The role of trusted computing in internet scale drm
Download
1 / 22

The role of trusted computing in Internet-scale DRM - PowerPoint PPT Presentation

The role of trusted computing in Internet-scale DRM Geoffrey Strongin AMD Fellow Platform Security Architect geoffrey.strongin@amd.com Overview of this talk Personal background Brief introduction of XRI and XDI XDI link contracts Standardized contracts

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

The role of trusted computing in Internet-scale DRM

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The role of trusted computing in Internet-scale DRM

Geoffrey Strongin

AMD Fellow

Platform Security Architect

geoffrey.strongin@amd.com


Overview of this talk

  • Personal background

  • Brief introduction of XRI and XDI

  • XDI link contracts

  • Standardized contracts

  • Trusted computing and barriers to trusted computing

  • Trusted computing and link contracts

  • How Internet-scale DRM may evolve


Personal background

  • ISTPA – Privacy Framework

  • XNS  XRI, XDI

  • Trusted Computing Group

  • AMD’s Presidio Technology

  • DRM has been a controversial topic in Trusted Computing circles but … a rising tide lifts all boats.

  • DRM is a big boat!

Important

Data - policy binding work

Bringing

Trusted Computing to the PC


Introduction of XRI and XDI

  • Both XRI and XDI trace back to XNS

  • XRI (eXtensible Resource Identifier)

    XRI: A URI compatible scheme for abstract identifiers with lots of 3rd generation features

    • XRI is being developed at OASIS (XRI TC)

      • See http://en.wikipedia.org/wiki/XRI

  • XDI (XRI Data Interchange)

  • XDI: is a general extensible service for sharing, linking, and synchronizing data over the internet using XRI’s and XML documents


The primary goals of XDI

  • To develop a standardized data interchange schema and protocol based on Extensible Resource Identifiers (XRIs) and XML

    • This format can do for machine-readable data what HTML did for human-readable content

  • To enable “link contracts” – machine-readable data sharing agreements that bind shared data to policies governing its use

    • Not immediatly a “standarized” DRM, but the plumbing for “general purpose” DRM


The XDI “Dataweb” model

  • Applies the Web model to machine-readable data sharing

    • XDI documents are XRI-addressable the same way HTML documents are URI-addressable

    • URI addressing/linking goes down only to the document fragment level; XRI addressing/linking goes all the way down to the atomic element level

    • XDI addressing can reference and link elements across XDI documents just like HTML hyperlinks

    • XDI addressing also supports persistent XRIs, so all nodes can be persistently referenced


Core Dataweb Concept


XDI link contracts

  • A link contract is an XDI document governing an XDI data sharing relationship between two XDI data authorities

    • It “binds” XRI-addressable data to XRI-addressable policies governing its use

  • Link contracts can cover any type of XDI data (including other link contracts)

  • Link contracts can associate any type of data sharing policy


Link contracts can include policies for:

  • Identification

  • Authentication

  • Authorization and access control

  • Privacy and usage control

  • Synchronization

  • Termination

  • Recourse


Policy elements

  • Every policy referenced by a link contract has its own XRI (or set of XRI synonyms)

  • The policy itself need not be an XDI document; it might be:

    • Human-readable text document (e.g., Creative Commons licenses, www.creativecommons.org)

    • A document in machine-readable policy expression language (XACML, WS-Policy, etc.)

    • Any other XRI-addressable resource to which the parties can agree


Meaningful link contracts

  • Unless the party relying on a link contract can reasonably expect the referenced policy to be honored it is valueless

    • There are already lots of “implied” and “explicit” contracts that operate within the Internet

      • Many have marginal value since enforcement can be difficult

        • click-through licensees are enforceable under specific conditions, but the overall story is murky and varies from one polity to another

      • Policy-containing contracts are not often bound to the data exchanged in a persistent way

    • XDI helps with some of these issues and trusted computing can help with enforcement

      • Enforcement from trusted computing implies a policy engine capable of enforcement


Standardized link contracts (referenced policies)

  • Custom contracts are possible with XDI but like all custom legal work they will be expensive

    • Enforceability is at least a question

    • Real computer-to-computer negotiation of such contracts remains a challenge

    • In brief, this won’t scale

  • The use of standardized and pro forma contracts appears to be the way to scale the use of link-contracts

  • The Internet has already spawned lots of standard contracts that are widely referenced

    • The most obvious example of this are open source licenses

  • XDI will likely spawn a whole range of new standardized contracts that will come into broad usage

    • The availability of a pool of such contracts will enable “automatic” contract negotiation where parties are able to identify acceptable contracts in advance


What is “Trusted Computing”

  • A simplified definition of trusted or trustworthy computing:

  • The combination of:

    • A self protecting trusted computing base (TCB)

    • Reliable measurement agents

    • Reliable attestation or reporting capability

  • The foundation blocks for this are in place today, and we are waiting for the whole structure to be built

    • Some of the reasons that this is slow to emerge are worth noting…


Barriers to the adoption of trusted computing are falling (if slowly!)

