|
Newsletter Archive
2009: JAN FEB
2008: OCT SEP JUN APR MAR FEB
2007: DEC OCT JUL JUN MAY APR MAR FEB JAN
2006: NOV OCT
OpenPMF supports BPM security+Intalio partner 
OpenPMF agile SOA R&D project for UK MoD
Intel renews technical support contract for 4th year
Success story : US Air Force OpenPMF
ObjectSecurity partners with CADS
San Jose / Silicon Valley Business Jounral Coverage
ObjectSecurity welcomes Milind Pansare as advisor
ObjectSecurity welcomes Dr. William Wilson as advisor
E-books: SOA/Cloud/Web2.0 & model-driven security
OpenPMF Award Success story: ESG military HEROS-2/Lot 2 MICO port
Success story: SOA security analysis project completed
Cloud Security CEO Interview, RSA'08
ObjectSecurity shortlisted for East of England Business Awards
ObjectSecurity joins SOA Consortium
Analyst coverage (Gartner/451 Group/Burton Group)
Success story: US Air Force OpenPMF DDS & Raven project
Success story: Lufthansa Systems Germany project
Events: RSA'09 USA session: 'How Best Map Compliance/IT?'
ObjectSecurity signs US military contract with Promia, 23 Sept. 08
ObjectSecurity signs a US military contract with Promia. Promia and ObjectSecurity will jointly develop a next-generation IT security intrusion detection and enforcement product, using their respective products ObjectSecurity OpenPMF 2.0 and Promia Raven. 22 September 2008
ObjectSecurity signs utilities contract with Promia, 23 Sept. 08
ObjectSecurity signs a ulitites industry contract with Promia. Promia and ObjectSecurity will jointly develop a novel technology that makes it easier for the utilities sector to achieve regulatory compliance with The US Federal Energy Regulatory Commission Critical Infrastructure Protection Standards. It supports decision making, produces audit documentation, detects anomalies, and supports policy-driven requirements management 22 September 2008
OpenPMF / RTI DDS / Promia Raven integration project
ObjectSecurity works with RTI and Promia on the integration of OpenPMF, RTI DDS, and Promia Raven as part of RTI's SBIR contract with the US Air Force, 14 February 2008
UK Cyber Security KTN SOA security project awarded
ObjectSecurity carries out a £50,000 SOA security concerns analysis project for the UK Cyber Security Knowledge Transfer Network (KTN), 19 June 2008
Lufthansa Systems Germany software consulting project
ObjectSecurity carries out a software consulting project for Lufthansa Systems Germany, 20 June 2008
ObjectSecurity receives EEDA Proof of Concept Fund grant
ObjectSecurity has been awarded a £30,000 East of England Development Agency (EEDA) Proof of Concept Fund project grant, 01 April 2008 ,
OpenPMF 2.0 supports XACML SOA interoperability standard
OpenPMF 2.0 can now interoperate with XACML based authorization management (entitlement management) solutions and policy enforcement solutions, Cambridge, UK, 05 May 2008
Success story: ESG military HEROS-2/Lot 2 MICO port
ObjectSecurity was contracted by ESG to port their existing CORBA applications to the MICO open source CORBA implementation for the HEROS-2/Lot2 military command & control system. The success of this project shows ObjectSecurity's capabilities in mission-critical environments and in the defense industry, and also underscores the maturity of the MICO software. 15 December 2008
ObjectSecurity partners with Intalio - OpenPMF now supports BPMN (Intalio BPMS)
ObjectSecurity is pleased to announce that OpenPMF 2.0 now supports business process management based model-driven security management. The feature is available in beta, and the demo ties in withIntalio BPMS. 30 October 2008
OpenGroup Conference Munich 2008
ObjectSecurity presented at aligning business and IT security.
RSA Conference Europe 2008
ObjectSecurity will present "Bridging the Security Gap Between IT and Other Business Units" at the RSA Europe Conference in London, 28th October 2008, 10:15 - 11:15 hrs Abstract (BUS-202): There is strong evidence that many security vulnerabilities are caused by incorrect security policies and configurations (i.e., human errors), rather than by inherent weaknesses in the attacked IT systems and security mechanisms. Enterprise security administrators today need to have an in-depth understanding of the security features and vulnerabilities of a multitude of ever-changing and different IT ‘silos’. Moreover, in complex, large, networked IT environments such policies quickly become overly complex, confusing, and error-prone because administrators cannot specify and maintain the correct policy anymore. This is true both in service oriented architecture (SOA) and non-SOA IT environments, but agile SOA style environments complicate this scenario significantly for a number of reasons, including: security policies may need to be reconfigured whenever the IT infrastructure gets reconfigured and redeployed; security at the business process management layer is at a different semantic-level than in the infrastructure; semantic mappings between layers and well-adopted standardized notations are not available. For these reasons, mapping of enforcement to policies and configurations need to be automated – such as Model Driven Security.
ISSE 2008
ObjectSecurity will present “Managing compliance with regulations and governance standards for Service Oriented Architecture using Model Driven Security” at ISSE 2008, Madrid, Spain, 7-9 October 2008. Contact us to arrange a meeting. Abstract: Compliance with regulatory and governance standards is rapidly becoming one of the hot topics of information security today. This is because, especially with regulatory compliance, both business and government have to expect large financial and reputational losses if compliance cannot be ensured and demonstrated. Compliance is relevant to many types of organisations. Examples include Sarbanes-Oxley for publicly listed companies, ..... In this paper we will illustrate the theory behind Model Driven Security for compliance, and provide case studies and benefit metrics for several industries (especially healthcare, defence, and air traffic management). We will also show several case studies using our OpenPMF technology.
Business Services Management (BSM) Forum 2008
ObjectSecurity will present “Alignment of flexible business processes and agile IT infrastructures" ("Zuordnung der flexiblen Geschäftsprozesse zur dynamisch, anpassbaren IT-Infrastruktur" at the BSM Forum 2008, Cologne, Germany, 15-16 October 2008. Contact us to arrange a meeting.
