ABSTRACT
Digital rights management (DRM) can be considered to be a mechanism to enforce access control over a resource without considering its location. There are currently no formal models for DRM, although there has been some work in analysing and formalising the interpretation of access control rules in DRM systems. A formal model for DRM is essential to provide specific access control semantics that are necessary for creating interoperable, unambiguous implementations. In this paper, we discuss how DRM differs as an access control model to the three well known traditional access control models - DAC, MAC and RBAC, and using these existing approaches motivate a set of requirements for a formal model for DRM. Thereafter, we present a formal description of LiREL, a rights expression language that is able to express access control policies and contractual agreement in a single use license. Our motivation with this approach is to identify the different components in a license contract and define how these components interact within themselves and with other components of the license. A formal notation allows for an uniform and unambiguous interpretation and implementation of the access control policies.
- eXtensible rights Markup Language (XrML) 2.0 Specification, 2001.Google Scholar
- AMERICAN HERITAGE DICTIONARIES, Ed. The American Heritage Dictionary of the English Language, fourth ed. Houghton Mifflin Company, 2000.Google Scholar
- ARNAB, A., AND HUTCHISON, A. Extending ODRL to Enable Bi-Directional Communication. In Proceedings of the 2nd International ODRL Workshop (2005).Google Scholar
- ARNAB, A., AND HUTCHISON, A. Fairer usage contracts for DRM. In Proceedings of the fifth ACM Workshop on Digital Rights Management, Co-Located with ACM CCS 2005 (2005), R. Safavi-Naini and M. Yung, Eds., ACM, pp. 1--7. Google ScholarDigital Library
- ARNAB, A., AND HUTCHISON, A. DRM use license negotiations using ODRL v2.0, 2006. Submitted to the discussions in the 9th General Assembly of the Digital Media Project (DMP), Laussanne, Switzerland.Google Scholar
- ARNAB, A., AND HUTCHISON, A. Verifiable digital object identity system. In Proceedings of the Sixth ACM Workshop on Digital Rights Management, Co-Located with ACM CCS 2006 (2006), K. Kurosawa, R. Safavi-Naini, and M. Yung, Eds., ACM. Google ScholarDigital Library
- BECHTOLD, S. Digital Rights Management in the United States and Europe. IVir, Buma/Stemra - Copyright and the Music Industry: Digital Dilemmas.Google Scholar
- BELL, D. E., AND LAPADULA, L. J. Secure computer system: Unified exposition and multics interpretation. Mtr-2997 rev. 1, The MITRE Corporation. Online, last accessed: 2006-05-06. URL: http://csrc.nist.gov/publications/history/bell76.pdf.Google Scholar
- BELL, D. E., AND LAPADULA, L. J. Secure computer systems: A mathematical model. Journal of Computer Security 4, 2/3 (1996), 229--263. Reprint of 1973 technical report M74 244, MITRE Corp.Google Scholar
- COYLE, K. Right Expression Languages, A report for the Library of Congress. Tech. rep., Library of Congress, USA, 2004.Google Scholar
- DAI, J., AND ALVES-FOSS, J. Logic based authorization policy engineering. In Proceedings of the 6th World Multiconference on Systemics, Cybernetics, and Informatics (2002), pp. 230--238.Google Scholar
- FELTEN, E. Skeptical view of DRM and Fair Use. Communications of the ACM 46, 4 (2003), 57--59. Google ScholarDigital Library
- FERRAIOLO, D. F., BARKLEY, J. F., AND KUHN, D. R. A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Information and System Security 2, 1 (1999), 34--64. Google ScholarDigital Library
- FERRAIOLO, D. F., CUGINI, J. A., AND KUHN, D. R. Role-based access control (RBAC): Features and motivations. In Annual Computer Security Applications Conference (1995), IEEE Computer Society Press. Available online: http://csrc.nist.gov/rbac/ferraiolo-cugini-kuhn-95.pdf. Google ScholarDigital Library
- FERRAIOLO, D. F., AND KUHN, D. R. Role-based access control. In Proceedings of the 15th NIST-NSA National Computer Security Conference (1992). Available online: http://csrc.nist.gov/rbac/ferraiolo-kuhn-92.pdf.Google Scholar
- GODIK, S., AND MOSES, T., Eds. eXtensible Access Control Markup Language. OASIS, 2003. OASIS Standard; 18 February 2003.Google Scholar
- GONZLEZ, R. G. A Semantic Web Approach to Digital Rights Management. PhD thesis, 2005. Online: http://rhizomik.net/%7Eroberto/thesis/Thesis.pdf.Google Scholar
- GUTH, S. Interoperability of DRM System. Peter Lang, 2006.Google Scholar
- GUTH, S., NEUMANN, G., AND STREMBECK, M. Experiences with the enforcement of access rights extracted from ODRL-based digital contracts. In Proceedings of the 2003 ACM workshop on Digital Rights Management (2003), ACM, pp. 90--102. Google ScholarDigital Library
