[Seth-Trips] iTunes DRM talk, Stanford, Thursday

[Aaron Swartz]

Unfortunately, I will not be able to make it, but this might be
interesting to some of the DRM "fans" in the audience:

"Code Protection and Robustness: A talk about securing the iTunes client"
Augustin Farrugia, Apple

The concept of security is a trade-off from what you can accomplish
and what your cyberspace allows you to implement. In the nutshell, the
security system protects the assets and it is defined by the
requirements of a lot of players (1) the asset owner(s); (2) the
geopolitics; (3) the regulation; and (4) other relevant and irrelevant
features. Any security system cost can be quantified and the cost
represents the number of lines for the application versus these
implemented for the security. Usually, the smart card hits 55% of the
application code, while 45% for the security; the remains 5% are the
code liaison. The repartition of the resources relies on a secure
hardware and it does not include any addition features to opaque the
runtime and static analysis. It is no longer the case when the
application runs on an open system where it common knowledge that the
code can be reverse engineered for static attacks.

Thursday, January 26 at 4:30pm
Gates 4B (opposite 490)
Stanford University

http://crypto.stanford.edu/seclab/sem-05-06/farrugia.html