Assignment

Chapter9RightsManagementIM.pptx

Home >Computer Science homework help >Assignment

Chapter 9

Information Rights Management

IRM

With IRM, you are not protecting the location where the information lives or the network it lives on. Instead, you are applying access control, encryption, and auditing to the information itself. That way, IRM is able to provide a persistent level of security to the information wherever it goes.

Topics

IRM is a combination of encryption and access controls that are built into document creation and viewing software applications, so that encrypted content can be decrypted and viewed based on access rights.

We start with the high level architecture of IRM, including the primary components of any IRM infrastructure and how they work when a user is connected to the network and when they are offline.

We discuss why auditing and reporting is an important feature of IRM.

We look at the classification of data and how that leads to protecting data based on its confidentiality.

We consider how users are given access to IRM-protected data and how that leads to locking down that data so it can be distributed to allow authorized users to access it, and what they are allowed to do with that data based on their rights assignment.

You’ll see how unauthorized users, who have no rights, are unable to do anything with the data, even when those users were previously authorized and their rights were subsequently revoked.

IRM’s Security Perimeter

IRM shrinks the security perimeter to the information itself

How IRM Protects Data

IRM provides security protections not only for data at rest and data in transit, but also for data in use—which, as noted in Chapter 8, is hard to accomplish.

IRM technologies are able to prevent such things as data being copied to a clipboard and pasted into another application.

IRM can allow authorized users to open content while also limiting their ability to edit or make printed copies of it.

With this level of control for data in use also comes auditing of all access to the information, even after it has left the perimeters of your network.

These controls are basically impossible to implement with any other technology.

What Constitutes IRM?

A full IRM solution is a document protection technology that supports the most commonly used business document formats, works when a user is connected to the network as well as offline, allows revocation of access to content no matter where it resides, and includes all of the following criteria which combine controls for confidentiality, access control, and functionality:

Employs a client/server architecture that provides centralized management

Format includes the document content as well as metadata containing security rules

Provides confidentiality for protected information with encryption

Leverages an identity from an enterprise directory

Applies a rights model that includes the following controls:

Create a new document with IRM protection based on a predefined classification

Open and view a document only; unable to edit or copy information within it

Edit and save changes into the protected format

Print to a trusted print device

Forward a document or message and reply to a protected message

Provide a basic level of screen-capture protection

Generates reports of access to content

IRM Technology Details

The metadata that accompanies an IRM-protected document comes from both the IRM server and the IRM client performing the protection.

The server provides a rights model and classification system to define the relationships between content and users.

The IRM server stores information about user rights, cryptographic keys, auditing data, and classifications.

The IRM server is accessible from the public Internet, so users can open documents no matter where they are (as long as they are on the Internet).

How IRM Works

When a user attempts to open a secure file, a piece of client software is needed on her local computer to perform the decryption and obey the access rules.

The client software reads the IRM server information from the file and communicates with the IRM server.

Information required to open the content is securely sent back to the client, where it may be cached for later use when the user is offline.

A Typical IRM Stack

Rights Metadata

File header from a JPEG file protected with Oracle IRM

Digital Signing

Signing of the whole file is performed, because although the source content is encrypted, the metadata needs to remain readable in order for the software to process it. We don’t want that metadata, which contains classification information, to be changed so an attacker could modify his own permissions.

Encryption

The encryption used to secure the content is almost exclusively symmetric-key encryption, because it is fast, and decryption to access the content usually needs to be done quickly.

As with standard key-management approaches, asymmetric (public and private) key pairs are typically then used to encrypt the symmetric key itself.

Authentication

A user attempts to access an IRM-protected file.

Before the content can be opened, the IRM client requests credentials from the user.

Credentials, combined with information on the content being accessed, are passed by the IRM client to the IRM server for validation.

The IRM server authenticates the credentials against a connected identity store.

If the authentication is successful, the IRM server then determines whether the user actually has rights to open the content.

If the authorization is successful, a set of rights is passed to the user.

Client/Server Communication Flow

IRM Communication with a Directory Store

Simple Example of an IRM Rights Model Controlling Functionality

Rights

Create and Protect

Open and View

Edit and Save

Forward and Reply

Screen Capture

Rights Assignment

Print Rights Restriction

Auditing and Reporting

IRM can report on document access activities with details of the following:

what was accessed

when it was accessed

by whom

activity involved (Create, Open, Print, Save)

where the content was accessed from (IP address, disk location)

If attempted access is recorded, you can also see who is trying to get access even if they are denied.

Offline access to content can also be recorded and then sent back to the IRM server when the client next accesses the server.

Offline Rights

When assigning a right to access content, the IRM technology usually allows the definition of some offline period.

This time period dictates for how long the access to content remains while the user is offline.

When the period expires, the IRM client requires the user to regain access to the IRM server to validate continued access.

Rights Caching

When the user first opens the document, the IRM client contacts the server to check the user’s credentials (authentication) and what they are allowed to do (authorization).

Once it receives the response containing the authorization information, that information is saved somewhere (typically on the hard drive, in a temporary file). Subsequent attempts to open the same file while offline rely on the IRM software to check that cached information.

Thus, the user must carry with them the original computer used to first open the document when they travel and need to go offline.

Data Classification

Before anything can be secured, a data classification scheme is required to sort the data into categories that can be used to apply rules.

Content Distribution

Access Auditing and Reporting

Each time an IRM-secured document is opened, an audit record is generated.

Rights Revocation

At some point the user will no longer require access to the sensitive data. At this point, their rights are revoked from the IRM server.

Summary

IRM technologies are a different, comprehensive approach to securing unstructured data.

Unlike access control systems such as those built into file servers, or file encryption tools that require passwords and either grant all rights or none at all, IRM combines an entire layered security approach of access control, authentication, encryption, authorization, and auditing into a data-centric solution.

By shrinking the access control perimeter from the network and storage to the content itself, IRM is able to enforce access and the security of documents and e-mails no matter where they reside.

The security challenges of unstructured content are increasing along with the continued proliferation of unstructured data, and IRM is a good tool for delivering a persistent level of access control to information regardless of where it is and where it goes.