisor to its guest VMs is a virtualization component ripe with security exploits -- more than half of all vulnerabilities of today's hypervisors are found in this codebase. This paper presents Min-V, a ...
Comments