Security : DRM, Sandbox, Player

Matthew Rothmeyer

Digital Rights Management (DRM)“A class of technologies that are used by hardware

manufacturers, publishers, copyright holders, and individuals with the intent to control the use of digital content and devices after sale” – wikipedia

The goal : to control Executing – listening, watching, playingCopying – making duplicates of a workAltering – modding, bypassing, editing

Types of DRMRestrictive licensing: without a software key

or license the purchased property will not function Serial keys Software license Activation

Embedded Technology Encrypting data Requiring a USB key

DRM TechnologiesLimited activations : a certain number of installs Constant Online Authentication Changing Functionality

Mostly videogames, makes the game annoying or unplayable

Media Encryption – requires special technologies in video and music devices to decrypt and play

Cable Card – Restricts unsubscribed content Watermarks – usually images or video

DRM: Controversy Proponents argue it protects

Just as a lock guards your house, DRM guards intellectual property.

Without DRM, innovation will cease because it won’t be profitable

Opposition argue it doesn’t work Inconveniences users

Violates private property rights in some casesStifles competition Can make purchases inaccessible if a DRM

service is discontinued Causes hardware to become artificially obsolete

Increases waste

DRM: Legitimacy IssuesWhat is and is not legal is often obscured and

made confusing by DRM It is legal to copy music, but DRM prohibits

this Services often try to obscure restrictions

Not telling you that your music is inaccessible without their software or subscription

DRM solutions are often circumvented Millions pirate software and music DRM is often simple to circumvent

DRM-free solutionsMake downloading simple and cheap

People are lazy Pre-order or Pre-Funding

Kickstarter Cloud based media

A user never actually has the data Ex : spotify

Artistic Freedom Voucher Consumers get tax credit for paying artistsThat artist can’t copyright the work for a limited

time

What would good DRM look like?Should not be invasive Should not penalize legitimate users by

making their lives more difficult Should allow users to do what they wish

In most cases Should only protect copyright Should not force users onto a specific

platform Should have a plan for when a service is

discontinued

Sandbox : SecuritySeparates running programs

Often used as a security mechanism Programs are only allowed to access portions

of memory available to them and no others Access to devices such as a network card can

also be restricted Allows to safely test programs from an

unverified origin Specify rights or access on a program by

program basis

Sandbox : DevelopmentCreates an isolated development environment Often gives a user more control over the

environment Allows rapid testing of software across several

mediums, which are often emulated Allows users to change code without harming

production servers or data

Sandbox : Types of SandboxesVirtual Machine

Emulates an entire system or OSAllows running of legacy code OS can only access resources of the system

through the virtualization software Allows for testing, both in software and

security Example : Virtual Box

Sandbox : Types of SandboxesOperating System Sandboxing

Allows sandboxing on a program by program basis

Users do not need to run all programs in the sandbox

Often the sandbox itself is a program that manages other programs

Example : Sandboxie

Sandbox : Types of SandboxesDRM Sandbox

Prevents interaction with a program from the outside

Sandbox only allows certain system calls to access memory relating to the software

Sometimes called a player

PlayerA piece of software or hardware that allows

access to a service or mediaSomewhat like DRMProhibits a user from making requests of the

software or hardware outside what is acceptedEnforces a set of rules for what someone can

do with the software Copying, executing, ect

Player : ExampleSteam/Origin

Allows users to purchase games and other media

Allows users to play games and interact with the gaming community

Prevents copying and using software without purchase Games authenticate with the player

Authentication need not be online