- HALPERN, J. Y., AND WEISSMAN, V. A formal foundation for XrML. In Proceedings of the Seventeenth IEEE Computer Security Foundations Workshop (2004), pp. 251--263. URL: http://www.cs.cornell.edu/People/vickyw/paperstalks/XrML/CSFW04.pdf. Google ScholarDigital Library
- IANNELLA, R., Ed. Open Digital Rights Language (ODRL) 1.1. IPR Systems Pty Ltd., 2002. URL: http://odrl.net/1.1/ODRL-11.pdf.Google Scholar
- IANNELLA, R., AND GUTH, S., Eds. ODRL V2.0 - Model Semantics. 04 May 2006. URL: http://odrl.net/2.0/WD-ODRL-Model.html last accessed: 2006-06-05.Google Scholar
- IANNELLA, R., AND GUTH, S., Eds. Open Digital Rights Language (ODRL) Version 2 Requirements. 13 Feb 2005. URL: http://odrl.net/2.0/v2req.html.Google Scholar
- JAJODIA, S., SAMARATI, P., AND SUBRAHMANIAN, V. A logical language for expressing authorizations. In Proceedings of 1997 IEEE Symposium on Security and Privacy (1997), pp. 31--42. Google ScholarDigital Library
- JAMKHEDKAR, P. A., AND HEILEMAN, G. L. DRM as a Layered System. In Proceedings of the Fourth ACM Workshop on Digital Rights Management (2004), A. Kiayias and M. Yung, Eds., ACM, pp. 11--21. Google ScholarDigital Library
- JAMKHEDKAR, P. A., HEILEMAN, G. L., AND MARTINEZ-ORTIZ, I. The problem with rights expression languages. In DRM '06: Proceedings of the ACM workshop on Digital rights management (New York, NY, USA, 2006), ACM Press, pp. 59--68. Google ScholarDigital Library
- KUDO, M., AND HADA, S. XML document security based on provisional authorization. In CCS '00: Proceedings of the 7th ACM conference on Computer and communications security (New York, NY, USA, 2000), ACM Press, pp. 87--96. Google ScholarDigital Library
- MULLIGAN, D., AND BURSTEIN, A. Implementing Copyright Limitations in Rights Expression Languages. In Proceedings of the 2002 ACM workshop on Digital Rights Management (2002), ACM.Google Scholar
- NATIONAL COMPUTER SECURITY CENTER. A guide to understanding discretionary access control in trusted systems. NCSC-TG-003, September 1987.Google Scholar
- PUCELLA, R., AND WEISSMAN, V. A logic for reasoning about digital rights. CoRR cs.CR/0405066 (2004).Google Scholar
- PUCELLA, R., AND WEISSMAN, V. A formal foundation for ODRL. CoRR cs.LO/0601085 (2006).Google Scholar
- REID, J. F., AND CAELLI, W. J. DRM, Trusted Computing and Operating System Architecture. In Conferences in Research and Practice in Information Techology (Newcastle, Australia, 2005), vol. 44, Australian Computer Society, Inc., pp. 127--136. Google ScholarDigital Library
- RHODES, T. Chapter 15 - Mandatory Access Control. FreeBSD Handbook, FreeBSD.org. Online, last accessed: 2006-05-06. URL: http://www.freebsd.org/doc/handbook/mac.html.Google Scholar
- ROSENBLATT, B., AND DYKSTRA, G. Integrating content management with digital rights management - imperatives and opportunities for digital content lifecycles. White paper, Giantsteps Media Technology Strategies, 2003. URL: http://www.giantstepsmts.com/drm-cm white paper.htm.Google Scholar
- SANDHU, R. S., COYNE, E. J., FEINSTEIN, H. L., AND YOUMAN, C. E. Role-based access control models. IEEE Computer 29, 2 (1996), 38--47. Google ScholarDigital Library
- SCHMIDT, A. U., TAFRESCHI, O., AND WOLF, R. Interoperability challenges for DRM systems. In IFIP/GI WOrkshop on Virtual Goods (2004).Google Scholar
- SHARROCK, R. Business Transactions Law, sixth ed. Juta & Co, LTD, 2002.Google Scholar
- SHIREY, R. RFC 2828 - Internet security glossary, 2000. URL: http://www.faqs.org/rfcs/rfc2828.html. Google ScholarDigital Library
- VON SOLMS, S. H., AND VAN DER MERWE, I. The management of computer security profiles using a role-oriented approach. Computers and Security 13, 8 (1994), 673--680. Google ScholarDigital Library
- WOOLDRIDGE, M., AND PARSONS, S. Languages for negotiation. In Proceedings of the Fourteenth European Conference on Artificial Intelligence (ECAI--2000) (2000), W. Horn, Ed., John Wiley & Sons. http://citeseer.ist.psu.edu/wooldridge00languages.html.Google Scholar
Index Terms
- Persistent access control: a formal model for drm
Recommendations
Fairer usage contracts for DRM
DRM '05: Proceedings of the 5th ACM workshop on Digital rights managementDRM has been widely promoted as a means to enforce copyright. In many previous papers, it has been argued that DRM gives too much power to rights holders and actually goes beyond the restrictions provided by copyright laws. In this paper we argue that ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Towards Attribute-Centric Access Control: an ABAC versus RBAC argument
Recent developments in attribute-based access control have fueled the conventional debate regarding the pros and cons of Attributes-based access control ABAC versus Role-based access control RBAC. However, existing arguments have been primarily focused ...
Comments