Browse Source

initial commit: grobe Roadmap

Trolli Schmittlauch 2 years ago
7 changed files with 7524 additions and 0 deletions
  1. +10
  2. +2417
  3. +4702
  4. +3
  5. BIN
  6. +186
  7. +206

+ 10
- 0
.gitignore View File

@ -0,0 +1,10 @@

+ 2417
- 0
File diff suppressed because it is too large
View File

+ 4702
- 0
File diff suppressed because it is too large
View File

+ 3
- 0
glossary.tex View File

@ -0,0 +1,3 @@
\acro{DRM}{Digital Rights Management}
\acro{TPM}{Trusted Platform Module}
\acro{TEE}{Trusted Execution Environment}

main.pdf View File

+ 186
- 0
main.tex View File

@ -0,0 +1,186 @@
\defaultfontfeatures{Ligatures=TeX} % To support LaTeX quoting style
\newcommand{\documenttitle}{Here be dragons}
\newcommand{\abstracttext}{Abstract goes here}
% set pdf metadata
pdfauthor={Oliver Schmidt},
\newcommand{\comment}[1]{{\parindent0pt\fbox{\begin{minipage}{0.45\textwidth}{\em #1}\end{minipage}}}}
\newcommand{\todo}[1]{ \color{red} \footnote{ \color{red}[#1] \color{black}} \color{black}}
\emph{\scriptsize #1}
% Title Information, Abstract and Keywords
% % %
% In case of double blind submissions:
% \IEEEauthorblockN{Anonymous}
% \IEEEauthorblockA{Some Research Group\\
% Some Institution\\
% Some Email Addresses%
% }
\IEEEauthorblockN{Oliver Schmidt}
\IEEEauthorblockA{TU Dresden\\
% force pagenumbering
% % %
% sources on writing papers:
% look for a /good/ outline at the end of this text, the /why/ is found at this link:
% Read ``Zen - or the art of motorcycle maintenance'' to understand what science and research is
% Read ``The craft of research'' to /really/ learn how to conduct research and report about it! :-)
% some hints on plagiarism:
% read the text above again. the most important part (that we all tend to forget) is only 5 paragraphs
% Are NOT: Peer-To-Peer, Anonymity, Privacy.
Security, DRM, Trusted Execution Environments, SGX,
% }
Motivation: DRM means/ meant lockdown: Bruce Schneier quote, War on General Computation (Cory Doctorow), examples for bad obfuscation DRM
% % %
% Literature Survey and Background
lockdown techniques: TPM, secure boot
TEEs: SGX, TrustZone
Android DRM, EME DRM arch, TBDRM (-> fTPM)
\section{lockdown/ openness}
What parts need to be locked down?
WiDevine/ Netflix ban from rooted devices
- remaining other problems: cultural heritage, inflexibility, tied to a certain technological platform
% % %
% Theory (probably)
% % %
% A good outline for a computer science paper (according to Al Bundy)
% Title
% * - ideally the title should state the hypothesis of the paper
% Abstract
% * - state hypothesis and summarise the evidence that supports or refutes it
% Introduction
% * - motivate the contribution!
% Literature Survey
% * - broad and shallow account of the field, rival approaches, drawbacks of each, major outstanding problems
% Background
% * - states previous work in more detail, where this is necessary for understanding
% Theory
% * - underlying theory, definitions, theorems etc.
% Specification
% * - requirements and specs of implementation
% Implementation Evaluation Related Work
% * - narrow but deep comparison with main rivals
% Further Work Conclusion
% * - summarise research, discuss significance, restate hypothesis and the evidence for and against it, - recapitulate original motivation, reassess the state of the field in the light of this new contribution
% Appendices