ObjectSecurity partners with ikv++ technologies ag
ObjectSecurity partners with ikv++ technologies ag, a provider of Model Driven Architecture products and professional services. ObjectSecurity contributes Model Driven Security and OpenPMF's security to ikv++'s portfolio. Cambridge, UK and Berlin, Germany, 07 May 2008
Japanese language article about ObjectSecurity
UK Trade & Investment published a Japanese language article ObjectSecurity in its ICT newsletter, 03 June 2008
ObjectSecurity highly commended for UK Trade & Investment Award 2008
ObjectSecurity has been highly commended for the UK Trade & Investment International Trade Awards 2008 (Cambridgeshire, East of England, UK)
ObjectSecurity partners with Model Driven Solutions
Model Driven Solutions is a provider of SOA & MDA services and products that complements ObjectSecurity's Model Driven Security services and products, 25 March 2008.
ObjectSecurity drives Model Driven Security standardisation
ObjectSecurity drives the standardisation of a security policy model standard at the Object Management Group (OMG) consortium to prevent vendor lock-ins, 14 March 2008.
ObjectSecurity releases MICO 2.3.13 Release Candidate 2
ObjectSecurity releases new open source CORBA version MICO 2.3.13 Release Candidate 2 to the public
ObjectSecurity partners with Fintricity
ObjectSecurity partners with Fintricity. The partnership joins up the complementary SOA products and solutions of both companies: OpenPMF 2.0 and SOA consulting. 06 October 2008
ObjectSecurity named "Cool Vendor" in Gartner's "Cool Vendors in Application Security and Authentication, 2008" report
ObjectSecurity has been named "Cool Vendor" in Gartner's "Cool Vendors in Application Security and Authentication, 2008" report, 4 April 2008
ObjectSecurity partners with Secerno
ObjectSecurity partners with Secerno. The partnership allows OpenPMF customers to regulate data interactions across a range of databases thanks to Secerno’s database security enforcement. Similarly, Secerno customers benefit from the ability to integrate database security with their organisation’s wider security infrastructure via OpenPMF’s simplified security policy management for multiple security systems. 22 September 2008
ObjectSecurity joins SOA Consortium
ObjectSecurity joins the SOA Consortium (www.soa-consortium.org), a SOA advocacy group comprised of end users, service providers, and technology vendors, committed to helping the Global 1000 successfully adopt SOA by 2010, 08 Sept. 08
EEDA Proof of Concept Fund awarded to ObjectSecurity
East of England Development Agency awards £30,000 OpenPMF market validation grant to ObjectSecurity. ObjectSecurity will mainly work together with Gartner, Cambridge, 07 March 2007.
ObjectSecurity joins UK Ministry of Defence Synthetic Environment Tower Of Excellence
ObjectSecurity joins the UK Ministry of Defence Synthetic Environment Tower Of Excellence , 5 March 2008.
OASIS Open Standards Forum 2008
ObjectSecurity will attend the "Security Challenges for the Information Society" symposium at the OASIS Open Standards Forum, 2 October 2008, Ditton Manor,UK
Future Security Symposium 2008
ObjectSecurity will present at the Fraunhofer Future Security Symposium 2008, 10-11 September 2008, Karlsruhe, Germany. Abstract: Secure Model Driven Information Exchange - Information, information exchange and information fusion, is the key enabler for the whole "life cycle" of security, from vulnerability analysis over plans and training to responding to incidents. But in reality, sharing information is not easy. First of all, information flow has to be enabled. This requires interoperability at all layers, from low level communications over middleware to the semantics of the information exchanged. It is a huge challenge, especially in environments with legacy systems and multiple organisations. Secondly, the information flow has to be controlled. The fact that two or more organisations are willing to plan, train or work together does not mean that they are willing to share all their information with others. The obvious solution at least for the interoperability problem, standardisation, does not work, for political, historical and sometimes even technical reasons. In our presentation, we propose to apply the concepts of model driven engineering to information exchange. We use abstract and platform independend models, so called Domain Specific Languages, to describe information, stakeholders and their systems, and information flows. From these models, we automatically generate platform specific exchange formats, adapters for legacy integration, bridges between different middleware platforms and security policies. This enables a quick integration of incompatible legacy systems and allows a secure information exchange between different systems and organisations. As a proof of concept, our approach is successfully used in several research projects, including a simulation of emergencies at an airport, Air Traffic Management and intrusion detection in tactical military networks.
Cambridge Enterprise Conference 2008
ObjectSecurity will have a poster at the Cambridge Enterprise Conference 2008, 17 September 2008.
PlugandPlay Expo Fall 2008
ObjectSecurity will present at the Plug and Play Expo Fall 2008 "extreme pitching" event in Sunnyvale, CA, USA, on 25 September 2008.
Modeling Security Workshop (ModSec 2008)
ObjectSecurity is on the programme committee of the Modeling Security Workshop
In Association with MODELS '08, Toulouse, France, 28th September, 2008
NATO Workshop on Development and Use of Computer Generated Forces Technologies 2008
ObjectSecurity will present "The need for an architecture that is based on model-driven approaches, including model-driven security" at the NATO Research and Technology Agency MSG-066 Workshop on Development and Use of Computer Generated Forces Technologies (collocated with MSG-ET-026 Exploratory Team on NATO Synthetic Force (SynFor) Wrap for Pre-Deployment Training), 2-4 September 2008 at Dstl Farnborough, Hampshire, UK
19th Enterprise Architecture Practitioners Conference 2008
ObjectSecurity will present Enterprise Architecture Driven Security Management: Bringing IT Security Managing Back to the Business at this conference. Abstract:- You cannot secure what you cannot manage. In this presentation, we will explain how the concepts of model driven security can help bring IT security management back to the business. Model driven security (MDS) can bridge the gap between high-level, business-driven security requirements and low-level IT security enforcement (esp. runtime control of information flows throughout the business). Security requirements can be expressed at the abstraction layer of the Enterprise Architecture (EA), using the vocabulary and meanings (meta-models) of the EA. The benefits are significant. You can:
Maintain business driven security policies in intuitive, customizable models; Manage security for agile IT environments with low-maintenance (e.g. SOA); Generate fine-grained enforceable security rules automatically ; Protect applications automatically and reliably enterprise-wide; Monitor enterprise-wide policy compliance; Develop secure software model-driven with minimal effort ; Deploy with low risk and a lowered cost hurdle; Control your future-proof ecosystem of technologies and standards. The benefits include reduced cost, improved enterprise-wide security compliance, and low-maintenance security management. MDS lets you manage security at a business-driven, intuitive high level of abstraction close to human thinking, and policies can be defined in the way you think about security in the context of your organization. You can define policies consistently in one place and automatically enforce them across your IT. We will illustrate the concepts using the leading Model Driven Security product OpenPMF 2.0: OpenPMF 2.0 can protect most IT systems, and reuse most pre-existing security infrastructure, environment, including agile Service Oriented Architectures (SOA). You can deploy with lower upfront cost and risk thanks to innovative deployment options (software rental, appliance and remote “security as a service”). OpenPMF 2.0's powerful, yet easy-to-use technology is the only 'model driven security management' solution in the market today. It is the most flexible, extensible, standards based, and easy-to-use enterprise security management framework on the market. OpenPMF 2.0’s unique business driven management goes beyond today’s authorization management solutions, which primarily focus on policy interoperability (XACML etc.) rather than manageability. The patent-pending technology is based on 9 years of solid research and development by leading experts who are currently driving international standardization of model driven security.
