ObjectSecurity Newsletter 15 July 2011

ObjectSecurity News Update - 15 July 2011

Greetings, here are our latest news:

1. ObjectSecurity Has Been Awarded Joint Air Traffic Management Study on SWIM Civil-Military Interoperability

(Cambridge, UK, and Palo Alto, CA, USA – 08 July 2011) – ObjectSecurity, the leader for model-driven security policy automation, which has been actively working on air traffic management cyber security and IT architecture since 2005, today announced that they have jointly been awarded a study contract by EUROCONTROL that supports SESAR (Single European Sky ATM Research) WP14. EUROCONTROL, the European Organisation for the Safety of Air Navigation, is an intergovernmental civil-military organisation made up of 39 Member States and the European Community, which is committed to building a Single European Sky that will deliver the Air Traffic Management (ATM) performance required for the 21st century and beyond. Historically, ATM systems were not interoperable. Future ATM concepts rely on a much more dynamic form of information sharing. ATM systems will be both producers and consumers of data. All systems will be connected via a middleware to the same “cloud of services”, and civil-military interoperability will be achieved through SWIM rather than the existing point-to-point interconnections. The System Wide Information Management (SWIM) concept is central to building the future European ATM system because it facilitates a net centric future, which is at the core of the SESAR operational concept. In essence, the SWIM concept is expected to improve not only civilian but also military Collaborative Decision Making (CDM) by facilitating the exchange of ATM data across the entire ATM system. For the military it also has some specific benefits because it further facilitates the exchange of data and services for the Air Defence (AD) and Command and Control (C2) functions. This study will ensure that the SWIM technical design being developed in WP14 addresses the military requirements including civil-military interoperability, interconnection of military systems, architecture, and middleware. The specific focus of the study is on the interfacing possibilities of the military legacy systems, including military ATM as well as Air Defence (AD) and Command & Control (C2). The outcome of the study will be a clearly defined interoperability concept and architecture for SWIM along with a set of requirements for the civil-military interface. The study will identify the systems that require interoperability, the services they will consume and provide, the quality of service requirements (including security) that these services entail and the interoperability concepts and architecture that are required to ensure cost effective interoperability. We then use our innovative formal method to derive requirements for middleware that will help ensure interoperability is actually achievable and provide a plan for its validation. While security issues are to be addressed by a separate study, certain issues need to be considered, because security is an integrated aspect of the system and has a strong influence on the system's implementation and performance. While military users will wish to have access to all information on civil ATM systems, they will not wish to share operationally sensitive information with civil users. The integrated project team consists of well-connected and recognised leading experts in civil and military ATM, and information system management (Helios, uVe, and ObjectSecurity). Helios is Europe’s leading ATM consultancy well known for supporting EUROCONTROL, the European Commission, air navigation service providers and regulators on a wide range of ATM and CNS issues for both civil and military issues. uVe is an independently owned consultancy group specialising in the provision of technical and operational leadership to clients in the defence and aviation sectors. (more)

2. Intel awards technical support contract to ObjectSecurity for the 6th year in a row

(Cambridge, UK, 24 June 2011) – ObjectSecurity today announced that Intel renewed their technical support contract for the 6th year in a row. As a tried-and-tested technical support partner for open source middleware, ObjectSecurity will continue to deliver outstanding, realiable, and speedy technical support to Intel and their other technical support customers.

