Abstract. The Trusted Computing Group (TCG) defines the specifications for the Trusted Platform Module (TPM) and corresponding trust mechanisms that allow a TPM-enabled platform to run only authenticated software. For example, the operating system (OS) can use the facilities provided by the TPM to authenticate a Digital Rights Management (DRM) application before allowing it to run. However TCG does not provide any clear specification on what kind of software can be regarded as trusted and hence be authenticated. In fact it is unlikely to draw a clear line between the software that should be authenticated and those should not. For instance, it may be controversial to authorize debugger for developing binary codes and/or Internet browser for running applets on TPM platform. This leaves a grey area where even authenticated software may be exploited for malicious usage. This paper investigates the security of DRM applications in a reasonably relaxed scenario where users have larger purv...
Yongdong Wu, Feng Bao, Robert H. Deng, Marc Mouffr