Digital rights management systems allow copyrighted content to be commercialized in digital format without the risk of revenue loss due to piracy. Making such systems secure is no easy task, given that content needs to be protected while accessed through electronic devices in the hands of potentially malicious end-users; in this context, intrusion tolerance becomes a very useful system property. In this paper we point out a limitation shared by all current DRM architectures, namely their weakness in reacting to possible device compromise and confining the damage caused by such a compromise. As a solution, we propose a paradigm shift - moving from the original DRM system model where all devices are equally trustworthy and have discretionary control over all protected content, to a new model where information flow is controlled through a multi-level security policy that differentiates between devices based on their tamper-resistance properties. We show that besides improved intrusion...
Bogdan C. Popescu, Bruno Crispo, Andrew S. Tanenba