Flexible and Secure Enterprise Rights Management Based on Trusted Virtual Domains
Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Rani Husseiki, Yacine Gasmi, Patrick Stewin, Martin Unger
STC '08: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, p. 71-80, ACM, 2008.
The requirements for secure document workflows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, fine-grained access control to document information is necessary in certain scenarios where the integrity and confidentiality of parts of documents is of high priority. In this paper, we present a secure and flexible Enterprise Rights Management (ERM) system based on a refined version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workflow from other tasks on the user platforms, and a role-based document-policy ensuring both confidentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture offers advanced features for secure document workflows such as offline access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on key management, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation.[pdf]