+ 206
- 0
mybib.bib View File

@ -0,0 +1,206 @@
title = {Lateral {{Thinking}} for {{Trustworthy Apps}}},
isbn = {978-1-5386-1792-2},
doi = {10.1109/ICDCS.2017.29},
abstract = {The growing computerization of critical infrastructure as well as the pervasiveness of computing in everyday life has led to increased interest in secure application development. We observe a flurry of new security technologies like ARM TrustZone and Intel SGX, but a lack of a corresponding architectural vision. We are convinced that point solutions are not sufficient to address the overall challenge of secure system design. In this paper, we outline our take on a trusted component ecosystem of small individual building blocks with strong isolation. In our view, applications should no longer be designed as massive stacks of vertically layered frameworks, but instead as horizontal aggregates of mutually isolated components that collaborate across machine boundaries to provide a service. Lateral thinking is needed to make secure systems going forward.},
language = {en},
publisher = {{IEEE}},
author = {Hartig, Hermann and Roitzsch, Michael and Weinhold, Carsten and Lackorzynski, Adam},
month = jun,
year = {2017},
keywords = {unread},
pages = {1890-1899},
file = {/home/spiollinux/Zotero/storage/EW2VVG4R/Hartig et al. - 2017 - Lateral Thinking for Trustworthy Apps.pdf}
address = {Austin, TX},
title = {{{fTPM}}: {{A Software}}-{{Only Implementation}} of a {{TPM Chip}}},
isbn = {978-1-931971-32-4},
booktitle = {25th {{USENIX Security Symposium}} ({{USENIX Security}} 16)},
publisher = {{USENIX Association}},
author = {Raj, Himanshu and Saroiu, Stefan and Wolman, Alec and Aigner, Ronald and Cox, Jeremiah and England, Paul and Fenner, Chris and Kinshumann, Kinshuman and Loeser, Jork and Mattoon, Dennis and Nystrom, Magnus and Robinson, David and Spiger, Rob and Thom, Stefan and Wooten, David},
year = {2016},
keywords = {TPM},
pages = {841-856},
file = {/home/spiollinux/Zotero/storage/CYH3EG99/Association for Computing Machinery et al. - 2005 - Proceedings of the 2005 workshop on End-to-end, se.pdf}
title = {Obfuscation of {{Executable Code}} to {{Improve Resistance}} to {{Static Disassembly}}},
abstract = {A great deal of software is distributed in the form of executable code. The ability to reverse engineer such executables can create opportunities for theft of intellectual property via software piracy, as well as security breaches by allowing attackers to discover vulnerabilities in an application. The process of reverse engineering an executable program typically begins with disassembly, which translates machine code to assembly code. This is then followed by various decompilation steps that aim to recover higher-level abstractions from the assembly code. Most of the work to date on code obfuscation has focused on disrupting or confusing the decompilation phase. This paper, by contrast, focuses on the initial disassembly phase. Our goal is to disrupt the static disassembly process so as to make programs harder to disassemble correctly. We describe two widely used static disassembly algorithms, and discuss techniques to thwart each of them. Experimental results indicate that significant portions of executables that have been obfuscated using our techniques are disassembled incorrectly, thereby showing the efficacy of our methods.},
language = {en},
author = {Linn, Cullen and Debray, Saumya},
keywords = {unread},
pages = {10},
file = {/home/spiollinux/Zotero/storage/4QAJV6TS/Linn und Debray - Obfuscation of Executable Code to Improve Resistan.pdf}
title = {{{InkTag}}: {{Secure Applications}} on an {{Untrusted Operating System}}},
abstract = {InkTag is a virtualization-based architecture that gives strong safety guarantees to high-assurance processes even in the presence of a malicious operating system. InkTag advances the state of the art in untrusted operating systems in both the design of its hypervisor and in the ability to run useful applications without trusting the operating system. We introduce paraverification, a technique that simplifies the InkTag hypervisor by forcing the untrusted operating system to participate in its own verification. Attribute-based access control allows trusted applications to create decentralized access control policies. InkTag is also the first system of its kind to ensure consistency between secure data and metadata, ensuring recoverability in the face of system crashes.},
language = {en},
author = {Hofmann, Owen S and Witchel, Emmett},
keywords = {unread},
pages = {14},
file = {/home/spiollinux/Zotero/storage/HCPMG7BG/Hofmann und Witchel - InkTag Secure Applications on an Untrusted Operat.pdf}
title = {Trusty {{TEE}}},
language = {en},
howpublished = {},
journal = {Android Open Source Project},
keywords = {unread,Android},
file = {/home/spiollinux/Zotero/storage/BFQ6MRNT/trusty.html}
title = {Android {{DRM Framework}}},
language = {en},
howpublished = {},
journal = {Android Open Source Project},
