Your Cloud in my Com­pa­ny: Mo­dern Rights Ma­nage­ment Ser­vices Re­vi­si­ted

Mar­tin Gro­the, Paul Rös­ler, Jo­han­na Jupke, Jan Kai­ser, Chris­ti­an Main­ka, Jörg Schwenk

11th In­ter­na­tio­nal Con­fe­rence on Avail­a­bi­li­ty, Re­lia­bi­li­ty and Se­cu­ri­ty (ARES 2016)

Ab­stract

We pro­vi­de a se­cu­ri­ty ana­ly­sis of mo­dern En­t­er­pri­se Rights Ma­nage­ment (ERM) so­lu­ti­ons and re­veal se­cu­ri­ty thre­ats. We first take a look on Micro­soft Azure, and di­s­cuss se­ve­re at­tack sur­faces that com­pa­nies en­ab­ling Azure in their own trusted in­fra­struc­tu­re have to take care of. In ad­di­ti­on, we ana­ly­ze Tre­so­rit, one of the most fre­quent­ly used End-to-End en­cryp­ted cloud sto­r­a­ge sys­tems. Tre­so­rit can use Azure and its Rights Ma­nage­ment Ser­vices (RMS) mo­du­le as an ad­di­tio­nal se­cu­ri­ty layer: a user should be able to eit­her trust Tre­so­rit or Azure. Our sys­te­ma­tic eva­lua­ti­on re­veals a se­rious breach to their se­cu­ri­ty ar­chi­tec­tu­re: we show that the whole se­cu­ri­ty of Tre­so­rit RMS re­li­es on Tre­so­rit being trusted, in­de­pen­dent of trus­ting Azure.

Tags: AD, Azure, Cloud, ERM, RMS, Ter­so­rit