Persistent access control: A formal model for DRM

DRM'07 - Proceedings of the 2007 ACM Workshop on Digital Rights Management

Volumn , Issue , 2007, Pages 41-53

  Arnab, Alapan ^a   Hutchison, Andrew ^a  

^a UNIVERSITY OF CAPE TOWN   (South Africa)

Author keywords

access control; REL; rights expression languages

Indexed keywords

ACCESS CONTROL MODELS; ACCESS CONTROL POLICIES; CONTRACTUAL AGREEMENTS; DIGITAL RIGHTS MANAGEMENT; DRM SYSTEM; FORMAL DESCRIPTION; FORMAL MODEL; FORMAL NOTATIONS; REL; RIGHTS EXPRESSION LANGUAGE;

COPYRIGHTS; SECURITY SYSTEMS; SEMANTICS;

ACCESS CONTROL;

EID: 69249168719     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1314276.1314286     Document Type: Conference Paper

References (40)

1. eXtensible rights Markup Language (XrML) 2.0 Specification, 2001.
2. AMERICAN HERITAGE DICTIONARIES, Ed. The American Heritage Dictionary of the English Language, fourth ed. Houghton Mifflin Company, 2000.
3. nd International ODRL Workshop (2005).
4. ARNAB, A., AND HUTCHISON, A. Fairer usage contracts for DRM. In Proceedings of the fifth ACM Workshop on Digital Rights Management, Co-Located with ACM CCS 2005 (2005), R. Safavi-Naini and M. Yung, Eds., ACM, pp. 1-7.
5. ARNAB, A., AND HUTCHISON, A. DRM use license negotiations using ODRL v2.0, 2006. Submitted to the discussions in the 9th General Assembly of the Digital Media Project (DMP), Laussanne, Switzerland.
6. ARNAB, A., AND HUTCHISON, A. Verifiable digital object identity system. In Proceedings of the Sixth ACM Workshop on Digital Rights Management, Co-Located with ACM CCS 2006 (2006), K. Kurosawa, R. Safavi-Naini, and M. Yung, Eds., ACM.
7. BECHTOLD, S. Digital Rights Management in the United States and Europe. IVir, Buma/Stemra - Copyright and the Music Industry: Digital Dilemmas.
8. BELL, D. E., AND LAPADULA, L. J. Secure computer system: Unified exposition and multics interpretation. Mtr-2997 rev. 1, The MITRE Corporation. Online, last accessed: 2006-05-06. URL: http://csrc.nist.gov/publications/ history/bell76.pdf.
9. BELL, D. E., AND LAPADULA, L. J. Secure computer systems: A mathematical model. Journal of Computer Security 4, 2/3 (1996), 229-263. Reprint of 1973 technical report M74 244, MITRE Corp.
10. COYLE, K. Right Expression Languages, A report for the Library of Congress. Tech. rep., Library of Congress, USA, 2004.
11. DAI, J., AND ALVES-FOSS, J. Logic based authorization policy engineering. In Proceedings of the 6th World Multiconference on Systemics, Cybernetics, and Informatics (2002), pp. 230-238.
12. FELTEN, E. Skeptical view of DRM and Fair Use. Communications of the ACM 46, 4 (2003), 57-59.
13. FERRAIOLO, D. F., BARKLEY, J. F., AND KUHN, D. R. A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Information and System Security 2, 1 (1999), 34-64.
14. FERRAIOLO, D. F., CUGINI, J. A., AND KUHN, D. R. Role-based access control (RBAC): Features and motivations. In Annual Computer Security Applications Conference (1995), IEEE Computer Society Press. Available online: http://csrc.nist.gov/rbac/ferraiolo-cugini-kuhn-95.pdf.
15. FERRAIOLO, D. F., AND KUHN, D. R. Role-based access control. In Proceedings of the 15th NIST-NSA National Computer Security Conference (1992). Available online: http://csrc.nist.gov/rbac/ferraiolo-kuhn-92.pdf.
16. GODIK, S., AND MOSES, T., Eds. eXtensible Access Control Markup Language. OASIS, 2003. OASIS Standard; 18 February 2003.
17. GONZLEZ, R. G. A Semantic Web Approach to Digital Rights Management. PhD thesis, 2005. Online: http://rhizomik.net/%7Eroberto/thesis/Thesis.pdf.
18. GUTH, S. Interoperability of DRM System. Peter Lang, 2006.