The general topic area is currently seeing a lot of visibility, and OpenPMF 2.0 is listed as a promising high-impact technology in Gartner’s “Cool Vendors for Application Security & Authentication 2008” report and on Gartner’s “Hype Cycle for Information Security 2007”. Audience:- enterprise architects, SOA architects, Chief Security Officers, Innovation Strategists. Key takeaways:- 1. Security management complexity is growing out of hand, 2. Security needs to be managed from within the Enterprise Architecture, 3. Businesses need to ensure agility/reuse/control while maintaining security
Workshop Distributed Object Computing for Real-time & Embedded Systems
ObjectSecurity will co-present "Integrating DDS Into Secure Net-centric Systems: A Pragmatic Approach" at the OMG Workshop on Distributed Object Computing for Real-time and Embedded Systems July 14 – 16, 2008, Washington, DC, USA. (with Ariel Salomon and Gerardo Pardo-Castellote from RTI). Abstract: A consensus has begun to emerge toward a Security Model for DDS which includes: Mandatory Access Control for Secure Domains, Role-Based Access Control for Secure Topics, and centralized policy management. This presentation will discuss development of a secure DDS solution that can be practically deployed, the techniques available for deploying DDS on typical WAN environments, including networks that contain NATs, native support of secured operating systems such as SE Linux, the definition of a pragmatic Role-Based Access Control model to protect DDS Topics and how to enforce the policies using the tools available in the standard PKI, and the impact on performance and real-time predictability that these techniques introduce.
OMG Technical Meeting
ObjectSecurity will hold a workshop session "OMG standards for Model Driven Security - How can we secure SOA without losing agility?" on Thursday 13 March 2008 at the Software Assurance group (SwA) at the OMG technical meeting, Washington DC, USA , 10-14 March 2008. A related presentation "A Model Driven Security approach for SOA" will also be presented on Tuesday 11 March 2008 at the SOA group. Abstract: ObjectSecurity discusses the need for OMG standards for Model Driven Security, and how SOA security must go beyond web services security. The core issue is how to specify and maintain consistent/effective security policies for *agile* SOA. This cannot be done manually (too complex/labor-intensive). New approaches such as Model Driven Security are needed. Session topics incl. security stove-piping, how to reduce cost/effort, architecture approaches, experiences, secure BPM SOA."
ObjectSecurity in the U.S.: Washington D.C & San Francisco
Dr. Ulrich Lang, CEO, ObjectSecurity, will be available to meet you in the Crystal City, Washington DC area during 10-14 March 2008. He will also be available downtown San Francisco during 5-11 April 2008.
Airport IT 2008 (at ILA Berlin)
ObjectSecurity will present "Airport operations optimisation through agile, secure IT integration, SESAR, SWIM-SUIT" together with Eamonn Cheverton, Enterprise Architect, BAA, London, UK at Airport IT 2008, Berlin, Germany, 28/29 May 2008. The presentation will cover the following topics: Flexible, future-proof IT integration is at the heart of airport CDM --- (A-CDM/TAM): Service-Oriented Architecture (SOA) and Business Process Model --- (BPM) driven IT management --- Manageable, good information security is a critical enabler for such integrated systems --- This presentation will discuss state-of-the-art approaches for secure A-CDM/TAM integration (including model-driven security) --- The presentation will also provide an update on the SESAR undertaking, and on the SWIM-SUIT project
Gartner Emerging Trends Symposium 2008
ObjectSecurity will attend Gartner's Emerging Trends Symposium 2008, Barcelona 13-14 May 2008. Contact us to arrange a meeting.
Passenger Terminal Expo 2008
ObjectSecurity will attend Passenger Terminal Expo 2008, 15-17 April 2008, Amsterdam, Netherlands. Contact us to arrange a meeting.
Infosecurity Europe 2008
ObjectSecurity will attend Infosecurity Europe 2008, London, UK, 22-24 April 2008. Contact us to arrange a meeting.
RSA Conference 2008
ObjectSecurity will present a peer-to-peer session "How can we secure SOA without losing agility?" at the RSA Conference 2008, San Francisco, CA, USA, 7-11 April 2008. Contact us to arrange a meeting. Abstract: In this Ask the Moderator session, ObjectSecurity discusses how SOA security must go beyond web services security. The core issue is how to specify and maintain consistent/effective security policies for *agile* SOA. This cannot be done manually (too complex/labor-intensive). New approaches such as Model Driven Security are needed. Session topics incl. security stove-piping, how to reduce cost/effort, architecture approaches, experiences, secure BPM SOA." (P2P-205A, 9 Apr 2008, 1:40 PM - 2:30 PM, and repeat session April 9 at 5:40pm – 6:30pm).
ObjectSecurity also presented "The SOA Security Hurdle" with Intel at the RSA Executive Briefing Center at the RSA Expo. Please contact us to get an invitation
ATC Global Exhibition & Conference 2008
ObjectSecurity will attend ATC Global Exhibition & Conference 2008, Amsterdam, Netherlands, 11-13 March 2008. Contact us to arrange a meeting.
FSB National Conference 2008
ObjectSecurity may also attend the National Conference 2008 by the Federation of Small Businesses (FSB), London, UK, 13-15 March 2008. Contact us to arrange a meeting.
UK Ministry of Defence Synthetic Environment Tower Of Excellence Meeting
ObjectSecurity will present their secure information sharing and security management capabilities in synthetic environments (SimulateWorld) at the UK Ministry of Defence Synthetic Environment Tower Of Excellence Meeting, 5 March 2008. Contact us to arrange a meeting.
