Encryption may help you enforce that policy. So if you have an RMS policy that says you want to forbid copying, then you have to ban any form of access in order to be certain your policy is effective. So much for Copyright.Īs far as the Microsoft argument is concerned, if you have read access to a document, then given enough time and money you can reproduce it by hand and nobody can stop you. To paraphrase William of Occam, “once you have found the simplest way in then you need go no further.” – William of Occam is credited as having said, “Entia non sunt multiplicanda praeter necessitatem,” although it may have been John Punch back in 1639. This is a significant observation which is often forgotten by evaluators. Policy enforcement capabilities, such as the ability to prevent printing or modifying content to which the user has legitimate access, are not guaranteed by cryptography or other hard technical means.“ The authors gave a summary of discussions with Microsoft about their findings, which included a key observation from Microsoft: “The type of attack you present falls in the category of policy enforcement limitations. Is this a serious problem for Microsoft RMS protected documents? What was more disturbing was that the paper also revealed a process for taking a modified version of the original document and having it processed so that it is accepted by the system as being genuine although it is a forgery. docx but the method could be applied to any file protected using Microsoft RMS, or any other come to that) into an unprotected document which can then be processed using the normal applications (Microsoft Word in this case).
#Microsoft rms sharing application how to
What the paper ‘ How to break Microsoft RMS’ (correct at the date of writing) does is explain very concisely how to break the security of Microsoft RMS documents and upgrade your legitimate read access authority to any other authority (they used. (Only be sure always to call it please “ research“: Tom Lehrer rather before DMCA!). How secure is Microsoft RMS?įast forward to 2016 to ERM (Enterprise Rights Management) and a published paper: “How to Break Microsoft Rights Management Services (Microsoft RMS)” at Usenix 2016 by M Grothe et al which gave a dazzling display of doing just what it said on the tin. Microsoft named their ERM system ‘Microsoft RMS’ (Microsoft Rights Management Services). It identified Microsoft as one of the major players and that ERM was becoming important as a tool to protect documents. It was therefore viewed negatively as a tool to protect content and ERM (DRM rebranded) was born as an alternative for corporate document protection.īack in 2008 The Gilbane Group published a report entitled “ Enterprise Rights Management Business Imperatives and Implementation Readiness”. However, it was widely disliked and many successful attempts were made to bypass it.
DRM has long been used to protect content for consumer consumption as early as 1987 when Sony introduced DAT (Digital Audio Tape).
0 kommentar(er)
