Advertisement

Rights-Carrying and Self-enforcing Information Objects for Information Distribution Systems

  • Habtamu Abie
  • Pål Spilling
  • Bent Foyn
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3269)

Abstract

In today’s digital world digital information is ubiquitous and threats against it proliferate. Therefore, one of the most important challenges facing us is that of providing secure enforcement of rights of access to, and usage of, this information. Self-protecting information objects have significant relevance in this context. A self-protecting information object has the ability to allow us to define access rules, to manage access to its information content in accordance with these rules, to protect its contained information against unauthorized access, and to update and modify these rules with ease. This means that such an object must be able to deal with attacks by both unauthorized users and authorized users seeking unauthorized access and usage. This paper describes and analyses a model of Rights-Carrying and Self-Enforcing Information Objects (SEOs) for Digital Rights Management (DRM) for a secure information distribution system that carry with them access and usage rights and themselves enforce these rights, preserving their confidentiality and integrity. The model was originally developed as part of the distributed DRM model for an information distribution system for the net-based learning project in Norwegian schools.

Keywords

Information Object Intellectual Property Right Digital Right Management Security Context Risk Management Approach 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    XIWT: An Approach Based on Digital Objects and Stated Operations (May 1997), http://www.xiwt.org/documents/ManagAccess.html
  2. 2.
    Abie, H., Spilling, P., Foyn, B.: Authentication and Authorization for Digital Rights Management for Information Distribution Systems. In: The IASTED International Conference on Communication, Network, and Information Security, CNIS 2003, New York, USA, December 10-12 (2003)Google Scholar
  3. 3.
    Abie, H., Spilling, P., Foyn, B.: A Distributed Digital Rights Management Model for Secure Information Distribution Systems. International Journal of Information Security (IJIS), Springer-Verlag (2004) (to appear)Google Scholar
  4. 4.
    LAVA Learning Project Page, http://www.nr.no/lava/lava-le/
  5. 5.
    Foyn, B., Maus, E.: Designing Tools and Contents for Project-based Learning with Net- Based Curriculum, ED-Media (June 2002)Google Scholar
  6. 6.
    Diesen, D., Oskal, A.: Using Object-oriented Information Distribution to Present and Protect Information. In: SSGRR 2001, L’Aquila (August 6-12, 2001)Google Scholar
  7. 7.
    Payette, S., Lagoze, C.: Policy-Carrying, Policy Enforcing Digital Objects. In: Borbinha, J.L., Baker, T. (eds.) ECDL 2000. LNCS, vol. 1923, p. 144. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    XrML - eXtensible rights Markup Language, http://www.xrml.org/
  9. 9.
    Kaplan, M.A.: IBM Cryptolopes, SuperDistribution and Digital Rights Management (1996), http://www.research.ibm.com/people/k/kaplan/cryptolope-docs/crypap.html
  10. 10.
    Kocher, P., Jaffe, J., Jun, B., Laren, C., Lawson, N.: Self-Protecting Digital Content: A Technical Report from the CRI Content Security Research Initiative, Whitepaper (2003), http://64.5.53.22/resources/whitepapers/SelfProtectingContent.pdfGoogle Scholar
  11. 11.
    López, J., Maña, A., Pimentel, E., Troya, J.M., Yagüe, M.I.: Access Control Infrastructure for Digital Objects. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 399–410. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Marazakis, M., Papadakis, D., Papadakis, S.A.: A Framework for the Encapsulation of Value-Added Services in Digital Objects. In: European Conference on Digital Libraries, pp. 75–94 (1998), http://citeseer.nj.nec.com/marazakis98framework.html
  13. 13.
    Silbert, O., Bernstein, D., Van Wie, D.: The DigiBox: A Self-Protecting Container for Information Commerce. In: Proc. of the First USENIX workshop on Electronic Commerce (1995), http://citeseer.nj.nec.com/silbert95digibox.html
  14. 14.
    Manaz, A., Pimentel, E.: An Efficient Software Protection Scheme, IFIP TC11 16th International. In: Kluwer Academic International Federation for Information Processing–C 2001, vol. 65, pp. 385–401 (2001)Google Scholar
  15. 15.
    Schneier, B.: Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons, Inc., Chichester (2000)Google Scholar
  16. 16.
    van Oorschot, P.C.: Revisiting Software Protection. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 1–13. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Abie, H., et al.: The Need for a Digital Rights Management Framework for the Next Generation of E-Government Services. International Journal of Electronic Government 1(1), 8–28 (2004)CrossRefGoogle Scholar
  18. 18.
    Hamilton, C.R.: The Case for Holistic Security: The Integration of Information and Physical Security as an Element of Homeland Security. Computer Security Journal XIX(1) (Winter 2003), http://www.riskwatch.com/Press/Holistic_Security_10-03.pdf
  19. 19.
    Irvine, C., Levin, T.: Overview of Quality of Security Service, Center for INFOSEC Studies and Research, Naval Postgraduate School (April 1, 2003), Available from http://cisr.nps.navy.mil/downloads/QoSS_Overview.pdf

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Habtamu Abie
    • 1
  • Pål Spilling
    • 2
  • Bent Foyn
    • 1
  1. 1.Norwegian Computing CenterOsloNorway
  2. 2.Department of InformaticsUniversity of OsloOsloNorway

Personalised recommendations