SOA & Model Driven Security Success Story with QientiQ
ObjectSecurity has carried out several successful project milestones with QinetiQ related to Service Oriented Architecture (SOA) and Model Driven Security (MDS), 28 February 2008 (press info)
Privacy Engineering Methodology SIG
ObjectSecurity will attend the Cycersecurity KTN's Privacy Engineering Methodology SIG meeting on 20 February 2008. Contact us to arrange a meeting.
Article: secure information sharing in air traffic management
Overview article, 28 Feb 2008.
ARGUS DARP II Conference
ObjectSecurity will attend at this event in London, UK, 28 February 2008. Contact us to arrange a meeting.
Playing to Win
ObjectSecurity will attend the Playing to Win event, Newmarket, UK, 4 March 2008. Contact us to arrange a meeting.
9th UK Technology Innovation & Growth Forum
ObjectSecurity will present a University of Cambridge spin-out showcase at the 9th UK Technology Innovation & Growth Forum (organised by Library House), London, UK, 17 March 2008
Exploring Breakthrough Security Technologies
ObjectSecurity will present an SME showcase "OpenPMF 2.0 and Model Driven Security" at this event in London, UK, 13 February 2008. Contact us to arrange a meeting. (article)
JETRO Business Opportunities in Tokyo Seminar
ObjectSecurity will attend JETRO's "Business Opportunities in Tokyo" event, London, UK, 04 February 2008. Contact us to arrange a meeting.
Security Networking Dinner
ObjectSecurity will attend the Security Networking Dinner at Cranfield University, Shrivenham, UK, 05 February 2008. Contact us to arrange a meeting
Updated blog: model driven security
ObjectSecurity's edducational blog is now revamped and also supports email subsriptions. 07 Feb 08
ObjectSecurity joins Farnborough Aerospace Consortium
ObjectSecurity is now a member of Farnborough Aerospace Consortium (FAC), UK, 16 January 2008
European ATM Innovation Symposium
ObjectSecurity participated in the European ATM Innovation Symposium by Farnborough Aerrospace Consortium (FAC), Southampton, UK, 16 January 2008,
Society Maritime Industries (SMI) orts and Terminals Group (PTG)
ObjectSecurity participated in the Society Maritime Industries (SMI) orts and Terminals Group (PTG) working group meeting, London, UK, 11 January 2008,
Airport CDM Coordination Group
ObjectSecurity participated in the Airport CDM Coordination Group, EUROCONTROL HQ, Brussels, Belgium, 21-22 November 2007. Contact us to arrange a meeting.
OMG Technical Meeting Burlingame, CA, USA
ObjectSecurity attended the OMG techncal meeting in Burlingame, CA, USA, 10-14 December 2007. Contact us to arrange a meeting (in the DC area 3-5 Dec 07 or in Silicon Valley 6-14 Dec 07).
SYSTEMS 2007
ObjectSecurity attends SYSTEMS 2007, Munich, Germany, 23-26 October 2007. Contact us to arrange a meeting.
5th Annual Simulation & Synthetic Environments Symposium
ObjectSecurity will present "Rapid prototyping, simulation, testing of secure information sharing in distributed systems" at the 5th Annual Simulation & Synthetic Environments Symposium, London, 6 November 2007. Contact us to arrange a meeting.
UK ATM-KN Industry Showcase Event
ObjectSecurity will present at the UK ATM-KN Industry Showcase Event at the British Airports Group Offices, London, 08 November 2007. Contact us to arrange a meeting.
EPAC Ensuring Privacy and Consent TSB/EPSRC "Sandpit" Event
ObjectSecurity will participate in the Ensuring Privacy and Consent sandpit, Buckinghamshire, UK, 12-16 November 2007. Contact us to arrange a meeting.
OpenPMF 2.0 RTI DDS - plugin available
Objectecurity has just released an OpenPMF 2.0 plugin for RTI's Data Distribution Services (DDS) which is event driven architecture (EDA) based - joint project with RTI as part of their US Navy SBIR, Cambridge, UK, Santa Clara, CA, USA, 19 November 2007
SOA security training workshop and white paper project
ObjectSecurity holds a training workshop on SOA security and model driven security in the context of SAP for a large European collaborative business software specialist, Cambridge, UK, 09 October 2007
ObjectSecurity partners with Virtual Forge
ObjectSecurity partners with Virtual Forge, a security quality & compliance specialist with strong SAP expertise, Cambridge, UK, and Walldorf/Heidelberg, Germany, 15 October 2007
OpenPMF 2.0 Security Management Ecosystem (TM) announced
ObjectSecurity announces its Security Management Ecosystem and welcomes interested parties to join, Cambridge, UK, 10 October 2007
Inter Airport Europe 2007
ObjectSecurity attends the Inter Airport Europe, Munich, Germany, 11 October 2007. Contact us to arrange a meeting.
FSB Roadshow Cambridge 2007
ObjectSecurity attends the FSB Cambridge Roadshow, Cambridge, UK, 17 October 2007. Contact us to arrange a meeting.
RSA Europe 2007
ObjectSecurity will attend RSA Europe 2007, London, UK, 24 October 2007. Contact us to arrange a meeting.
QinetiQ Synthetic Air Traffic Environment
ObjectSecurity presents at the QinetiQ Synthetic Air Traffic Environment event, Farnborough, 29 October 2007 (note: this event has been postponed)
FAC SESAR Programme Briefing & Workshop
ObjectSecurity attends the SESAR Programme Briefing & Workshop, 3rd October, FAC Offices, Farnborough, UK. Contact us to arrange a meeting.
OpenPMF 2.0 released
ObjectSecurity releases ground-breaking model-driven security management solution (integrated into Eclipse IDE), Cambridge, UK, 30 September 2007
ObjectSecurity on Gartner hype cycle 2007
ObjectSecurity is a leader in model driven security on Gartner's Hype Cycle for Information Security 2007 (also in "Model-driven security: Enabling Real-Time, Adaptive Security Infrastructure" & "Tear Down Application Authorization Silos With Authorization Management Solutions"), Cambridge, UK, 4 September 2007
Patents pending for OpenPMF 2.0 innovations
OpenPMF 2.0's ground-breaking innovation is now 'patent-pending', Cambridge, UK, 17 September 2007
3rd Secure Software Development SIG event
ObjectSecurity will attend the 3rd Secure Software Development SIG event, Tuesday 25th September, QinetiQ offices, London UK. Contact us to arrange a meeting.
