Today, digital content is routinely distributed over the Internet, and consumed in devices based on open platforms. However,
on open platforms users can run exploits, reconfigure the underlying operating system or simply mount replay attacks since
the state of any (persistent) storage can easily be reset to some prior state. Faced with this difficulty, existing approaches
to Digital Rights Management (DRM) are mainly based on preventing the copying of protected content thus protecting the needs
of content providers. These inflexible mechanisms are not tenable in the long term since their restrictiveness prevents reasonable
usage scenarios, and even honest users may be tempted to circumvent DRM systems.
In this paper we present a security architecture and the corresponding reference implementation that enables the secure usage
and transfer of stateful licenses (and content) on a virtualized open platform. Our architecture allows for openness while
protecting security objectives of both users (flexibility, fairer usage, and privacy) and content providers (license enforcement).
In particular, it prevents replay attacks that is fundamental for secure management and distribution of stateful licenses.
Our main objective is to show the feasibility of secure and fairer distribution and sharing of content and rights among different
devices. Our implementation combines virtualization technology, a small security kernel, trusted computing functionality,
and a legacy operating system (currently Linux).
Keywords Trusted Computing - security architectures - stateful licenses
Full version appears as a technical report HGI-TR-2007-002 in [24].