In multimedia consuming, Digital Rights Management (DRM) is the important means to con¯rm the bene¯ts of both digital contents/services providers and consumers. To keep the DRM system running in order, risk management should be adopted, which identi¯es and assesses the DRM system's security level. Now, the legitimate sharing of copyrighted digital content is still an open issue, which faces severe risks of propertied assets circumvention and copyright infringe-ments. In this paper, we try to highlight a multi-disciplinary method for all-around examinations on risks to digital assets in the contents sharing scenario. The method is a qualitative and quantitative fuzzy risk assessment, which is used for estimating a novel concept called Risk-Controlled Utility (RCU) in DRM. Then, we emphasize on an application case of the emerging trusted computing policy, and analyze the in°uences of di®erent content sharing modes. Finally, we address a business model with some simulation results. The comparison with other methods shows that the fusion of qualitative and quantitative styles can not only evaluate the RCU with uncertain risk events e®ectively, but also provide accurate assessment data for the security policies of DRM.

A legitimate contents sharing is an essential functionality of DRM (Digital Rights Management)-enabling contents industry and its value chain extension. In order to effectively choose and deploy some typical security policies in a contents sharing scenario, we introduced game theory to analysis the mutual influence of adoptions of trusted computing enabling enhanced security policies on benefits of two stakeholders, which are DRM Providers and contents Sharer who is a category of consumers. A dynamic and mixed game and its algorithm were proposed, where Sharer's strategies were whether to employ the trusted computing enabling devices and related components or not, as well as Providers' strategies included entirely general security, entirely enhanced security and dynamic security policies. We concluded from both game-theoretic analyses and Swarm simulation experiments that the number of acquired sharable digital rights and security cost have a direct effect on Sharer's choices of the enhanced security policy, and also their different basic sharing modes including partial, modest and extensive sharing, further influence the choice of Providers. Besides, with respect to the mixed sharing mode far more similar to a real contents sharing scenario, Dynamic security strategy is superior to the entirely enhanced security in the context of limited sharable rights and higher security costs, but with the acquisition of much more rights and the decrease of enhanced security overhead, the latter strategy would be optimal and stable as a Nash Equilibrium for stakeholders, in combination with the exploitation of effective business models of contents industry.

A successful transaction of digital contents is primar-ily dependent on security policies, trust relationships and benefit equilibriums among various participants in a DRM (Digital Rights Management)-enabling contents value chain ecosystem. We first analyzed basic value chain architectures in existence, together with some fundamen-tal security and trust requirements. And then, a state-of-the-art anatomy of the security and trust related to DRM was presented from different stakeholder' perspectives. Next, some challenges for multi-party mutual trust, not just inclined to any of participants, were proposed based on the holistic consideration of the digital contents/rights protection and the benefits balance. Finally, a conclusion was drawn that the rights-benefits-centric DRM ecosys-tem and the resulting trust relationship are crucial for the survivability of the contents industry.

Nowadays open and distributed Computer Supported Cooperative Work (CSCW) systems are faced with security challenges due to large numbers of cooperative users, and a mass of valued data resources need to be protected against unauthorized usage, disseminations and share. To this end, role-based collaboration framework and access control approaches have been a focus in recent years, but there lack of a holistic and comprehensive model and visual modeling. We proposed and formalized a CSCW-enabling access control model integrating generic centralized authorization and distributed authority delegation, called IACM (Integrated Access Control Model) for CSCW, based on the cooperative roles and their owned activities. And then, the visual modeling was represented with static and dynamic characteristics, with a goal to narrow the gap of the formalized model and application level. Finally, an application in the collaboration system for equipments manufacture designing was implemented to improve security of the role-based centralized authorization management by using the authorization constraint rules, and to enhance the collaborative capability based on the user-side delegation mechanism, effectively guaranteeing CSCW system security and authorization management efficiency.