  • Cost – no longer a significant barrier

  • Availability of the building blocks – mostly solved now

    • Software TCB elements lagging

      • Secure Hypervisors and

    • Credentials still lagging (a chicken and egg game)

  • Ease of use

  • Liability issues

  • Scalability (surprise!)– why we are here

  • Clear understanding of delivered value


Ease of use as a barrier

  • Attestation information as originally defined by TCG is difficult to consume

    • The abstraction level of the elements in the “stored measurement log” has to be raised

      • The hashes of software objects are “brittle”

    • More fundamentally – identification and validation don’t directly predict behavior

      • Attestation needs to move beyond “code signatures” into the behavioral (semantic) realm

    • We need a standardized language or metrics to express the intersection of the robustness of implementation of a TCB in a platform and the nature of the policies enforced by the TCB

      • Common Criteria can address the former (at high cost)

      • We are still lacking a good solution for the latter

  • We need the equivilent of a credit score for trustworthy platforms


  • Liability issues as a barrier

    • Bad things happen!

    • No one wants to be left holding the bag when they do

    • Providing attestation data, credentials and other infrastructure components that support trusted computing could result in increased liability on the part of the “supply chain” providers

    • We may need regulatory relief to foster the growth of trusted computing (PKI)

    • We may also be able to manage the risk by using XDI link contracts within the attestation infrastructure to establish and allocate liability


    XDI and trusted computing

    • XDI benefits from

    • trusted computing:

      • Policy enforcement

      • Authentication

      • Non repudiation

    • Trusted Computing benefits from XDI:

      • Establishes value in attestation

      • XDI plumbing for attestation information with “liability” management

      • Revocation push/pull


    Trusted computing as part of the link contract

    • Attestation of the recipients computing environment and DRM engine can be a data-exchange prerequisite

      • DRM systems are based on the assumption that the DRM engine has not been hacked

      • Reliable assessment of the enforcement capabilities of remote platforms becomes possible with trusted computing technology

      • Participation remains voluntary, but there are public policy implications as this becomes ubiquitous

        • Powerful tools can always be misused

        • The link-contracts can work both ways

          • Assessment for the data provider, and limitations on the use of the attestation information for the data recipient

        • Privacy principles can become part of the lexicon of standardized link contracts where law and regulation don’t suffice


    Link contracts and trusted computing

    • Some of the factors that come into play:

      • The level of knowledge about the other party

      • The value of the transaction

      • The level of automation involved

        • How much direct human involvement is present?

        • Already a factor in lots of transactions (funny text tests)

          Tools outside of trusted computing that enable data interchange

      • Reputation services (expected XDI global services)

      • Law and policy context

      • Insurance and recourse


    How Internet scale DRM may evolve

    • A little prognostication…

    • Initial use of XDI will have to depend on established trust relationships

      • Most data today flows using this kind of model

        • Consumer “knows” provider

        • Commercial partners “know” each other

      • Standardized link contracts will be developed to serve the existing models of data exchange

    • As XDI evolves it will start to leverage trusted computing where it does exist

      • This will open the door to some more spontaneous data sharing and will in turn help validate the benefits of trusted computing

  • Over time a virtuous cycle may emerge where XDI link contracts increasingly use trusted computing and where trusted computing relies more and more on XDI


  • Our challenge

    • Break down the remaining barriers to trusted computing adoption

      • Foster the development and deployment of the technology building blocks (if we build it…)

      • Focus significant corporate and academic resources on the “ease of use” problem

    • My request:

    • Keep an eye on XRI and XDI as they developShare your critical views on this work with the OASIS XRI and XDI TC’s

    • My hope is that you will leverage these technologies to foster the scale-out of trusted computing


    Links for more information on XDI

    • http://en.wikipedia.org/wiki/XDI

    • http://www.oasis-open.org

    • Google for the XDI FAQ


    ad
  • Login