In couple of posts on this blog, I’ve written about dilemmas, different views, challenges and positions related to security of new Microsoft’s operating system Vista. Once again, new article in IEEE Security & Privacy Magazine (January/February 2007 (Vol. 5, No. 1) appeared. In this article titled “DRM, Complexity, and Correctness“, Steve Bellovin looks at the complex code behind Microsoft Vista and its DRM mechanisms. Increased amounts of code add to insecurity, but the real danger with DRM is with increased interaction among different pieces of code. A lot of new mechanisms have been introduced; more seriously, a lot of new communications paths and dependencies have been introduced. Worst of all, these paths and mechanisms are solving a new problem, one with which the profession has very little experience. Did Microsoft get it right?
Read full article here (requires subscription).