ISSE 2007
ObjectSecurity will present a paper "Model driven security for agile SOA-style environments" at ISSE 2007 in Warsaw, Poland, 26 September 2007. Contact us to arrange a meeting. Abstract: "There is evidence that many IT security vulnerabilities are caused by incorrect security policies and configurations (i.e. human errors) rather than by inherent weaknesses in the attacked IT systems. Security administrators need to have an in-depth understanding of the security features and vulnerabilities of a multitude of ever-changing and different IT “silos”. Moreover, in complex, large, networked IT environments such policies quickly become confusing and error-prone because administrators cannot specify and maintain the correct policy anymore. Agile service oriented architecture (SOA) style environments further complicate this scenario for a number of reasons, including: security policies may need to be reconfigured whenever the IT infrastructure gets re-orchestrated; security at the business process management layer is at a different semantic level than in the infrastructure; semantic mappings between the layers and well-adopted standardised notations are not available. This paper explores how the concepts of security policy management at a high, more intuitive (graphical) level of abstraction and model-driven security (tied in with model driven software engineering) can be used for more effective and simplified security management/enforcement for the agile IT environments that organisations are faced with today. In this paper, we illustrate in SecureMDA™ how model driven security can be applied to automatically generate security policies from abstract models. Using this approach, human errors are minimised and policy updates can be automatically generated whenever the underlying infrastructure gets re-orchestrated, updated etc. The generated security policies are consistent across the entire distributed environment using the OpenPMF policy management framework. This approach is better than having administrators go from IT system to IT system and change policies for many reasons (including security, cost, effort, error-proneness, and consistency). The paper also outlines why meta-modelling and a flexible enforcement plug-in model are useful concepts for security model flexibility.
The 4th Smart Card Centre Open Day
ObjectSecurity will attend the The 4th Smart Card Centre Open Day, 10 September, 2007,
Smart Card Centre, Royal Holloway, University of London, UK. Contact us to arrange a meeting.
SOA security & enterprise security project for BAA
ObjectSecurity works on a SOA model driven security and enterprise security consulting project for BAA, a UK airport operator,, Cambridge, UK, 29 August 2007
SOA model driven security project for QinetiQ/MOD
ObjectSecurity works on a SOA model driven security consulting project for the UK Ministry of Defence as a contractor to QinetiQ. The project outlines the concepts in OpenPMF 2.0, Cambridge, UK, 24 August 2007
OpenPMF 2.0 - fully model driven Eclipse based version released soon
ObjectSecurity released first screenshots of the new Eclipse based new OpenPMF 2.0 released September/October 2007, Cambridge,3 August 2007
ObjectSecurity identified by Gartner as model driven security innovator
ObjectSecurity, the world leader in model driven security, will be a listed vendor in RN "Model-driven security: Enabling Real-Time, Adaptive Security Infrastructure" & revised RN "Tear Down Application Authorization Silos With
Authorization Management Solutions", Cambridge, UK,ca. 20 August 2007
RTI DDS - OpenPMF integration project
ObjectSecurity works on a project with RTI to integrate OpenPMF with their RTI Data Distrbution Service (DDS) middleware, which is event driven architecture (EDA) based, Cambridge, UK, Santa Clara, CA, USA, 1 August 2007
Cybersecurity KTN meeting
Nigel Jones who runs the KTN will present ObjectSecurity's slides on enterprise security policy management and SOA security. QinetiQ offices, London, UK. 4 September 2007.
Transport and Security Seminar
ObjectSecurity will attend the 'Transport & Security the real issues for 2025' afternoon seminar, 4 September, 2007, Central Saint Martins College of Art and Design, London, UK. Contact us to arrange a meeting.
Cambridge Enterprise Conference 2007
ObjectSecurity will attend the 8th Cambridge Enterprise Conference, 10 September, 2007,
Churchill College, University of Cambridge, UK. Contact us to arrange a meeting.
Defence Systems and Equipment International (DSEi)
ObjectSecurity will attend the DSEi 11-14 September 2007. ExCeL London, UK. Contact us to arrange a meeting.
CAMIS 2007
ObjectSecurity will present "Security policy management for cross-agency collaborative decision making" at the Third CAMIS Security Management Conference: Strategizing Resilience
and Reducing Vulnerability, Wednesday 5th to Friday 7th September, 2007,
Birkbeck College, University of London, UK. Contact us to arrange a meeting.
Integrate your technology with ObjectSecurity's security ecosystem
ObjectSecurity is currently forming strategic partnerships with vendors who would like to add OpenPMF security to their technologies, Cambridge, 31 July 2007
''Entitlement' discussion, SOA security discussion, new middleware security blog.
ObjectSecurity discusses authorization management issues at ZDNet, InformationWeek and ObjectSecurity's new blog about this topic , Cambridge, 27 June 2007
ObjectSecurity joins air traffic control project "SWIM-SUIT"
ObjectSecurity joins the already running EU FP6 SWIM-SUIT project: development of technologies for System
Wide Information Management (SWIM) SUpported by Innovative Technologies (SUIT) in SESAR air traffic control, Cambridge, 16 July 2007
ObjectSecurity partners with Paremus
ObjectSecurity partners with Paremus Ltd., a SOA specialist and plans to integrate OpenPMF with Paremus’s Infiniflow, Cambridge/London, UK, 19 July 2007 (press coverage 1, 2, 3, 4)
ObjectSecurity partners with N-VOLV Technologies, LLC
ObjectSecurity partners with N-VOLV Technologies, a U.S. government IT solution provider of enterprise applications, Cambridge UK and Washington D.C., USA, 23 July 2007
ObjectSecurity in the Press: OMG
ObjectSecurity announces AD4 CORBA Component success story "ObjectSecurity: Helping to Secure the Friendly Skies", Cambridge, October 2006
OPENPMF XMLBLASTER MOM SUPPORT
ObjectSecurity releases an integration plug-in for the XMLBlaster message oriented SOA middleware, Cambridge, 21 June 2007 (wiki)
OBJECTSECURITY BRIEFS GARTNER ON MODEL DRIVEN SECURITY & SOA
ObjectSecurity, the world leader in model driven security, briefs Gartner on this innovative subject, Cambridge, UK, 26 July 2007 (SecureMDA)
TRUSTEDSOA LAUNCHED
ObjectSecurity releases TrustedSOA, an integrated solution for SAO security based on their OpenPMF, SecureMDA, and OpenPMF webservice support, Cambridge, 21 June 2007 (BEA WebLogic, Sun Glassfish press release / wiki)
ObjectSecurity briefs Japanes business delegation
ObjectSecurity briefs a high-profile Japanes tech business delegation at St. John's Innovation Centre, Cambridge, UK, 8 June 2007
7TH ATM R&D SEMINAR IN BARCELONA
ObjectSecurity will attend the 7th ATM R&D Seminar in Barcelona, Spain on July 02 - 05, 2007. Contact us to arrange a meeting.
OPENPMF SUPPORTS BEA WEBLOGIC
ObjectSecurity OpenPMF series supports BEA WebLogic for service oriented architecture (SOA) & ESB extended (XML web services, J2EE), Cambridge, 11 June 2007
ISSE 2007
ObjectSecurity will present a paper at ISSE 2007 in Warsaw, Poland, 25-27 September 2007. Contact us to arrange a meeting.
RSA EUROPE 2007
ObjectSecurity will attend RSA Europe 2007, London, UK, 22-24 October 2007. Contact us to arrange a meeting.
SOFTWARE RENTAL OPTION FOR ALL PRODUCTS
ObjectSecurity now offers their entire software suite as rental software, Cambridge, 7 June 2007
NATO NC3B CYBER DEFENCE EXHIBITION 2007
ObjectSecurity will have a booth at the NATO NC3B Cyber Defence Exhibition to present their current technologies, Brussels, Belgium, May 23-24, 2007. Contact us to arrange a meeting.
TECHNOLOGYWORLD 2007
ObjectSecurity is headquartered in Cambridge, UK, where TechnologyWorld 2007 is held on 7 June 2007. Please contact us if you would like to arrange a meeting during your visit to Cambridge.
CYBER SECURITY KTN ANNUAL CONFERENCE
ObjectSecurity will exhibit at the Cyber Security KTN Annual Conference on 12 June 2007 in London. Contact us to arrange a meeting.
SOA CONSORTIUM AND OMG TC MEETING BRUSSELS
ObjectSecurity will attend the SOA Consortium and OMG technical meetings in Brussels, Belgium, 25-29 June 2007. Dr. Lang will present "SecureMDA standards requirements" to the BPM group on Thursday 9am. Contact us to arrange a meeting.
NAVAL RESERACH LAB SINS PRODUCTIZATION
ObjectSecurity partners with U.S. Naval Research Lab to productise NRL's SINS middleware, Washington D.C., and Cambridge, 1 May 2007
OPENPMF SOA SUPPORT EXTENDED
ObjectSecurity OpenPMF series support service oriented architecture (SOA) & ESB extended (XML web services, J2EE), Cambridge, 18 April 2007
JOINT PRODUCT WITH PROMIA
ObjectSecurity and Promia today announced plans to produce a joint next-generation security product, Cambridge and San Francisco, 12 April 2007
ITEC2007 2007
ObjectSecurity will attend the ITEC2007 simulation expo in Cologne, Germany, 24-25 April 2007. Contact us to arrange a meeting. .
NATO NC3B CYBER DEFENCE EXHIBITION 2007
ObjectSecurity will have a booth at the NATO NC3B Cyber Defence Exhibition to present their current technologies, Brussels, Belgium, May 23-24, 2007. Contact us to arrange a meeting.
AD4 PROJECT COMPLETED SUCCESSFULLY
ObjectSecurity successfully completed the 2-year EU FP6 project AD4, Cambridge, 1 March 2007
SOFTWARE 2007
ObjectSecurity is exhibiting their innovative technology range at Software 2007, 8-9 May 2007, Santa Clara, CA, USA.
NEW BLOGS
ObjectSecurity now has three exciting blogs about SOA security, MDA security, and secure ATM, Cambridge, 19 March 2007
EUROPEAN CONFERENCE ON SECURITY RESEARCH SRC '07S
ObjectSecurity attended the European Conference on Security Research SRC '07, March 26-27, 2007, Berlin, Germany.
QINETIQ/MOD SOA ANALYSIS
ObjectSecurity completed a milestone of a service oriented architecture analysis project for the UK Ministry of Defence (MOD) as a QinetiQ subcontractor, Cambridge, 28 February 2007
U.S. STRATEGIC PARTNER
Our strategic partner in the North American market is Promia, Inc., a security solutions and tools provider to government and industry. Cambridge, UK, and San Francisco, CA, 15 February 2007
CODE GENERATION 2007
ObjectSecurity will present SecureMDA at Code Generation 2007, 18-20 May 2007, Cambridge, UK. Contact us to arrange a meeting.
NEW VIDEO CLIPS WEBPAGE
Have a look at our new video clips page with a number of short clips that give you a convenient overview of some of our technologies and some projects, 21 January 2007, Cambrige, UK.
NEW TRAINING WORKSHOPS AVAILABLE
ObjectSecurity now offers a variety of workshops that help application engineers to build robust, secure, and manageable distributed systems. 01 February 2007, Cambridge UK.
OBJECTSECURITY IN THE PRESS
ObjectSecurity will be featured in the upcoming PCPro Magazine (March issue, available in UK shops in mid-February). We presented a n emergency response demonstration to the UK press, 9 November 2006, Cambridge, UK. As a result, there is press coverage here: blog 1, blog 2, TV, web article).
OBJECTWALL RESELLERS WANTED
ObjectSecurity is looking for resellers of their ObjectWall IIOP firewalls. Please contact us if you are interested. 01 February 2007, Cambridge, UK.
MICO IPv6 SUPPORT SPONSORSHIP OPPORTUNITY
ObjectSecurity plans to release an IPv6 enabled version of the MICO CORBA open source implementation in the near future. Please contact us if you would like to sponsor this open source work. 01 February 2007, Cambridge, UK.
OBJECTSECURITY SIMPLIFIES SECURITY MANAGEMENT
ObjectSecurity releases software tools to automatically generate security policies for OpenPMF, 19 September 2006, Cambridge, UK.
OMG SOFTWARE ASSURANCE WORKSHOP
ObjectSecurity will present their work on SecureMDA automatic policy generation at the OMG Software Assurance Workshop, 5-7 March 2007, Washington D.C., USA.
PASSENGER TERMINAL EXPO 2007
ObjectSecurity will present a paper at the Passenger Terminal Expo 27-29 March 2007, Barcelona, Spain. Contact us to arrange a meeting.
ECIW07 ELECTRONIC WARFARE WORKSHOP
ObjectSecurity will present their work at ECIW07, 2-3 July 2007, Shrivenham, UK. Contact us to arrange a meeting.
RSA SECURITY CONFERENCE 2007
ObjectSecurity will present at the RSA Security Conference, 6 February 2007, San Francisco, USA. There will also be a book-signing session. Contact us to arrange a meeting.
DEMO VIDEO CLIP
Watch SimulateWorld in action on our new video clips page,21 January 2007, Cambrige, UK.
PROPOSED DDS SECURITY APPROACH
ObjectSecurity will present a security approach for Data Distribution Services (DDS) at the OMG DDS group, 6 December 2006, Arlington, VA, USA
OMG SOFTWARE ASSURANCE WORKSHOP
ObjectSecurity will present their work on SecureMDA automatic policy generation at the OMG Software Assurance Workshop, 5-7 March 2007, Washington D.C., USA.
PASSENGER TERMINAL EXPO 2007
ObjectSecurity will present a paper at the Passenger Terminal Expo 27-29 March 2007, Barcelona, Spain. Contact us to arrange a meeting.
SOA FOR DEFENCE EXPERT PANEL PROJECT
ObjectSecurity is part of an expert panel project (led by QinetiQ) to assess service oriented architecture (SOA) benefits for the UK Ministry of Defence, 24 November 2006, Cambridge, UK.
NEW SIMULATION PRODUCT PRESENTED TO PRESS
ObjectSecurity presented a n emergency response demonstration to UK press, 9 November 2006, Cambridge, UK. As a result, there is press coverage here: blog 1, blog 2, TV, web article).
ATN2006
ObjectSecurity will attend the Global Aviation Communications Conference ATN2006, 28-29 November 2006, London, UK. Contact us to arrange a meeting.
SYSTEMS ENGINEERING FOR DEFENCE SYMPOSIUM
ObjectSecurity will attend the Systems Engineering For Defence Symposium at the Defence Academy, 21 November 2006, Shrivenham, UK. Contact us to arrange a meeting.
NEW SIMULATION PRODUCT RELEASED
ObjectSecurity releases SimulateWorld, a new product for 4D simulation of secure information integration, 4 October 2006, Cambridge, UK.
AEROSPACE/DEFENCE WORKSHOP
ObjectSecurity will be exhibiting at the PPARC/KITE workshop, 19 October 2006, London, UK. Contact us to arrange a meeting.
AD4 WORKSHOP 2006
ObjectSecurity will be at the AD4 visualisation workshop, 13-14 December 2006, London, UK. Contact us to arrange a meeting.
EUROCONTROL INO WORKSHOP 2006
ObjectSecurity will be at Eurocontrol INO workshop on 5-7 December 2006, at the EUROCONTROL Experimental Centre, Brétigny-sur-Orge, France. Contact us to arrange a meeting.
IST 2006 CONFERENCE
ObjectSecurity will be at EU IST 2006 Conference, 21-23 November, Helsinki, Finland. Contact us to arrange a meeting.
OMG TECHNICAL MEETING
ObjectSecurity will be at the OMG Technical Meeting, Washington DC, USA, 4-8 December 206. Contact us to arrange a meeting.
ITS WORLD 2006
ObjectSecurity will be at ITS World on 9 October 2006, London, UK. Contact us to arrange a meeting.
OBJECTSECURITY SIMPLIFIES SECURITY MANAGEMENT
ObjectSecurity releases software tools to automatically generate security policies for OpenPMF, 19 September 2006, Cambridge, UK.
ATM & HOMELAND SECURITY INTEGRATION DEMO PREVIEW
ObjectSecurity is currently building an ATC & homeland security demonstrator for its technologies and capabilities. It uses our SimulateWorld 4D simulation platform, August 2006, Cambridge, UK.
OBJECTWALL WINDOWS VERSION RELEASED
ObjectSecurity has released a MS Windows version of the ObjectWall IIOP firewall, 12 August 2006, Cambridge, UK.
AIR AND PORT SECURITY EUROPE
ObjectSecurity will attend the APS Europe show, Brussels, Belgium. Contact us to arrange a meeting.
OPENPMF STUDENT PROJECT COMPLETED
ObjectSecurity has supervised K. A. Lawani during his Master's project on the OpenPMF-J2EE integration, 30 August 2006, Hamburg, Germany.
OPENPMF APPLIANCE RELEASED
ObjectSecurity released their appliance version of OpenPMF, 09 August 2006, Cambridge, UK
SECUREMIDDLEWARE APPLIANCE RELEASED
ObjectSecurity released their appliance component server version of SecureMiddleware, 08 August 2006, Cambridge, UK
U.S. NAVY PROTOTYPE DELIVERED
ObjectSecurity delivered a survivable ATM demo to the U.S. Naval Research Lab, 14 July 2006, Cambridge, UK
PROJECT OF THE MONTH
Our collaborative EU FP6 project AD4 has been nominated project of the month at Fraunhofer FOKUS, 1 July 2006, Berlin, Germany
INTEL SUPPORT CONTRACT
ObjectSecurity signed a technical
support contract with Intel Germany, 28 June 2006, Cambridge, UK
OBJECTWALL JOINS EUROPEAN ATM SUPPORT GROUP (EAT-SG)
ObjectSecurity was formally accepted as a member of the EAT-SG consortium, 20 June 2006, Cambridge, UK
AD4 WORKSHOP CALL FOR PAPERS
ObjectSecurity co-organises a workshop on "Visualisation and Distributed Systems Technology in Dynamic Work Contexts" (call for paper), 13-14 December 2006, London, UK
OBJECTWALL APPLIANCE RELEASED
ObjectSecurity released their appliance version of ObjectWall, 01 June 2006, Cambridge, UK
OBJECTWALL NAT SUPPORT
ObjectWall now supports NAT, 01 June 2006, Cambridge, UK
FARNBOROUGH AIR SHOW
ObjectSecurity was at the Farnborough Aerospace Consortium stand for meetings on 21 July 2006, Farnborough , UK
U.S. NAVY SUBCONTRACT SIGNED
ObjectSecurity signed a U.S. Naval Research Lab contract with Smartronix, Inc., 08 May 2006, Cambridge, UK
NEW GUI FOR OPENPMF RELEASED (PRESS RELEASE 15 MAY 06)
ObjectSecurity released their new, graphical OpenPMF central policy management console with real-time monitoring of policy enforcement points and security-relevant activity.
