compliance and robustness rules for windows media drm implementations microsoft corporation
Post on 29-Mar-2015
214 Views
Preview:
TRANSCRIPT
Compliance and Compliance and Robustness Rules for Robustness Rules for Windows Media DRM Windows Media DRM
ImplementationsImplementations
Microsoft CorporationMicrosoft Corporation
Copyright 2004 by Microsoft Corporation2
DefinitionsDefinitions
Compliance RulesCompliance Rules specify the required specify the required behaviors of the Windows Media DRM behaviors of the Windows Media DRM implementation and any applications implementation and any applications accessing the implementationaccessing the implementation
Compliance Rules include definitions of specific Compliance Rules include definitions of specific WMDRM license rightsWMDRM license rightsCompliance Rules include WMDRM device Compliance Rules include WMDRM device requirementsrequirements
Robustness RulesRobustness Rules specify the Windows specify the Windows Media DRM assets and different levels of Media DRM assets and different levels of robustness required to protect each asset robustness required to protect each asset typetype
Copyright 2004 by Microsoft Corporation3
Compliance Rules ScopeCompliance Rules Scope
OutputsOutputs
DRM StoresDRM StoresKeys, CertificatesKeys, Certificates
Final ProductFinal Product
PlatformPlatform
ApplicationApplication
PlatformPlatform implements Windows implements Windows Media DRMMedia DRM
ApplicationApplication accesses and/or accesses and/or passes Windows Media DRM-passes Windows Media DRM-protected contentprotected content
Decrypted Decrypted ContentContent
Decoded Decoded ContentContent
Copyright 2004 by Microsoft Corporation4
Anatomy of Robustness Anatomy of Robustness RulesRules Section 1: Construction
Section 2: Accessibility of Content
Section 3: Methods to Make a Robust Implementation
Section 3.1: Software
Section 3.2: Hardware
Section 3.3: Hybrids
Section 4: Robustness Levels
Section 3.x.1 Secure by Construction
Section 3.x.2 Robust to Tampering
Copyright 2004 by Microsoft Corporation5
Assets and Security LevelsAssets and Security Levels
• Immune to Widely Available ToolsImmune to Widely Available Tools• Resistant to Specialized ToolsResistant to Specialized Tools
Level 1 Level 1 AssetsAssets
Level 2 Level 2 AssetsAssets
Level 3 Level 3 AssetsAssets
Widely Available ToolsWidely Available Tools general purpose, easy general purpose, easy to use: screwdrivers, to use: screwdrivers, clips, file editors, etc.clips, file editors, etc.
Specialized ToolsSpecialized Tools reasonable price; some skill reasonable price; some skill
required: debuggers, required: debuggers, memory scanners, etc.memory scanners, etc.
Professional ToolsProfessional Tools high price;high price;
professional useprofessional useICE, logic analyzersICE, logic analyzers
• Immune to Widely Available & Specialized ToolsImmune to Widely Available & Specialized Tools
• Resistant to Widely Available & Specialized Resistant to Widely Available & Specialized ToolsTools
Device Device KeyKey
Content Content KeyKey
Profiling Profiling datadata
Copyright 2004 by Microsoft Corporation6
HARD DRIVEHARD DRIVE
Bus Bus MonitorMonitor
Device Asset Threat Surface And Device Asset Threat Surface And Robustness RulesRobustness Rules
CPUCPU
FLASHFLASH
ROMROM SDRAMSDRAM
Obfuscated Device KeyObfuscated Device Key
Obfuscation Obfuscation ComponentsComponents
Crash Crash FileFile
Paged Paged MemoryMemory
ICE, JTAG, ICE, JTAG, ETM, OCDETM, OCD
Memory Memory Scanner, Scanner, DebuggerDebugger
File File EditorEditor
““Professional Professional Tools”Tools”
““Widely Available Widely Available Tools”Tools”
““Specialized Specialized Tools”Tools”
Device KeyDevice Key
Copyright 2004 by Microsoft Corporation7
Producing a Robust Producing a Robust SolutionSolution
Understand the Robustness RulesUnderstand the Robustness RulesSecured assets on your deviceSecured assets on your deviceProtected content and user accessible Protected content and user accessible busbusWidely available, specialized & Widely available, specialized & professional toolsprofessional tools
Threat model your designThreat model your designFor each asset-tool pair, define attack For each asset-tool pair, define attack pathpathEvaluate how easily this attack would be Evaluate how easily this attack would be donedone
Compare Results to Robustness RulesCompare Results to Robustness RulesDoes your design meet the minimum Does your design meet the minimum standard?standard?
AppendixAppendix
Copyright 2004 by Microsoft Corporation9
WM DRM Content WM DRM Content DistributionDistribution WM DRM for WM DRM for
PortablePortable Devices Devices
WM Format WM Format SDKSDK
WM DRM for WM DRM for NetworkNetwork Devices Devices
Distribution
Distribution
Authorization
Authorization
Pro
tect
ed C
on
ten
t
WM Rights ManagerWM Rights Manager
Content ServerContent Server
top related