keywords = {unread,Android,DRM},
file = {/home/spiollinux/Zotero/storage/B8JG6YAS/drm.html}
title = {Netflix | {{Defective}} by {{Design}} - Www.Defectivebydesign.Org/},
howpublished = {},
keywords = {unread,DRM},
file = {/home/spiollinux/Zotero/storage/7IHY4HRL/netflix.html}
title = {Digital {{Right Management}} and {{Software Protection}} on {{Android Phones}}},
doi = {10.1109/VETECS.2010.5493648},
abstract = {Android is an open mobile phone platform. To accommodate value-added services such as selling wallpapers, ringtones, applications, and games on Android phones, it is essential to ensure copyright protection on these products. This paper studies how the Android source code to implement the Open Mobile Alliance (OMA) Digital Right Management (DRM) 1.0, software installation and protection. We also identify potential leaks of Android DRM and software protection in this study.},
booktitle = {2010 {{IEEE}} 71st {{Vehicular Technology Conference}}},
author = {Chuang, C. and Wang, Y. and Lin, Y.},
month = may,
year = {2010},
keywords = {Android DRM,android phone,Android source code,Application software,Broadcasting,copyright,copyright protection,Databases,digital right management,digital rights management,Java,Kernel,Linux,mobile communication,mobile handsets,OMA,open mobile alliance,open mobile phone platform,operating system kernels,Packaging,Permission,Runtime,security of data,software installation,software protection,Software protection,value-added service,Android,DRM},
pages = {1-5},
file = {/home/spiollinux/Zotero/storage/KCQ2TH4P/Chuang et al. - 2010 - Digital Right Management and Software Protection o.pdf}
title = {Widevine\_{{DRM}}\_{{Architecture}}\_{{Overview}}.Pdf},
howpublished = {\_DRM\_Architecture\_Overview.pdf},
keywords = {unread,DRM},
file = {/home/spiollinux/Zotero/storage/JVFPCN6B/Widevine_DRM_Architecture_Overview.pdf}
title = {Netflix {{Use}} of {{Google DRM Means Rooted Android Devices Are Banned}}},
abstract = {Netflix customers who previously viewed the service using a 'rooted' Android device are no longer able to do so, at least officially. The development has been confirmed by Netflix, who say that the company's reliance on Google's Widevine DRM standards means that modified and/or non-certified devices will be excluded from the service.},
language = {en},
journal = {TorrentFreak},
month = may,
year = {2017},
keywords = {unread,Android,DRM},
file = {/home/spiollinux/Zotero/storage/KG8VAWB8/netflix-use-of-google-drm-means-rooted-android-devices-are-banned-170515.html}
title = {Towards {{Security}} of {{Native DRM Execution}} in {{HTML5}}},
doi = {10.1109/ISM.2015.48},
abstract = {In this paper we present an open, secure and flexible architectural approach for integrating Content Decryption Module (CDM) and Encryption Media Extensions (EME) interface with Trusted Execution Environment (TEE). This provides security hardening for playback of the Digital Rights Management (DRM) protected content without any need for a dedicated secure processor. This article is not focused on specific TEE approaches, but rather considers that any TEE can be potentially integrated with CDM through the EME interface. Our work introduces the approaches for integrating CDM with Intel SGX and ARM TrustZone TEE technologies.},
booktitle = {2015 {{IEEE International Symposium}} on {{Multimedia}} ({{ISM}})},
author = {Livshits, D. and Mikityuk, A. and Pham, S. and Shabtai, A.},
month = dec,
year = {2015},
keywords = {Cryptography,unread,digital rights management,ARM TrustZone,ARM TrustZone TEE technologies,Browsers,CDM,Computer architecture,Copyright protection,cryptography,dedicated secure processor,DRM,EME,EME interface,encryption media extensions,flexible architectural approach,HTML5,hypermedia markup languages,integrating content decryption module,Intel SGX,Media,microprocessor chips,native DRM execution,Pipelines,TEE,trusted computing,trusted execution environment},
pages = {411-416},
file = {/home/spiollinux/Zotero/storage/UGELIEJS/Livshits et al. - 2015 - Towards Security of Native DRM Execution in HTML5.pdf;/home/spiollinux/Zotero/storage/BN7T2F8R/7442370.html}
title = {Reconciling {{Mozilla}}'s {{Mission}} and {{W3C EME}} \textendash{} {{Mozilla Hacks}} - the {{Web}} Developer Blog},
abstract = {May 19 Update: We've added an FAQ below the text of the original post to address some of the questions and comments Mozilla has received regarding EME. With most competing ...},
language = {en-US},
howpublished = {},
journal = {Mozilla Hacks \textendash{} the Web developer blog},
keywords = {unread,DRM},
file = {/home/spiollinux/Zotero/storage/JVLYK79M/reconciling-mozillas-mission-and-w3c-eme.html}
title = {{{TBDRM}}: {{A TPM}}-{{Based Secure DRM Architecture}}},
isbn = {978-1-4244-5334-4},
shorttitle = {{{TBDRM}}},
doi = {10.1109/CSE.2009.15},
