Trust Enforcing and Trust Building, Different Technologies and Visions

Trust Enforcing and Trust Building, Different Technologies and Visions

Michele Tomaiuolo (Department of Information Engineering, University of Parma, Parma, Italy)
Copyright: © 2012 |Pages: 18
DOI: 10.4018/ijcwt.2012100104
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Concern about vulnerabilities of IT systems is growing together with attention to risks of intrusive cyber-control over personal activities and data. This article discusses some new technologies that are being integrated into computing devices for realizing so-called Trusted Computing and Digital Rights Management systems, which can remotely attest their current hardware/software state and can enforce external policies to access protected content. These technologies are then confronted with distributed Trust Management systems, which realize access control for local resources on the basis of delegation of access rights according to local trust decisions. Both technologies are discussed from various points of view: architecture, vision, ethics, politics and law.
Article Preview

Trusted Systems

Regarding the basic architecture and functioning of Digital Rights Management systems, various so-called “Rights Expression Languages” have been proposed, for the management of digital rights for media content distribution. These languages and frameworks are essentially the result of efforts of businesses to protect digital material from reproduction and sharing. However all Rights Expression Languages just allow copyright holders to express restrictions about the usage of a resource (for this reason, critics of those technologies often refer to them as “restrictions expression languages”), without being able to enforce by themselves the policies they convey. The usage of “trustworthy” systems (Coyle, 2003) and the application of international laws is necessary for actually enforcing the policies these languages allow to express.

In fact, obfuscation is the Achille’s heel of most DRM systems (Stamp, 2003). Obfuscation is necessary for the realization of DRM restrictions on common PCs and other open systems, to make reverse engineering more difficult and protect in some way the decryption function. But in traditional cryptography, obfuscation has always been considered a poor solution, with uncertain resistance to attacks. Moreover, in open systems the decryption function (generally a cryptographic key) can be gathered by scanning the system memory at runtime.

To overcome this problem, content producers are encouraging laws against circumvention of DRM policies. But another parallel effort is directed toward the realization of so-called Trusted Computing systems, composed only of approved hardware and software components, which can assure the respect of media access restrictions.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing