Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Rights-Carrying and Self-Enforcing Information Objects for Information Distribution Systems ICICS’04

advertisement 
Rights-Carrying and Self-Enforcing
Information Objects for Information
Distribution Systems
ICICS’04
Malaga, Spain
27-29 October, 2004
Habtamu Abie1, Pål Spilling2 and Bent Foyn1
1 Norwegian
Computing Center
2 Dept. of Informatics, University of Oslo, Norway
Norwegian Computing Center
Applied Research and Development
Outline
•
•
•
•
•
Problem motivation
Security threats
Rights enforcement requirements
Application environment: setting the scene
Rights-Carrying and Self-Enforcing Information
Objects (SEOs)
¾
¾
¾
¾
•
•
•
•
Structure and description
Rights specification
Secure generation and distribution
Execution
Providing stronger and improved protection
Advantages
Related work
Conclusion and future work
Norwegian Computing Center
Applied Research and Development
Problem Motivation
• In today’s digital world
¾ digital information is ubiquitous and can be copied and
distributed with ease and little expense
• for which provision of reliable enforcement of access and
usage rights is a major challenge
¾ need for protection of digital information from unauthorized
access, use and dissemination
• New requirements
¾ All content parts, including streamed video and audio, are
distributed as autonomous information objects
¾ Information objects themselves must be capable of carrying
access and usage rights and of enforcing them, preserving their
confidentiality and integrity without violating users’ privacy
¾ Develop a model of SEOs that will meet these requirements
Norwegian Computing Center
Applied Research and Development
Security Threats
• SEOs must by themselves deal with attacks on them
launched by illegal users “masquerading” under
bogus identities, or by legal users behaving illegally
¾ will lead to the objects and/or their information content being
illegally distributed or modified
• SEOs must deal with attacks on the relations or
communications between them
¾ will result in the disclosure of information (through
eavesdropping), or the violation of the integrity of an object
• SEOs must deal with attacks on the identities of the
users
¾ will lead to lack of accountability due to the inadequate
identification of users
• SEOs must deal with attacks on privacy
Norwegian Computing Center
Applied Research and Development
Rights Enforcement Requirements
• Protect data against unauthorized interception and
modification
• Identify stakeholders and objects uniquely and
unambiguously to control access to digital objects
• Include a secure infrastructure for the secure creation
and distribution of protected digital objects
• Allow information objects to carry access and usage
rights and be responsible for the fine-grained
enforcement of these rights
• Must be resistant to function analysis
• Must be able to protect themselves during runtime
• Update and improve security measures continuously
• Be able to trace attackers, pirates and interlopers
Norwegian Computing Center
Applied Research and Development
Infrastructure/Platform Overview
Admin
Consumer
Provider
Corporate
Firewalls
Admin
GreenOval
SEO
Internet
ies
or
t
c
Fa
Secure
Rights/
Policy
Database
Image
Video
Database Database
Payment
Payment
System
System
Secure Channel
Servlet
SEO
or
ies
Proxy
Web
Server
Fa
ct
Authentic
ation
Authoriza
tion
Privacy E
nforcer
Users’
Applications
Authentic
ation
Authoriza
tion
Privacy E
nforcer
GreenOval
Secure
Rights/
Policy
Database
Image
Video
Database Database
Payment
Payment
System
System
Norwegian Computing Center
Applied Research and Development
Overview of Main Components
• Main components
¾ User Application, GreenOvals,
Security infrastructure, and SEOs
ObjectFactories,
AAPs,
• User application
¾ acts as a client for the consumer GreenOval.
¾ provides a Canvas on which SEOs can present themselves,
and be combined in both temporal and spatial dimensions by
the user
•
Each GreenOval
¾ administrates a collection of information sources grouped
together (i.e. a collection of information like a digital library)
¾ manages object-factories and information objects
¾ maintains a rights database
• GreenOvals on both sides (consumer and provider)
¾ model their respective administrative and security domains
Norwegian Computing Center
Applied Research and Development
Overview of Main Components…
• Consumer GreenOval
¾ acts both as a client and as a proxy for the provider
GreenOval
¾ generates a usage report for each object so that the provider
can both improve service and track and monitor usage
• ObjectFactories
¾ generate SEOs of different kinds (text, image, video, audio,
etc.)
• AAPs are used by the GreenOvals and SEOs
¾ to identify, authenticate, and authorize users and objects
¾ to enforce control of access to and usage of information
objects fine-grainedly
¾ to ensure the privacy of users
¾ to manage rights policies
• Security Infrastructure
¾ GreenOval, SSL, PKI, PMI, Firewalls
Norwegian Computing Center
Applied Research and Development
Structure of the SEO
Meta Information
Information Object
Meta Information
Active program code
- Rendering
- Object ID
- Factory ID
- Serial version UID
- Name
- Description
- Object Key
- Encryption Key
- Rights and conditions
- Rights Enforcing
Encapsulated Content
Text
Audio
List of
Information Objects
Video
Norwegian Computing Center
Applied Research and Development
Description of the SEO
• SEOs are digital information objects on which users
have rights on the basis of which they may access and
use them
• SEOs may be categorized into object classes, and
authorization can be done based on an object’s
membership of a class
• Metainformation section
¾ may contain information regarding rights, i.e., terms and
conditions of access and usage, purposes, classes,
ownerships, roles, credits, memberships, etc.
¾ may contain personally identifiable information
¾ enables users or other objects to locate and retrieve
information
¾ Naming mechanism: a combination of Object-factory ID,
unique object key, name, and serial version UID
¾ policy contained in the rights and conditions permits users with
certain rights to carry out operations on SEOs
Norwegian Computing Center
Applied Research and Development
Description of the SEO…
• Active program code
¾ enables the SEO both to present and to protect the encapsulated
information
¾ can interact with users, query the player and its associated
drivers, and control the playback process
¾ can deliver an appropriate response or countermeasure (for
example self-destruction), in case a security problem is identified
¾ provides a “secure container” for the packaging of information in
such a way that the information cannot be used except as
provided for by the rules and enforcement associated with it
• Encapsulated Content
¾ both content and metainformation containing rights and
conditions, encryption keys, and digital watermarking or
fingerprinting, all in encrypted form
¾ other metainformation is stored in the object without encryption
¾ keys are stored encrypted using a “key” encryption key
Norwegian Computing Center
Applied Research and Development
SEO: Rights Specification
• Rights
¾ describe permissions, constraints and obligations between users
and information objects
¾ control what we can do with the information object or set of
information objects
• A provider and/or consumer can specify a set of
access rights to a SEO, examples are
¾ Access allows the user to perform any operation on it, viz no
protection
¾ Protect Access prevents any access to it
¾ View lets the user view it
¾ Print lets the user print it
¾ Store lets the user store it permanently
¾ Cache lets the user cache it temporarily
¾ Modify lets the user manipulate it
¾ Play lets the user play it, e.g. a video object
Norwegian Computing Center
Applied Research and Development
Rights Policy Specification: Examples
< ? x m l v e rs io n = ” 1 .0 ” e n c o d in g = ” U T F -8 ” ? >
< A u th z P o lic y >
< O b je c t ty p e = " S im p le Im a g e _ S E O " >
< ID ty p e = " U R N " >
rm i://lo c a lh o s t/P ic tu re /N A N S E N 3 < /ID >
< N a m e > N A N S E N 3 < /N a m e >
< /O b je c t>
< D e s c rip tio n > T h e fa m o u s F rid tjo f N a n s e n < /D e s c rip tio n >
< p a ra m e te r> T e a c h in g < /p a ra m e te r>
< a u th z R u le s >
< a u th z R u le R ig h ts = ” sto re ” >
< a ttrib u te L is t>
< a ttrib u te >
< a ttrib u te_ n a m e > S c h o o l< /a ttrib u te _ n a m e >
< a ttrib u te _ v a lu e > A n d e B y S c h o o l< /a ttrib u te _ v a lu e >
< S O A _ ID > N a tio n a lL ib ra ry < /S O A _ ID >
< /a ttrib u te >
< a ttrib u te >
< a ttrib u te _ n a m e > P u rp o s e < /a ttrib u te _ n a m e >