3. ObjectSecurity's upcoming presentations and training

- Pre-Conference Cloud Security Workshop @ BioITWorld Health IT Cloud Conference (more)

4. New modeldrivensecurity.org blog posts (blog)

- "Analysis Series: PCI DSS - what it says & what it means" (more)
- "XACML is a machine format, not a policy authoring format for humans" (more)
- "Government clouds (G-Cloud) - Security through Obscurity?" (more)

5. OpenPMF Free Trial + OpenPMF "Policy-as-a-Service" Cloud alpha version

- OpenPMF for Intalio is still available as a *free* trial (details, online contact)
- ObjectSecurity will launch a major cloud extension to OpenPMF 3.0 later this year
(details, online contact)

6. Ongoing Projects

Feasibility analysis contract for OpenPMF Cloud Application Security Policy Automation
The feasibility analysis contract by UK Technology Strategy Board (TSB) under the Feasibility Studies for Digital Services grant program is still ongoing. The project aims to identify the gaps and solutions around ObjectSecurity OpenPMF™ for cloud application security policy automation as a service: Analyze (1) unique security concerns related to cloud computing, and (2) gaps in cloud-related standards/regulations, and technology solutions. It then identifies potential solutions for security & compliance policy implementation and testing, with the goal of short-term commercialisation. One particular innovation of this project will be the use of model-driven security automation (offered as a cloud service & tied into the protected cloud platform) to achieve correct, consistent, low-effort/cost policy implementation for cloud applications. (more)

Three-year EU FP7 R&D "CRISIS" project
ObjectSecurity’s ongoing multi-person-year contribution involves the development of a model-driven architecture for secure information sharing, involving involve information modelling, information exchange modelling, model-driven security, various application platforms and more.
(press release)

Navy project for XML security features for next-generation US military security technology
ObjectSecurity and Promia are working on a project to implement a next-generation fullstack, high-assurance security intrusion detection and enforcement architecture and XML information assurance across US Navy networks. The project spiral involves integrating ObjectSecurity OpenPMF™ policy management with Promia Raven™ XML information exchange capabilities, and scalable Authorization Based Access Control (ZBAC) to distribute authorizations.
(press release)

European Space Agency (ESA) project “Next Generation Requirements Engineering”
ObjectSecurity work with a consortium led by Intecs on the project Next Generation Requirements Engineering for the European Space Agency (ESA). The project concerns investigations to improve the state of the art of Requirements Engineering for Space Systems in the context of the ECSS standards in support of the Model Based Systems Engineering. Rather than document-based taxonomies and glossaries, we will implement domain specific languages for requirements definition that point the way to an eventual full ontology-based RE tool support.
(press release)

7. Recent Publications & Media

Video clip
Watch our new educational video clip: "OpenPMF Policy Automation & Accreditation" (more)
This video is part of a deliverable to US Navy as part of our ongoing project with Promia, Inc

OpenPMF flyer
Enjoy our new OpenPMF product flyer (more)

Whitepaper:
IBM DeveloperWorks Cloud Zone - Model-driven cloud security: How to employ cloud application security policy automation to make cloud security better (read)

Webinar recording:
Cloud Security Alliance presentation & webinar: OpenPMF Cloud Application Security Policy Automation (8 February 2011) (learn more)

OpenPMF Frequently Asked Questions (FAQ):
Read the OpenPMF & Model-Driven Security FAQ online (read).

Conference Presentation:
ObjectSecurity presents their vision for Model Driven Security to NEASCOG, NATO HQ, 24 September 2010, Brussels, Belgium.

TV Interview:
Watch Dr. Ulrich Lang, CEO of ObjectSecurity, answer questions about ObjectSecurity (watch)

Blog:
ObjectSecurity blog "modeldrivensecurity.org" discusses model driven security, and now also model-driven security accreditation (read)

OpenPMF Information:
slide show online, FAQ, free trial, webinar, podcast, white paper, demo videos, blogs, supported technologies

(full publication list here)

More Information:
Twitter - News List - Events List - Publication List - LinkedIn, Blogger

You are receiving this email because you have subscribed to ObjectSecurity's email newsletter.
Please contact us if you have any feedback - we aim to make this newsletter as useful as possible for you.
Please simply reply to this email with "unsubscribe" in the subject or body if you would like to unsubscribe.
We are aiming to make this newsletter as useful for you as possible, so any comments or suggestions would be greatly appreciated.
Simply reply to this email if you would like to get in touch with us. And please tell your colleagues about this newsletter.