19. GUTH, S., NEUMANN, G., AND STREMBECK, M. Experiences with the enforcement of access rights extracted from ODRL-based digital contracts. In Proceedings of the 2003 ACM workshop on Digital Rights Management (2003), ACM, pp. 90-102.
20. HALPERN, J. Y., AND WEISSMAN, V. A formal foundation for XrML. In Proceedings of the Seventeenth IEEE Computer Security Foundations Workshop (2004), pp. 251-263. URL: http://www.cs.cornell.edu/People/vickyw/paperstalks/ XrML/CSFW04.pdf.
21. IANNELLA, R., Ed. Open Digital Rights Language (ODRL) 1.1. IPR Systems Pty Ltd., 2002. URL: http://odrl.net/1.1/ODRL-11.pdf.
22. IANNELLA, R., AND GUTH, S., Eds. Open Digital Rights Language (ODRL) Version 2 Requirements. 13 Feb 2005. URL: http://odrl.net/2.0/v2req.html.
23. IANNELLA, R., AND GUTH, S., Eds. ODRL V2.0 - Model Semantics. 13 Jan 2007. URL: http://odrl.net/2.0/WD-ODRL-Model-20070113.html last accessed: 2007-08-23.
24. JAJODIA, S., SAMARATI, P., AND SUBRAHMANIAN, V. A logical language for expressing authorizations. In Proceedings of 1997 IEEE Symposium on Security and Privacy (1997), pp. 31-42.
25. JAMKHEDKAR, P. A., AND HEILEMAN, G. L. DRM as a Layered System. In Proceedings of the Fourth ACM Workshop on Digital Rights Management (2004), A. Kiayias and M. Yung, Eds., ACM, pp. 11-21.
26. JAMKHEDKAR, P. A., HEILEMAN, G. L., AND MARTINEZ-ORTIZ, I. The problem with rights expression languages. In DRM '06: Proceedings of the ACM workshop on Digital rights management (New York, NY, USA, 2006), ACM Press, pp. 59-68.
27. KUDO, M., AND HADA, S. XML document security based on provisional authorization. In CCS '00: Proceedings of the 7th ACM conference on Computer and communications security (New York, NY, USA, 2000), ACM Press, pp. 87-96.
28. MULLIGAN, D., AND BURSTEIN, A. Implementing Copyright Limitations in Rights Expression Languages. In Proceedings of the 2002 ACM workshop on Digital Rights Management (2002), ACM.
29. NATIONAL COMPUTER SECURITY CENTER. A guide to understanding discretionary access control in trusted systems. NCSC-TG-003, September 1987.
30. PUCELLA, R., AND WEISSMAN, V. A logic for reasoning about digital rights. CoRR cs.CR/0405066 (2004).
31. PUCELLA, R., AND WEISSMAN, V. A formal foundation for ODRL. CoRR cs.LO/0601085 (2006).
32. REID, J. F., AND CAELLI, W. J. DRM, Trusted Computing and Operating System Architecture. In Conferences in Research and Practice in Information Techology (Newcastle, Australia, 2005), vol. 44, Australian Computer Society, Inc., pp. 127-136.
33. RHODES, T. Chapter 15 - Mandatory Access Control. FreeBSD Handbook, FreeBSD.org. Online, last accessed: 2006-05-06. URL: http://www.freebsd.org/doc/ handbook/mac.html.
34. ROSENBLATT, B., AND DYKSTRA, G. Integrating content management with digital rights management - imperatives and opportunities for digital content lifecycles. White paper, Giantsteps Media Technology Strategies, 2003. URL: http://www.giantstepsmts.com/drm-cm-white-paper.htm.
35. SANDHU, R. S., COYNE, E. J., FEINSTEIN, H. L., AND YOUMAN, C. E. Role-based access control models. IEEE Computer 29, 2 (1996), 38-47.
36. SCHMIDT, A. U., TAFRESCHI, O., AND WOLF, R. Interoperability challenges for DRM systems. In IFIP/GI Workshop on Virtual Goods (2004).
37. SHARROCK, R. Business Transactions Law, sixth ed. Juta & Co, LTD, 2002.
38. SHIREY, R. RFC 2828 - Internet security glossary, 2000. URL: http://www.faqs.org/rfcs/rfc2828.html.
39. VON SOLMS, S. H., AND VAN DER MERWE, I. The management of computer security profiles using a role-oriented approach. Computers and Security 13, 8 (1994), 673-680.
40. WOOLDRIDGE, M., AND PARSONS, S. Languages for negotiation. In Proceedings of the Fourteenth European Conference on Artificial Intelligence (ECAI-2000) (2000), W. Horn, Ed., John Wiley & Sons. http://citeseer.ist.psu.edu/ wooldridge00languages.html.