< a ttrib u te _ v a lu e > T e a c h in g < /a ttrib u te _ v a lu e >
< S O A _ ID > N a tio n a lL ib ra ry < /S O A _ ID >
< /a ttrib u te >
< /a ttrib u te L is t>
< C o n d itio n L is t>
< A ccess>
< L o g in n a m e = " P a s s w o rd " v a lu e = " * * * " />
< G iv in g n a m e = ” C o u rs e ” v a lu e “ T e a c h in g " />
< /A c c e s s >
< S O A _ ID > N a tio n a lL ib ra ry < /S O A _ ID >
< /C o n d itio n L is t>
< /a u th z R u le >
< /a u th z R u le s >
< /A u th z P o lic y >
a ) P r o v i d e r s id e
< ? x m l v e rs io n = ” 1 .0 ” e n c o d in g = ” U T F -8 ” ? >
< A u th z P o lic y >
< O b je c t ty p e = " S im p le Im a g e _ S E O " >
< ID t y p e = " U R N " >
rm i://re m o te h o s t/P ic tu re /N A N S E N 3 < / ID >
< N a m e > N A N S E N 3 < /N a m e >
< /O b je c t>
< D e s c rip tio n > T h e fa m o u s F rid tjo f N a n s e n < /D e s c rip tio n >
< p a ra m e te r> C o u rs e 1 < /p a ra m e te r>
< a u th z R u le s >
< a u th z R u le R ig h ts = ” s to re ” >
< a ttrib u te L is t>
< a ttrib u te >
< a ttrib u te_ n a m e > P o s itio n < /a ttrib u te _ n a m e >
< a ttrib u te_ v a lu e > S tu d e n t< /a ttrib u te _ v a lu e >
< S O A _ ID > A n d e B y S c h o o l_ A D M < /S O A _ ID >
< /a ttrib u te >
< a ttrib u te >
< a ttrib u te _ n a m e > T a k e s < /a ttrib u te _ n a m e >
< a ttrib u te _ v a lu e > C o u rs e 1 < /a ttrib u te _ v a lu e >
< S O A _ ID > A n d e B y S c h o o l_ A D M < /S O A _ ID >
< /a ttrib u te >
< /a ttrib u te L is t>
< C o n d itio n L is t>
< A ccess>
< L o g in n a m e = " P a s s w o rd " v a lu e = " * * * " />
< T a k in g n a m e = ” C o u rs e ” v a lu e “ C o u rs e 1 " />
< /A c c e s s >
< S O A _ ID > A n d e B y S c h o o l_ A D M < /S O A _ ID >
< /C o n d itio n L is t>
< /a u th z R u le >
< /a u th z R u le s >
< /A u th z P o lic y >
b ) C o n s u m e r s id e
Norwegian Computing Center
Applied Research and Development
Rights Policy Specification: Privacy
A provider (e.g. The National Library) may perform an
operation (e.g. view)
on some privacy-sensitive elements of an information object
(e.g. the usage pattern elements of a usage report object)
for a purpose (e.g. the provision of tailored information
contents for a specific project)
provided that some obligations are fulfilled (e.g. that the
consumer/data subject must be notified about the access
and that the data retention period must expire at the end of
the project), and
provided that some conditions are satisfied (e.g. that the
consent of the consumer must be obtained before any
disclosure of this personally identifying information to a
third-party in situations where such disclosure is necessary
to provide the service)
Norwegian Computing Center
Applied Research and Development
Generation and Distribution of a SEO
Consumer Community
Provider
Provider Server
Request
Consumer Server
n
q
User
Secure Channels
Application
v/s
(Slime)
SEO
GreenOval
GreenOval
Secure
Channel
o
q
r
AAP
AAP
Object
Factories
p
r
s
Rights/Policy
Database
Image/Video
Database
Rights/Policy
Database
t
Object
Factories
u
Image/Video
Database
Norwegian Computing Center
Applied Research and Development
The Execution of the SEO
User Environment
Consumer Server
SEO
Object
User
Policy
Engine
AAP
Request
accessAllowed(User, thisObject, Request, thisRightsList)
getPolicyDecisionEvaluators(thisObject, RightsPolicy)
combineDecisions(thisObject, Request, UserAttributeList, PolicyEvalutorList)
authzCheck(thisRightsList in AuthRulesList)
grant access
Access SEO
Monitor object
Norwegian Computing Center
Applied Research and Development
Stronger and Improved Protection
• Not possible to address every threat, and attacks
cannot be prevented completely
¾ Methods of tracing attackers, pirates and interlopers watermarking/fingerprinting
• Problem of software protection
¾ Method of making the software more impervious to reverse
engineering – obfuscation
• Rapid rate of change and development in the
environment leads security measures rapidly become