abstract = {Digital Rights Management (DRM) is the technological solution to control the distribution and usage of digital assets. However, existing solutions are vulnerable to various attacks in the context where the consumer can control the platform totally. To improve the security of DRM solutions the paper proposes a secure DRM architecture based on TPM which is called TBDRM. It ensures that content is always under the control of the license and such license is secure and fresh during its lifecycle. Compared with other DRM solutions, TBDRM can prevent replay attack and improper access enforced through cracked software.},
language = {en},
publisher = {{IEEE}},
author = {Yu, Aimin and Feng, Dengguo and Liu, Ren},
year = {2009},
keywords = {DRM},
pages = {671-677},
file = {/home/spiollinux/Zotero/storage/PLKS7IQT/Yu et al. - 2009 - TBDRM A TPM-Based Secure DRM Architecture.pdf}
title = {Intel {{SGX Explained}}},
abstract = {Intel's Software Guard Extensions (SGX) is a set of extensions to the Intel architecture that aims to provide integrity and privacy guarantees to security-sensitive computation performed on a computer where all the privileged software (kernel, hypervisor, etc) is potentially malicious.
This paper analyzes Intel SGX, based on the 3 papers that introduced it, on the Intel Software Developer's Manual (which supersedes the SGX manuals), on an ISCA 2015 tutorial, and on two patents. We use the papers, reference manuals, and tutorial as primary data sources, and only draw on the patents to fill in missing information.
This paper's contributions are a summary of the Intel-specific architectural and micro-architectural details needed to understand SGX, a detailed and structured presentation of the publicly available information on SGX, a series of intelligent guesses about some important but undocumented aspects of SGX, and an analysis of SGX's security properties.},
number = {086},
author = {Costan, Victor and Devadas, Srinivas},
year = {2016},
keywords = {unread},
file = {/home/spiollinux/Zotero/storage/LBT3GU9H/Costan und Devadas - 2016 - Intel SGX Explained.pdf;/home/spiollinux/Zotero/storage/HD68AJ9F/086.html}
title = {Netflix {{Use}} of {{Google DRM Means Rooted Android Devices Are Banned}}},
abstract = {Netflix customers who previously viewed the service using a 'rooted' Android device are no longer able to do so, at least officially. The development has been confirmed by Netflix, who say that the company's reliance on Google's Widevine DRM standards means that modified and/or non-certified devices will be excluded from the service.},
language = {en},
journal = {TorrentFreak},
month = may,
year = {2017},
file = {/home/spiollinux/Zotero/storage/DWM7DMMX/netflix-use-of-google-drm-means-rooted-android-devices-are-banned-170515.html}
title = {Encrypted {{Media Extensions}} - Www.W3.Org/},
howpublished = {},
file = {/home/spiollinux/Zotero/storage/SITPHQSQ/encrypted-media.html}
title = {What Is {{EME}}? - Hsivonen.Fi/},
howpublished = {},
file = {/home/spiollinux/Zotero/storage/YKJLEHEM/eme.html}
volume = {3},
issn = {2056-9785, 2056-9793},
language = {English},
number = {9},
journal = {Journal of Media Critiques},
author = {Daubs, Michael S.},
year = {2017},
pages = {77-94},
file = {/home/spiollinux/Zotero/storage/V8BWXFU3/article-detail.html}
title = {An {{Open Source Content Decryption Module}} to {{Improve DRM Integration}} with {{HTML5 Platforms}}},
doi = {10.1109/ISM.2015.45},
abstract = {MPEG-DASH in combination with CENC (Common Encryption), builds a solid foundation for interoperable media streaming on the Web. With W3C HTML5 premium media extensions MSE (Media Source Extensions) and EME (Encrypted Media Extension), being available in all major browsers today, a wide range of supported platforms exists already. A Content Decryption Module (CDM) is required for a functional EME implementation. We introduce an open source implementation of a CDM and explain the architecture behind this solution. It is designed to work with multiple DRM systems in an open and standardized way. To improve interoperability for protected content across the whole playback chain, the CDMi specification adds another abstraction layer between CDM and DRM system. We show that an open source CDM also integrates with the CDMi approach to support hardware-based DRM platforms.},
booktitle = {2015 {{IEEE International Symposium}} on {{Multimedia}} ({{ISM}})},
author = {Pham, S. and Arbanowski, S. and Kaiser, S.},
month = dec,
year = {2015},
keywords = {CDM,CDMi,CENC,common encryption,cryptography,digital rights management,DRM,EME,encrypted media extension,hardware-based DRM platform,hypermedia markup languages,interoperable media streaming,media source extension,MPEG-DASH,MSE,Multimedia communication,multiple DRM system,OCDM,open source content decryption module,open systems,W3C HTML5 premium media extension,Web},
pages = {417-420},
file = {/home/spiollinux/Zotero/storage/A23TYJ6N/Pham et al. - 2015 - An Open Source Content Decryption Module to Improv.pdf;/home/spiollinux/Zotero/storage/4IVKLURP/7442371.html}