The role of trusted computing in internet scale drm l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

The role of trusted computing in Internet-scale DRM PowerPoint PPT Presentation

The role of trusted computing in Internet-scale DRM Geoffrey Strongin AMD Fellow Platform Security Architect [email protected] Overview of this talk Personal background Brief introduction of XRI and XDI XDI link contracts Standardized contracts

Download Presentation

The role of trusted computing in Internet-scale DRM

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The role of trusted computing in internet scale drm l.jpg

The role of trusted computing in Internet-scale DRM

Geoffrey Strongin

AMD Fellow

Platform Security Architect

[email protected]


Overview of this talk l.jpg

Overview of this talk

  • Personal background

  • Brief introduction of XRI and XDI

  • XDI link contracts

  • Standardized contracts

  • Trusted computing and barriers to trusted computing

  • Trusted computing and link contracts

  • How Internet-scale DRM may evolve


Personal background l.jpg

Personal background

  • ISTPA – Privacy Framework

  • XNS  XRI, XDI

  • Trusted Computing Group

  • AMD’s Presidio Technology

  • DRM has been a controversial topic in Trusted Computing circles but … a rising tide lifts all boats.

  • DRM is a big boat!

Important

Data - policy binding work

Bringing

Trusted Computing to the PC


Introduction of xri and xdi l.jpg

Introduction of XRI and XDI

  • Both XRI and XDI trace back to XNS

  • XRI (eXtensible Resource Identifier)

    XRI: A URI compatible scheme for abstract identifiers with lots of 3rd generation features

    • XRI is being developed at OASIS (XRI TC)

      • See http://en.wikipedia.org/wiki/XRI

  • XDI (XRI Data Interchange)

  • XDI: is a general extensible service for sharing, linking, and synchronizing data over the internet using XRI’s and XML documents


The primary goals of xdi l.jpg

The primary goals of XDI

  • To develop a standardized data interchange schema and protocol based on Extensible Resource Identifiers (XRIs) and XML

    • This format can do for machine-readable data what HTML did for human-readable content

  • To enable “link contracts” – machine-readable data sharing agreements that bind shared data to policies governing its use

    • Not immediatly a “standarized” DRM, but the plumbing for “general purpose” DRM


The xdi dataweb model l.jpg

The XDI “Dataweb” model

  • Applies the Web model to machine-readable data sharing

    • XDI documents are XRI-addressable the same way HTML documents are URI-addressable

    • URI addressing/linking goes down only to the document fragment level; XRI addressing/linking goes all the way down to the atomic element level

    • XDI addressing can reference and link elements across XDI documents just like HTML hyperlinks

    • XDI addressing also supports persistent XRIs, so all nodes can be persistently referenced


Core dataweb concept l.jpg

Core Dataweb Concept


Xdi link contracts l.jpg

XDI link contracts

  • A link contract is an XDI document governing an XDI data sharing relationship between two XDI data authorities

    • It “binds” XRI-addressable data to XRI-addressable policies governing its use

  • Link contracts can cover any type of XDI data (including other link contracts)

  • Link contracts can associate any type of data sharing policy


Link contracts can include policies for l.jpg

Link contracts can include policies for:

  • Identification

  • Authentication

  • Authorization and access control

  • Privacy and usage control

  • Synchronization

  • Termination

  • Recourse


Policy elements l.jpg

Policy elements

  • Every policy referenced by a link contract has its own XRI (or set of XRI synonyms)

  • The policy itself need not be an XDI document; it might be:

    • Human-readable text document (e.g., Creative Commons licenses, www.creativecommons.org)

    • A document in machine-readable policy expression language (XACML, WS-Policy, etc.)

    • Any other XRI-addressable resource to which the parties can agree


Meaningful link contracts l.jpg

Meaningful link contracts

  • Unless the party relying on a link contract can reasonably expect the referenced policy to be honored it is valueless

    • There are already lots of “implied” and “explicit” contracts that operate within the Internet

      • Many have marginal value since enforcement can be difficult

        • click-through licensees are enforceable under specific conditions, but the overall story is murky and varies from one polity to another

      • Policy-containing contracts are not often bound to the data exchanged in a persistent way

    • XDI helps with some of these issues and trusted computing can help with enforcement

      • Enforcement from trusted computing implies a policy engine capable of enforcement


Standardized link contracts referenced policies l.jpg

Standardized link contracts (referenced policies)

  • Custom contracts are possible with XDI but like all custom legal work they will be expensive

    • Enforceability is at least a question

    • Real computer-to-computer negotiation of such contracts remains a challenge

    • In brief, this won’t scale

  • The use of standardized and pro forma contracts appears to be the way to scale the use of link-contracts

  • The Internet has already spawned lots of standard contracts that are widely referenced

    • The most obvious example of this are open source licenses

  • XDI will likely spawn a whole range of new standardized contracts that will come into broad usage

    • The availability of a pool of such contracts will enable “automatic” contract negotiation where parties are able to identify acceptable contracts in advance


What is trusted computing l.jpg

What is “Trusted Computing”

  • A simplified definition of trusted or trustworthy computing:

  • The combination of:

    • A self protecting trusted computing base (TCB)

    • Reliable measurement agents

    • Reliable attestation or reporting capability

  • The foundation blocks for this are in place today, and we are waiting for the whole structure to be built

    • Some of the reasons that this is slow to emerge are worth noting…


Barriers to the adoption of trusted computing are falling if slowly l.jpg

Barriers to the adoption of trusted computing are falling (if slowly!)