outmoded
¾ Method of updating security measures continuously – on the
basis of on-going risk analysis
Norwegian Computing Center
Applied Research and Development
Risk Management Model for SEO
Information
Object (SEO)
User behaviour
Model
Information Object
Description (SEOD)
Implement
and Enforce
Rights Policy
Monitor
User
behaviour
Social
Behaviour
Analysis
(SBA)
Influenced
Analyse
Risk Analysis,
Assessment and
Management
(RAAM)
Analyse
Laws, regulations,
and Organizational
Security Objectives
(LOSO)
Measured
Measured Requirements
Measured
Articulation of Rights
Enforcement
Policy (AREP)
Using
• Cognitive analysis
• Behaviour monitoring
Required
Influential factors
• Government
intervention
• Market forces
• Technology
• Social Norms
Required
Quality of Rights
enforcement Service
(QoRS)
Norwegian Computing Center
Applied Research and Development
Unforeseen Advantages
• The use of SEOs turns out to have unforeseen advantages
¾ Policies can be precisely tailored to the exact and specific needs of
a specific SEO, and be associated exclusively with that SEO rather
than cluttering up the whole system
¾ SEO can easily be extended and the carried policy modified
accordingly, i.e., to reflect new or changed behaviors
¾ SEOs can be moved between trusted repositories or to mobile
devices while still carrying their specifically tailored policies
¾ SEOs can by virtue of being comprehensive units be managed over
time by their creators or providers instead of system administrators
¾ The self-contained and self-protecting nature of the SEO can make
it play an important role in the development of ambient intelligence
services
¾ The SEO as a mobile agent is a particularly interesting technological
concept because of its many and varied capabilities
¾ SEOs can also support active compound documents and
automation of processes involving multi-party peer-to-peer
interactions for purposes of collaboration and commerce
Norwegian Computing Center
Applied Research and Development
Related Work
• Various container technology solutions have been
proposed such as
¾ IBM’s Cryptolope
¾ InterTrust’s DigiBox
• None of them have been taken into general use
¾ heavy dependence of their security only on the security of the
client software
¾ inflexible for streamed media use
• Our SEO is very similar to
¾ PCO (Protected Content Objects) – [López et al. ICICS 2002]
¾ PCPE (Policy-Carrying, Policy Enforcing Digital Objects) [Payette and Lagoze 2000]
¾ Self-Protecting Digital Content – [Kocher et al. 2003,
Content Security Research Initiative]
Norwegian Computing Center
Applied Research and Development
Conclusions
• SEOs were developed and implemented, and performed
their function successfully
¾ carried with them access and usage rights which they themselves
enforced, thus preserving their confidentiality and integrity
¾ provided a flexible framework
• for the encapsulation of digital information content and the
definition and encapsulation of access and usage rules,
• for managing access to their information content in
accordance with these rules,
• for protecting their contained information against unauthorized
access and usage, and
• to allow us to update and modify these rules with ease
• In addition to the fact that our SEOs performed
successfully, the use of them proved to have unforeseen
advantages
Norwegian Computing Center
Applied Research and Development
Future Work
• We are currently working on the further development
of our SEO
¾ developing a parameterized and customizable
authorization specification language, which will
reflect the modular features of our model.
¾ developing interfaces to the PKI and PMI systems
in order to better reflect our system of identity and
attribute certificates
¾ combining the three core techniques, obfuscation,
watermarking, and risk management to provide
stronger and improved protection.
Norwegian Computing Center
Applied Research and Development
Related documents
DorienJorissen
DorienJorissen
5586-norway
5586-norway
Download
advertisement