skip to main content
10.1145/1529282.1529738acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

Secure web-based retrieval of documents with usage controls

Published: 08 March 2009 Publication History

Abstract

Usage controls enable the provider of some information to limit how recipients may use it. Usage controls may be desirable in enterprise environments, e.g., for regulatory compliance or to protect intellectual property in collaborative endeavors. We contribute Web protocol, server, and browser modifications for hardening existing software-based usage controls (e.g., PDF's) with Trusted Platform Modules (TPMs). TPMs are low-cost secure coprocessors present in an increasing number of computers. We use the TPM to prevent untrusted software from opening usage-controlled files. We implemented the proposed solution on Linux by adding a Linux Security Module to the kernel and modifying Apache and Firefox. No modifications are necessary in applications used for authoring and displaying usage-controlled files (e.g., OpenOffice and xpdf). Experiments show that the proposed scheme has modest impact on client response time and server CPU utilization.

References

[1]
Gallery of Adobe remedies. http://www.cs.cmu.edu/~dst/Adobe/Gallery.
[2]
Microsoft digital rights management scheme - technical details. http://cryptome.org/ms-drm.htm.
[3]
Network Security Services (NSS). http://www.mozilla.org/projects/security/pki/nss/.
[4]
NSF Center for e-Design. http://e-design.iems.ucf.edu/.
[5]
S. Blake-Wilson, M. Nystrom, D. Hopwood, J. Mikkelsen, and T. Wright. RFC3546 - Transport Layer Security (TLS) extensions. http://www.ietf.org/rfc/rfc3546.txt, June 2003.
[6]
J. Brustoloni, R. Villamarín-Salomón, P. Djalaliev, and D. Kyle. Evaluating the usability of usage controls in electronic collaboration. In Proc. of the 4th Symposium on Usable Privacy and Security (SOUPS2008). ACM, July 2008.
[7]
T. Dierks and C. Allen. The TLS protocol: Version 1.0. http://www.ietf.org/rfc/rfc2246.txt, January 1999.
[8]
R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. RFC2616 - Hypertext Transfer Protocol - HTTP/1.1. http://www.ietf.org/rfc/rfc2616.txt, June 1999.
[9]
R. Ianella. Open Digital Rights Language (ODRL) version 1.1. http://www.w3.org/TR/odrl/, September 2002.
[10]
R. Khare and S. Lawrence. Upgrading to TLS within HTTP/1.1. www.ietf.org/rfc/rfc2817.txt, May 2000.
[11]
D. Kyle and J. Brustoloni. UCLinux: a Linux Security Module for Trusted-Computing-based usage control enforcement. In Proc. of 2nd Workshop on Scalable Trusted Computing. ACM, November 2007.
[12]
J. Marchesini, S. Smith, O. Wild, and R. MacDonald. Experimenting with TCPA/TCG hardware, or: How I learned to stop worrying and love the bear. Computer Science Technical Report TR2003-476, Department of Computer Science/Dartmouth PKI Lab Dartmouth College, Hanover, New Hampshire, USA, December 2003.
[13]
B. McCarthy. SELinux: NSA's Open Source Security Enhanced Linux. O'Reilly, first edition, October 2004.
[14]
M. Peinado, Y. Chen, P. England, and J. Manferdelli. NGSCB: A trusted open system. Lecture Notes in Computer Science, 3108/2004:86--97, June 2004.
[15]
R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement scheme. In Proc. of the 13th USENIX Security Symposium. USENIX Association, August 2004.
[16]
Trusted Computing Group. Trusted Computing Platform Alliance (TCPA): Main specification version 1.1b. http://www.trustedcomputinggroup.org/, February 2002.
[17]
C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman. Linux Security Modules: General security support for the Linux kernel. In Proc. of the 11th USENIX Security Symposium. USENIX Association, August 2002.

Cited By

View all
  • (2011)Usage control enforcement - a surveyProceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems10.5555/2033973.2033978(38-49)Online publication date: 22-Aug-2011
  • (2011)Usage Control Enforcement - A SurveyAvailability, Reliability and Security for Business, Enterprise and Health Information Systems10.1007/978-3-642-23300-5_4(38-49)Online publication date: 2011

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SAC '09: Proceedings of the 2009 ACM symposium on Applied Computing
March 2009
2347 pages
ISBN:9781605581668
DOI:10.1145/1529282
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 March 2009

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. digital rights management (DRM)
  2. trusted platform module (TPM)

Qualifiers

  • Research-article

Conference

SAC09
Sponsor:
SAC09: The 2009 ACM Symposium on Applied Computing
March 8, 2009 - March 12, 2008
Hawaii, Honolulu

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25
The 40th ACM/SIGAPP Symposium on Applied Computing
March 31 - April 4, 2025
Catania , Italy

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2011)Usage control enforcement - a surveyProceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems10.5555/2033973.2033978(38-49)Online publication date: 22-Aug-2011
  • (2011)Usage Control Enforcement - A SurveyAvailability, Reliability and Security for Business, Enterprise and Health Information Systems10.1007/978-3-642-23300-5_4(38-49)Online publication date: 2011

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media