  • Cost – no longer a significant barrier

  • Availability of the building blocks – mostly solved now

    • Software TCB elements lagging

      • Secure Hypervisors and

    • Credentials still lagging (a chicken and egg game)

  • Ease of use

  • Liability issues

  • Scalability (surprise!)– why we are here

  • Clear understanding of delivered value


Ease of use as a barrier l.jpg

Ease of use as a barrier

  • Attestation information as originally defined by TCG is difficult to consume

    • The abstraction level of the elements in the “stored measurement log” has to be raised

      • The hashes of software objects are “brittle”

    • More fundamentally – identification and validation don’t directly predict behavior

      • Attestation needs to move beyond “code signatures” into the behavioral (semantic) realm

    • We need a standardized language or metrics to express the intersection of the robustness of implementation of a TCB in a platform and the nature of the policies enforced by the TCB

      • Common Criteria can address the former (at high cost)

      • We are still lacking a good solution for the latter

  • We need the equivilent of a credit score for trustworthy platforms


  • Liability issues as a barrier l.jpg

    Liability issues as a barrier

    • Bad things happen!

    • No one wants to be left holding the bag when they do

    • Providing attestation data, credentials and other infrastructure components that support trusted computing could result in increased liability on the part of the “supply chain” providers

    • We may need regulatory relief to foster the growth of trusted computing (PKI)

    • We may also be able to manage the risk by using XDI link contracts within the attestation infrastructure to establish and allocate liability


    Xdi and trusted computing l.jpg

    XDI and trusted computing

    • XDI benefits from

    • trusted computing:

      • Policy enforcement

      • Authentication

      • Non repudiation

    • Trusted Computing benefits from XDI:

      • Establishes value in attestation

      • XDI plumbing for attestation information with “liability” management

      • Revocation push/pull


    Trusted computing as part of the link contract l.jpg

    Trusted computing as part of the link contract

    • Attestation of the recipients computing environment and DRM engine can be a data-exchange prerequisite

      • DRM systems are based on the assumption that the DRM engine has not been hacked

      • Reliable assessment of the enforcement capabilities of remote platforms becomes possible with trusted computing technology

      • Participation remains voluntary, but there are public policy implications as this becomes ubiquitous

        • Powerful tools can always be misused

        • The link-contracts can work both ways

          • Assessment for the data provider, and limitations on the use of the attestation information for the data recipient

        • Privacy principles can become part of the lexicon of standardized link contracts where law and regulation don’t suffice


    Link contracts and trusted computing l.jpg

    Link contracts and trusted computing

    • Some of the factors that come into play:

      • The level of knowledge about the other party

      • The value of the transaction

      • The level of automation involved

        • How much direct human involvement is present?

        • Already a factor in lots of transactions (funny text tests)

          Tools outside of trusted computing that enable data interchange

      • Reputation services (expected XDI global services)

      • Law and policy context

      • Insurance and recourse


    How internet scale drm may evolve l.jpg

    How Internet scale DRM may evolve

    • A little prognostication…

    • Initial use of XDI will have to depend on established trust relationships

      • Most data today flows using this kind of model

        • Consumer “knows” provider

        • Commercial partners “know” each other

      • Standardized link contracts will be developed to serve the existing models of data exchange

    • As XDI evolves it will start to leverage trusted computing where it does exist

      • This will open the door to some more spontaneous data sharing and will in turn help validate the benefits of trusted computing

  • Over time a virtuous cycle may emerge where XDI link contracts increasingly use trusted computing and where trusted computing relies more and more on XDI


  • Our challenge l.jpg

    Our challenge

    • Break down the remaining barriers to trusted computing adoption

      • Foster the development and deployment of the technology building blocks (if we build it…)

      • Focus significant corporate and academic resources on the “ease of use” problem

    • My request:

    • Keep an eye on XRI and XDI as they developShare your critical views on this work with the OASIS XRI and XDI TC’s

    • My hope is that you will leverage these technologies to foster the scale-out of trusted computing


    Links for more information on xdi l.jpg

    Links for more information on XDI

    • http://en.wikipedia.org/wiki/XDI

    • http://www.oasis-open.org

    • Google for the XDI FAQ


  • Login