Flexible and secure enterprise rights management based on trusted virtual domains

Authors:
Yacine Gasmi;Ahmad-Reza Sadeghi;Patrick Stewin;Martin Unger;Marcel Winandy;Rani Husseiki;Christian Stüble
Affiliations:
Ruhr-University Bochum, Bochum, Germany;Ruhr-University Bochum, Bochum, Germany;Ruhr-University Bochum, Bochum, Germany;Ruhr-University Bochum, Bochum, Germany;Ruhr-University Bochum, Bochum, Germany;Sirrix AG security technologies, Bochum, Germany;Sirrix AG security technologies, Bochum, Germany
Venue:
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Year:
2008

Citing 20
Cited 6

On micro-kernel construction

SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Security architectures for controlled digital information dissemination

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Towards a Multi-dimensional Characterization of Dissemination Control

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Peer-to-peer access control architecture using trusted computing technology

Proceedings of the tenth ACM symposium on Access control models and technologies
DRM, trusted computing and operating system architecture

ACSW Frontiers '05 Proceedings of the 2005 Australasian workshop on Grid computing and e-research - Volume 44
Trusted Computing Platforms: TCPA Technology in Context

Trusted Computing Platforms: TCPA Technology in Context
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Secure information sharing enabled by Trusted Computing and PEI models

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Lazy Revocation in Cryptographic File Systems

SISW '05 Proceedings of the Third IEEE International Security in Storage Workshop
PRIMA: policy-reduced integrity measurement architecture

Proceedings of the eleventh ACM symposium on Access control models and technologies
Persistent information security: beyond the e-commerce threat model

ICEC '06 Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Multilevel filesystems in solaris trusted extensions

Proceedings of the 12th ACM symposium on Access control models and technologies
Semantic remote attestation: a virtual machine directed approach to trusted computing

VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
vTPM: virtualizing the trusted platform module

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Beyond secure channels

Proceedings of the 2007 ACM workshop on Scalable trusted computing
Towards automated provisioning of secure virtualized networks

Proceedings of the 14th ACM conference on Computer and communications security
TVDc: managing security in the trusted virtual datacenter

ACM SIGOPS Operating Systems Review
Trusted virtual domains: toward secure distributed services

HotDep'05 Proceedings of the First conference on Hot topics in system dependability
Enabling fairer digital rights management with trusted computing

ISC'07 Proceedings of the 10th international conference on Information Security

Transparent mobile storage protection in trusted virtual domains

LISA'09 Proceedings of the 23rd conference on Large installation system administration
Content oriented virtual domains for secure information sharing across organizations

Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Trusted virtual domains on OpenSolaris: usable secure desktop environments

Proceedings of the fifth ACM workshop on Scalable trusted computing
Trusted virtual domains on OKL4: secure information sharing on smartphones

Proceedings of the sixth ACM workshop on Scalable trusted computing
Trusted virtual domains – design, implementation and lessons learned

INTRUST'09 Proceedings of the First international conference on Trusted Systems
A legally-admissible copyrights ownership identification protocol for digital works

Proceedings of the 4th International Conference on Internet Multimedia Computing and Service

Quantified Score

Hi-index	0.00

Visualization

Abstract

The requirements for secure document workflows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, fine-grained access control to document information is necessary in certain scenarios where the integrity and confidentiality of parts of documents is of high priority. In this paper, we present a secure and flexible Enterprise Rights Management (ERM) system based on a refined version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workflow from other tasks on the user platforms, and a role-based document-policy ensuring both confidentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture offers advanced features for secure document workflows such as offline access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on key management, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation.