the role of trusted computing in internet scale drm l.
Skip this Video
Loading SlideShow in 5 Seconds..
The role of trusted computing in Internet-scale DRM PowerPoint Presentation
Download Presentation
The role of trusted computing in Internet-scale DRM

Loading in 2 Seconds...

play fullscreen
1 / 22

The role of trusted computing in Internet-scale DRM - PowerPoint PPT Presentation

  • Uploaded on

The role of trusted computing in Internet-scale DRM Geoffrey Strongin AMD Fellow Platform Security Architect Overview of this talk Personal background Brief introduction of XRI and XDI XDI link contracts Standardized contracts

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

The role of trusted computing in Internet-scale DRM

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the role of trusted computing in internet scale drm

The role of trusted computing in Internet-scale DRM

Geoffrey Strongin

AMD Fellow

Platform Security Architect

overview of this talk
Overview of this talk
  • Personal background
  • Brief introduction of XRI and XDI
  • XDI link contracts
  • Standardized contracts
  • Trusted computing and barriers to trusted computing
  • Trusted computing and link contracts
  • How Internet-scale DRM may evolve
personal background
Personal background
  • ISTPA – Privacy Framework
  • XNS  XRI, XDI
  • Trusted Computing Group
  • AMD’s Presidio Technology
  • DRM has been a controversial topic in Trusted Computing circles but … a rising tide lifts all boats.
  • DRM is a big boat!


Data - policy binding work


Trusted Computing to the PC

introduction of xri and xdi
Introduction of XRI and XDI
  • Both XRI and XDI trace back to XNS
  • XRI (eXtensible Resource Identifier)

XRI: A URI compatible scheme for abstract identifiers with lots of 3rd generation features

