Persistent Access Control: A Formal Model for DRM

Arnab, Alapan and Hutchison, Andrew (2007) Persistent Access Control: A Formal Model for DRM, Proceedings of Seventh ACM Workshop on Digital Rights Management (ACM-DRM), held in conjunction with CCS 2007, the Thirteenth ACM Conference on Computer and Communications Security, 29 October 2007, Alexandria, Virginia, USA, ACM.

[img] Other

Download (0B)
[img] PDF

Download (297kB)


Digital rights management (DRM) can be considered to be a mechanism to enforce access control over a resource without considering its location. There are currently no formal models for DRM, although there has been some work in analysing and formalising the interpretation of access control rules in DRM systems. A formal model for DRM is essential to provide specific access control semantics that are necessary for creating interoperable, unambiguous implementations. In this paper, we discuss how DRM differs as an access control model to the three well known traditional access control models -- DAC, MAC and RBAC, and using these existing approaches motivate a set of requirements for a formal model for DRM. Thereafter, we present a formal description of LiREL, a rights expression language that is able to express access control policies and contractual agreement in a single use license. Our motivation with this approach is to identify the different components in a license contract and define how these components interact within themselves and with other components of the license. A formal notation allows for an uniform and unambiguous interpretation and implementation of the access control policies.

Item Type: Conference paper
Additional Information: This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published (will be published) in The Proceedings of the 7th ACM DRM Workshop, Co-Located with ACM-CCS 2007, Alexandria, Virginia, USA.
Uncontrolled Keywords: Rights Expression Languages, REL, Access Control
Subjects: Social and professional topics > Professional topics > Management of computing and information systems
Software and its engineering > Software organization and properties > Contextual software domains > Operating systems
Date Deposited: 29 Aug 2007
Last Modified: 10 Oct 2019 15:34

Actions (login required)

View Item View Item