About Me

I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).

31 October 2006

Reflections: ACM DRM 2006

Yesterday was basically the reason I am here - to attend and present my paper at the DRM Workshop at the ACM Computer and Communications Security (CCS) Conference. So, this is a brief reflection of the proceedings of the workshop.

The first paper, by some researchers from SUN, looked at some of the business models that movie industry could adapt from the MMORPG world. While the ideas are certainly applicable; I am not really sure of the practicality of the ideas. The second paper looked at privacy, from the point of legal and economic practicalities. Basically, the paper argues that there exists certain legal and economic obligations if a business wishes to collect private information. These obligations create a risk; and thus creates ceiling on how much privacy can be afforded to customers. It was a very interesting paper; but I think it glossed over one crucial point - very rarely do businesses actually take into full consideration the economic and legal obligations when they do collect private data.

My paper, which was next, was very well received, and attracted quite a lot of interest. I was not really expecting a great reception; because the paper is quite simple in nature - but it is an area that has not really been addressed before. So, I was pleasantly surprised at the paper's reception.

The next paper on a view only file system has been discussed before as a mechanism for short term DRM solution. The one presented this year went a step further and designed a VM based system. It could work; but I am not convinced on the security layer between the VM and OS/lower level VM; or the performance overheads. The paper following it discussed an interesting key distribution strategy; but I must admit I did not follow it as well as I should have.

Tom Kalker, from HP Labs and Coral, presented the invited talk focussing on interoperability. Most people who have voiced opinions against DRM, seem to imply hatred on the lack of DRM interoperability, and not some of the other issues. He discussed how interoperability in DRM is not only a format issue; but also a business and complete technological issue. He talked about Coral, which uses a credential system, allowing for interoperability. However, it is by no ways a perfect solution, as every device would still require their own file format etc.

The next paper discussed more interesting code obsfucation and diversification as a mechanism to combat piracy. It was quite impressive, until the performance hit .... 840 times slower!

Pramod Jamkhedkar and Gregory Heileman presented their paper next, and their DRM project is very similar to mine; and we have been presenting or discussing similar ideas for the past three years. This year, they discussed, what they considered fundamental flaws in Rights Expression languages. In a few ways, their arguement was flawed, because it discussed mainly the flaws of XrML and did not consider the fact that some of the issues are being addressed or have been addressed in other RELs like ODRL. However, the issues raised are correct and needed to be recognised.

The next talk on interoperability, was a bit of a miss; simply because a lot of the content seemed to be contrary to the issues raised earlier; and the underlying details were hazy at best. The talk following it was very interesting; discussing some of the background to Intel's LeGrande architecture. Bascially, the OS is going to be dead - instead, the CPU itself will have a trusted OS base; complete with drivers and firmware. Applications will run on top of this base; in a completely protected environment, similar in operation to Multics. I am not sure of the maturity of the solution, but both Intel and AMD, together with other interested parties, have been pouring money into similar projects; so something is bound to come up.

The next paper, from Phillips Labs, discussed ideas on how to lower consumer anger and better ways to handle consumers who make use of pirated DVDs; or more appropriately Blu-Ray discs. Much of the work presented revolved around the use and operation of blacklists in Blu-Tay discs. It was really interesting; especially on the changing position.

The last paper of the workshop on watermarking presented nothing new; and in fact I have seen many better applications of watermarking.

No comments: