ObjectSecurity Newsletter 24 Novemeber 2010

ObjectSecurity News Update - 07 February 2011

Greetings, here are our latest news:

1. Cloud Security Alliance presentation & webinar (8 February 2011, noon PST ***TODAY***)

Title: "Security Policy Automation for Cloud Applications".
Sign up here: http://www.meetup.com/SV-CSA/events/16049370/?a=_yes&rv=md1p

Presented by Dr. Lang, CEO of ObjectSecurity, member of the Board of Directors of Cloud Security Alliance (Silicon Valley Chapter), (CSA website)

2. Whitepaper: IBM DeveloperWorks Cloud Zone

ObjectSecurity has been contracted by IBM to produce a whitepaper for IBM DeveloperWorks Cloud Zone (release: 08 February 2011, contact us to get a web link):

Model-driven cloud security: How to employ cloud application security policy automation to make cloud security better

Manually translating security policy into technical implementation is difficult, expensive, and error-prone, especially when implemented at the application layer. cloud security tools need to become more automated in order to realize more cost savings in terms of investment in time and money; automation of these tools is also needed to make cloud security management an easier task that allows the cloud administrator to focus on the more important security issues. In this article, the author details the challenges to effective application security policy automation, explains the benefits model-driven security adds to security policy automation, then demonstrates how to achieve cloud application security policy automation.

3. RSA Expo 2011, San Francisco, CA, USA, 14-18 February 2011

Meet us at RSA Conference. Contact us to set up a meeting, or meet Dr. Lang, CEO, (1) during the CSA event on Monday, or (2) at the ISSA booth #253, Tue 15 Feb, 3-6pm

4. OpenPMF "Policy-as-a-Service" Cloud alpha version

ObjectSecurity will launch a major cloud extension to OpenPMF 3.0 later this year
(details, online contact)

5. Ongoing Projects

Three-year EU FP7 R&D "CRISIS" project
ObjectSecurity’s ongoing multi-person-year contribution involves the development of a model-driven architecture for secure information sharing, involving involve information modelling, information exchange modelling, model-driven security, various application platforms and more.
(press release)

Navy project for XML security features for next-generation US military security technology
ObjectSecurity and Promia are working on a project to implement a next-generation fullstack, high-assurance security intrusion detection and enforcement architecture and XML information assurance across US Navy networks. The project spiral involves integrating ObjectSecurity OpenPMF™ policy management with Promia Raven™ XML information exchange capabilities, and scalable Authorization Based Access Control (ZBAC) to distribute authorizations.
(press release)

European Space Agency (ESA) project “Next Generation Requirements Engineering”
ObjectSecurity work with a consortium led by Intecs on the project Next Generation Requirements Engineering for the European Space Agency (ESA). The project concerns investigations to improve the state of the art of Requirements Engineering for Space Systems in the context of the ECSS standards in support of the Model Based Systems Engineering. Rather than document-based taxonomies and glossaries, we will implement domain specific languages for requirements definition that point the way to an eventual full ontology-based RE tool support.
(press release)

Consulting contract for European Commission completed
ObjectSecurity's Dr. Lang consulted the European Commission (EC) in Brussels, Belgium as a technical expert about research proposals to be funded in the 7th Framework Programme (FP7).

6. Recent Publications & Media

OpenPMF Frequently Asked Questions (FAQ):
Read the OpenPMF & Model-Driven Security FAQ online (read).

Scientific Paper:
Cloud & SOA Application Security as a Service, ISSE 2010, Berlin, Germany, 5-7 October 2010

Featured Article:
Security Policy Automation: Improve Cloud Application Security ROI. ISSA Journal, Featured Article, October 2010 (read)

Scientific Paper:
Lang, U. Authorization as a Service for Cloud & SOA Applications. International Workshop on Cloud Privacy, Security, Risk & Trust (CPSRT 2010), Collocated with 2 nd IEEE International Conference on Cloud Computing Technology and Science (Cloudcom) CPSRT 2010, Indianapolis, Indiana, USA, December 2010

Scientific Paper:
Model Driven Security Accreditation of Agile Systems at the 11th International Common Criteria Conference & Exhibition, 21-23 September 2010, Antalya, Turkey

Conference Presentation:
ObjectSecurity presents their vision for Model Driven Security to NEASCOG, NATO HQ, 24 September 2010, Brussels, Belgium.

TV Interview:
Watch Dr. Ulrich Lang, CEO of ObjectSecurity, answer questions about ObjectSecurity (watch)

Blog:
ObjectSecurity blog "modeldrivensecurity.org" discusses model driven security, and now also model-driven security accreditation (read)

OpenPMF Information:
slide show online, FAQ, free trial, webinar, podcast, white paper, demo videos, blogs, supported technologies

(full publication list here)

More Information:
Twitter - News List - Events List - Publication List - LinkedIn, Blogger

You are receiving this email because you have subscribed to ObjectSecurity's email newsletter.
Please contact us if you have any feedback - we aim to make this newsletter as useful as possible for you.
Please simply reply to this email with "unsubscribe" in the subject or body if you would like to unsubscribe.
We are aiming to make this newsletter as useful for you as possible, so any comments or suggestions would be greatly appreciated.
Simply reply to this email if you would like to get in touch with us. And please tell your colleagues about this newsletter.