      • XRI is being developed at OASIS (XRI TC)
        • See
    • XDI (XRI Data Interchange)
    • XDI: is a general extensible service for sharing, linking, and synchronizing data over the internet using XRI’s and XML documents
the primary goals of xdi
The primary goals of XDI
  • To develop a standardized data interchange schema and protocol based on Extensible Resource Identifiers (XRIs) and XML
    • This format can do for machine-readable data what HTML did for human-readable content
  • To enable “link contracts” – machine-readable data sharing agreements that bind shared data to policies governing its use
    • Not immediatly a “standarized” DRM, but the plumbing for “general purpose” DRM
the xdi dataweb model
The XDI “Dataweb” model
  • Applies the Web model to machine-readable data sharing
    • XDI documents are XRI-addressable the same way HTML documents are URI-addressable
    • URI addressing/linking goes down only to the document fragment level; XRI addressing/linking goes all the way down to the atomic element level
    • XDI addressing can reference and link elements across XDI documents just like HTML hyperlinks
    • XDI addressing also supports persistent XRIs, so all nodes can be persistently referenced
xdi link contracts
XDI link contracts
  • A link contract is an XDI document governing an XDI data sharing relationship between two XDI data authorities
    • It “binds” XRI-addressable data to XRI-addressable policies governing its use
  • Link contracts can cover any type of XDI data (including other link contracts)
  • Link contracts can associate any type of data sharing policy
link contracts can include policies for
Link contracts can include policies for:
  • Identification
  • Authentication
  • Authorization and access control
  • Privacy and usage control
  • Synchronization
  • Termination
  • Recourse
policy elements
Policy elements
  • Every policy referenced by a link contract has its own XRI (or set of XRI synonyms)
  • The policy itself need not be an XDI document; it might be:
    • Human-readable text document (e.g., Creative Commons licenses,
    • A document in machine-readable policy expression language (XACML, WS-Policy, etc.)
    • Any other XRI-addressable resource to which the parties can agree
meaningful link contracts
Meaningful link contracts
  • Unless the party relying on a link contract can reasonably expect the referenced policy to be honored it is valueless
    • There are already lots of “implied” and “explicit” contracts that operate within the Internet
      • Many have marginal value since enforcement can be difficult
        • click-through licensees are enforceable under specific conditions, but the overall story is murky and varies from one polity to another
      • Policy-containing contracts are not often bound to the data exchanged in a persistent way
    • XDI helps with some of these issues and trusted computing can help with enforcement
      • Enforcement from trusted computing implies a policy engine capable of enforcement
standardized link contracts referenced policies
Standardized link contracts (referenced policies)
  • Custom contracts are possible with XDI but like all custom legal work they will be expensive
    • Enforceability is at least a question
    • Real computer-to-computer negotiation of such contracts remains a challenge
    • In brief, this won’t scale
  • The use of standardized and pro forma contracts appears to be the way to scale the use of link-contracts
  • The Internet has already spawned lots of standard contracts that are widely referenced
    • The most obvious example of this are open source licenses
  • XDI will likely spawn a whole range of new standardized contracts that will come into broad usage
    • The availability of a pool of such contracts will enable “automatic” contract negotiation where parties are able to identify acceptable contracts in advance
what is trusted computing
What is “Trusted Computing”
  • A simplified definition of trusted or trustworthy computing:
  • The combination of:
    • A self protecting trusted computing base (TCB)
    • Reliable measurement agents
    • Reliable attestation or reporting capability
  • The foundation blocks for this are in place today, and we are waiting for the whole structure to be built
    • Some of the reasons that this is slow to emerge are worth noting…
barriers to the adoption of trusted computing are falling if slowly
Barriers to the adoption of trusted computing are falling (if slowly!)
  • Cost – no longer a significant barrier
  • Availability of the building blocks – mostly solved now
    • Software TCB elements lagging
      • Secure Hypervisors and
    • Credentials still lagging (a chicken and egg game)
  • Ease of use
  • Liability issues
  • Scalability (surprise!)– why we are here
  • Clear understanding of delivered value
ease of use as a barrier
Ease of use as a barrier
  • Attestation information as originally defined by TCG is difficult to consume
    • The abstraction level of the elements in the “stored measurement log” has to be raised
      • The hashes of software objects are “brittle”
    • More fundamentally – identification and validation don’t directly predict behavior
      • Attestation needs to move beyond “code signatures” into the behavioral (semantic) realm
    • We need a standardized language or metrics to express the intersection of the robustness of implementation of a TCB in a platform and the nature of the policies enforced by the TCB
        • Common Criteria can address the former (at high cost)
        • We are still lacking a good solution for the latter
  • We need the equivilent of a credit score for trustworthy platforms
liability issues as a barrier
Liability issues as a barrier
  • Bad things happen!
  • No one wants to be left holding the bag when they do
  • Providing attestation data, credentials and other infrastructure components that support trusted computing could result in increased liability on the part of the “supply chain” providers
  • We may need regulatory relief to foster the growth of trusted computing (PKI)
  • We may also be able to manage the risk by using XDI link contracts within the attestation infrastructure to establish and allocate liability
xdi and trusted computing
XDI and trusted computing
  • XDI benefits from
  • trusted computing:
    • Policy enforcement
    • Authentication
    • Non repudiation
  • Trusted Computing benefits from XDI:
    • Establishes value in attestation
    • XDI plumbing for attestation information with “liability” management
    • Revocation push/pull
trusted computing as part of the link contract
Trusted computing as part of the link contract
  • Attestation of the recipients computing environment and DRM engine can be a data-exchange prerequisite
    • DRM systems are based on the assumption that the DRM engine has not been hacked
    • Reliable assessment of the enforcement capabilities of remote platforms becomes possible with trusted computing technology
    • Participation remains voluntary, but there are public policy implications as this becomes ubiquitous
      • Powerful tools can always be misused
      • The link-contracts can work both ways
        • Assessment for the data provider, and limitations on the use of the attestation information for the data recipient
      • Privacy principles can become part of the lexicon of standardized link contracts where law and regulation don’t suffice
link contracts and trusted computing
Link contracts and trusted computing
  • Some of the factors that come into play:
    • The level of knowledge about the other party
    • The value of the transaction
    • The level of automation involved
      • How much direct human involvement is present?
      • Already a factor in lots of transactions (funny text tests)

Tools outside of trusted computing that enable data interchange

    • Reputation services (expected XDI global services)
    • Law and policy context
    • Insurance and recourse
how internet scale drm may evolve
How Internet scale DRM may evolve
  • A little prognostication…
  • Initial use of XDI will have to depend on established trust relationships
    • Most data today flows using this kind of model
      • Consumer “knows” provider
      • Commercial partners “know” each other
    • Standardized link contracts will be developed to serve the existing models of data exchange
  • As XDI evolves it will start to leverage trusted computing where it does exist
      • This will open the door to some more spontaneous data sharing and will in turn help validate the benefits of trusted computing
  • Over time a virtuous cycle may emerge where XDI link contracts increasingly use trusted computing and where trusted computing relies more and more on XDI
our challenge
Our challenge
  • Break down the remaining barriers to trusted computing adoption
    • Foster the development and deployment of the technology building blocks (if we build it…)
    • Focus significant corporate and academic resources on the “ease of use” problem
  • My request:
  • Keep an eye on XRI and XDI as they developShare your critical views on this work with the OASIS XRI and XDI TC’s
  • My hope is that you will leverage these technologies to foster the scale-out of trusted computing
links for more information on xdi
Links for more information on XDI
  • Google for the XDI FAQ