UNIVERSITY OF CAMBRIDGE COMPUTER LAB PROJECT PRESENTATION
Dr. Lang (ObjectSecurity) and Dr. Bharadwaj (U.S. Naval Research Lab) presented their new project on secure middleware to the security group of the University of Cambridge Computer Lab, 26. May 2006, Cambridge, UK
ILA BERLIN AIR SHOW
ObjectSecurity's CTO attended the ILA Berlin Air Show International Aerospace Exhibition and Conferences, 16-21. May 2006, Berlin, Germany
SECURE MIDDLEWARE DEPLOYMENT ACROSS INTERNET (PRESS RELEASE 24 APR 06)
ObjectSecurity deployed their secure middleware platform for air traffic control across the Internet, 24 Aprill 2006, Cambridge, UK
5TH AERONAUTICS DAYS
ObjectSecurity's CTO will exhibit (as part of AD4) at the 5th Communiy Aeronautics Days, Vienna, Austria, 19-21. June 2006
BEST PAPER AWARD (IFIP/ACM/IEEE)
ObjectSecurity (with Fraunhofer FOKUS) received the Best Paper Award of the Adaptave and Reflective Middleware Workshop (Grenoble, 2005) for their paper "Integrating Security Policies via Container Portable Interceptors". A new version of the paper has been published in IEEE Distributed Systems Online.
EUROPEAN CONFERENCE ON MODEL DRIVEN ARCHITECTURE
ObjectSecurity's CTO will present a paper "Model Driven Development of Security Aspects" at the 2nd International Workshop on Aspect-Based and Model-Based Separation of Concerns in Software Systems (ABMB 2006), 10-12 July 2006, Bilbao, Spain
KELLOGG BUSINESS SCHOOL MARKETING SCHOLARSHIP
ObjectSecurity's CEO has been awarded a scholarship (course kindly sponsored by UK Trade & Investment and Ellis Goodman, flights by British Airways) for an executive marketing strategy course at the Kellogg Business School, the top MBA school for marketing, Chicago/IL, USA, 3.-7 April 2006
ATM MAASTRICHT CONFERENCE
ObjectSecurity's CTO will attend the ATC Maastricht conference 2006 in Maastricht, Netherlands, 14-16. February 2006
EDA 2006 R&T CONFERENCE
ObjectSecurity's CTO will attend EDA 2006 R&T Conference, Brussels on the 9th of February 2006, Brussels, 10 January.
MICROSOFT SECURITY WORKSHOP
ObjectSecurity's CEO will be at the Microsoft Security Workshop in Hamburg, Germany, 15.-16. March. Contact us if you would like to arrange a meeting
USA: RSA SECURITY EXPO & FOSE
ObjectSecurity will be at the RSA Security Expo 13-17. Feb 2006, in the Toronto area 20.-25. Feb, and in the Washington D.C. area 26. Feb - 9. Mar (FOSE2006). Contact us if you would like to arrange a meeting ( 27 Nov 2005)
INTEL TRAINING COURSE
ObjectSecurity has provided a successful tailor-made CORBA training course that was very well-received by Intel, Braunschweig, Germany
ROYAL BANK OF SCOTLAND PROJECT:
ObjectSecurity has secured a MICO CORBA technical support contract with the Royal Bank of Scotland, London, UK (19 Oct 2005)
EUROCONTROL WORKSHOP:
ObjectSecurity (as part of the AD4 project team) will attend the 4th Annual EUROCONTROL Innovative Research Workshop & Exhibition, 6.-8. December 2005, Eurocontrol Experimental Center, Bretigny, France (11 Oct 2005)
MIDDLEWARE 2005 (ARM05) CONFERENCE:
ObjectSecurity will present a paper with Fraunhofer FOKUS on "Realising Security Policies with Container Portable Interceptors" at the
ACM/IFIP/USENIX 6th International Middleware Conference, and the 4th Workshop on Adaptive and Reflective Middleware (ARM05), November 28th - December 2nd, 2005, Europole Congress Center, Grenoble, France ( 11 Oct 2005)
NEW SOFTWARE ANNOUNCEMENT:
New OpenPMF Policy Management Framework release, new Secure MICO CORBA release, new SecureMiddleware release, new ObjectWall release (December 2005)
AD4 AIR TRAFFIC MANAGEMENT WORKSHOP:
We presented our OpenPMF and SecureMiddleware at the AD4 4D Virtual Management System 1st Workshop on Air Traffic Management, 5. October 2005, Ciampino Airport - Crav, Rome, Italy (5 Oct 2005)
ISSE 2005:
We presented a paper on our OpenPMF case study in air-traffic control at the ISSE 2005 security conference, 27-29 September 2005, Budapest, Hungary (28 Sept 2005)
ENTERPRISE EXPO:
We exhibited at the 7th Cambridge Enterprise Conference,
Cambridge (Churchill College), 14 & 15 September 2005 (13 Sept 2005)
DEFENSE & HOMELAND SECURITY WHITE PAPER:
Information Security in Command & Control for Defense and Homeland Security:
This paper explains how to achieve secure shared situational awareness and distributed collaborative working using ObjectSecurity's OpenPMF (US letter PDF, 8 pages).(12 Aug 2005)
OBJECTWALL VERSION 2 BETA RELEASED:
We will shortly be launching our new ObjectWall v2 IIOP layer firewall. It supports the full range of IIOP features. Please click here if you are interested in becoming a beta-tester. (9 Aug 2005)
U.S. HOMELAND SECURITY WORKSHOP 2005:
ObjectSecurity will attend the US/UK Homeland Security Symposium and Industry Partnering Event at the USC Davidson Conference Center, Los Angeles in Los Angeles, 8.-9. September 2005.(9 Aug 2005)
(older press releases have been removed)
|
