Abstract
In today’s digital world digital information is ubiquitous and threats against it proliferate. Therefore, one of the most important challenges facing us is that of providing secure enforcement of rights of access to, and usage of, this information. Self-protecting information objects have significant relevance in this context. A self-protecting information object has the ability to allow us to define access rules, to manage access to its information content in accordance with these rules, to protect its contained information against unauthorized access, and to update and modify these rules with ease. This means that such an object must be able to deal with attacks by both unauthorized users and authorized users seeking unauthorized access and usage. This paper describes and analyses a model of Rights-Carrying and Self-Enforcing Information Objects (SEOs) for Digital Rights Management (DRM) for a secure information distribution system that carry with them access and usage rights and themselves enforce these rights, preserving their confidentiality and integrity. The model was originally developed as part of the distributed DRM model for an information distribution system for the net-based learning project in Norwegian schools.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
XIWT: An Approach Based on Digital Objects and Stated Operations (May 1997), http://www.xiwt.org/documents/ManagAccess.html
Abie, H., Spilling, P., Foyn, B.: Authentication and Authorization for Digital Rights Management for Information Distribution Systems. In: The IASTED International Conference on Communication, Network, and Information Security, CNIS 2003, New York, USA, December 10-12 (2003)
Abie, H., Spilling, P., Foyn, B.: A Distributed Digital Rights Management Model for Secure Information Distribution Systems. International Journal of Information Security (IJIS), Springer-Verlag (2004) (to appear)
LAVA Learning Project Page, http://www.nr.no/lava/lava-le/
Foyn, B., Maus, E.: Designing Tools and Contents for Project-based Learning with Net- Based Curriculum, ED-Media (June 2002)
Diesen, D., Oskal, A.: Using Object-oriented Information Distribution to Present and Protect Information. In: SSGRR 2001, L’Aquila (August 6-12, 2001)
Payette, S., Lagoze, C.: Policy-Carrying, Policy Enforcing Digital Objects. In: Borbinha, J.L., Baker, T. (eds.) ECDL 2000. LNCS, vol. 1923, p. 144. Springer, Heidelberg (2000)
XrML - eXtensible rights Markup Language, http://www.xrml.org/
Kaplan, M.A.: IBM Cryptolopes, SuperDistribution and Digital Rights Management (1996), http://www.research.ibm.com/people/k/kaplan/cryptolope-docs/crypap.html
Kocher, P., Jaffe, J., Jun, B., Laren, C., Lawson, N.: Self-Protecting Digital Content: A Technical Report from the CRI Content Security Research Initiative, Whitepaper (2003), http://64.5.53.22/resources/whitepapers/SelfProtectingContent.pdf
López, J., Maña, A., Pimentel, E., Troya, J.M., Yagüe, M.I.: Access Control Infrastructure for Digital Objects. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 399–410. Springer, Heidelberg (2002)
Marazakis, M., Papadakis, D., Papadakis, S.A.: A Framework for the Encapsulation of Value-Added Services in Digital Objects. In: European Conference on Digital Libraries, pp. 75–94 (1998), http://citeseer.nj.nec.com/marazakis98framework.html
Silbert, O., Bernstein, D., Van Wie, D.: The DigiBox: A Self-Protecting Container for Information Commerce. In: Proc. of the First USENIX workshop on Electronic Commerce (1995), http://citeseer.nj.nec.com/silbert95digibox.html
Manaz, A., Pimentel, E.: An Efficient Software Protection Scheme, IFIP TC11 16th International. In: Kluwer Academic International Federation for Information Processing–C 2001, vol. 65, pp. 385–401 (2001)
Schneier, B.: Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons, Inc., Chichester (2000)
van Oorschot, P.C.: Revisiting Software Protection. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 1–13. Springer, Heidelberg (2003)
Abie, H., et al.: The Need for a Digital Rights Management Framework for the Next Generation of E-Government Services. International Journal of Electronic Government 1(1), 8–28 (2004)
Hamilton, C.R.: The Case for Holistic Security: The Integration of Information and Physical Security as an Element of Homeland Security. Computer Security Journal XIX(1) (Winter 2003), http://www.riskwatch.com/Press/Holistic_Security_10-03.pdf
Irvine, C., Levin, T.: Overview of Quality of Security Service, Center for INFOSEC Studies and Research, Naval Postgraduate School (April 1, 2003), Available from http://cisr.nps.navy.mil/downloads/QoSS_Overview.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abie, H., Spilling, P., Foyn, B. (2004). Rights-Carrying and Self-enforcing Information Objects for Information Distribution Systems. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_42
Download citation
DOI: https://doi.org/10.1007/978-3-540-30191-2_42
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23563-7
Online ISBN: 978-3-540-30191-2
eBook Packages: Springer Book Archive