ObjectSecurity Newsletter 05 October 2011

ObjectSecurity News Update - 05 October 2011

Greetings, here are our latest news:

1. Meet ObjectSecurity in London, UK, next week!

ObjectSecurity's CEO Dr. Ulrich Lang would love to meet with you in London, UK, next week to discuss potential business opportunities. Please reply to this email to arrange a meeting.
- Monday 10 October:"Collaboration Nation", presenting the OpenPMF "Policy as a Service" vision.
- Tuesday 11 October: "Innovate 2011", exhibiting OpenPMF.
- Wednesday-Thursday 12-13 October: RSA Expo Europe, to meet with Europe's cyber security industry.
- Friday 14 October: In case you cannot make it earlier that week, you can also meet us in Cambridge, UK

2. Completed: Navy project milestone 2.7: SOA IA security features for next-generation US military security technology

ObjectSecurity and Promia are working on a project to implement a next-generation full stack, high-assurance security intrusion detection and enforcement architecture and XML information assurance across US Navy networks. The project spiral involves integrating ObjectSecurity OpenPMF™ policy management with Promia Raven™ XML information exchange capabilities, and scalable Authorization Based Access Control (ZBAC) to distribute authorizations.
As part of the completed milestone, an educational demo video "SOA IA Demonstrator: Information Assurance (IA) for Service Oriented Architectures (SOA)" was produced, which you can watch online.
An "OpenPMF-only" version of the video clip can also be found online
(original press release)

3. Completed: Feasibility analysis contract for OpenPMF Cloud Application Security Policy Automation

The feasibility analysis contract by UK Technology Strategy Board (TSB) under the Feasibility Studies for Digital Services grant program is still ongoing. The project aims to identify the gaps and solutions around ObjectSecurity OpenPMF™ for cloud application security policy automation as a service: Analyze (1) unique security concerns related to cloud computing, and (2) gaps in cloud-related standards/regulations, and technology solutions. It then identifies potential solutions for security & compliance policy implementation and testing, with the goal of short-term commercialization. One particular innovation of this project will be the use of model-driven security automation (offered as a cloud service & tied into the protected cloud platform) to achieve correct, consistent, low-effort/cost policy implementation for cloud applications. (more) . A scientific paper with the analysis of recommended cloud security controls to validate OpenPMF “policy as a service” has been published with Elsevier, which can be purchased online.

4. ObjectSecurity's upcoming presentations. conferences and training

- Meet us in London, UK, at RSA Expo Europe, 12-13 Oct '11
- Meet us in London, UK, at "Innovate 2011", 11 Oct '11
- Presenting OpenPMF for cloud in London, UK, at "Collaboration Nation", 10 Oct '11
- Technical policy automation discussion at Bay Area Hacker Assoc. (BAHA), 13 Nov '11

5. New modeldrivensecurity.org blog posts (blog)

Analysis Series blog posts: NISIR7628, HIPAA, PCI DSS - what it says & what it means

6. OpenPMF Free Trial + OpenPMF "Policy-as-a-Service" Cloud alpha version

- OpenPMF for Intalio is still available as a *free* trial (details, online contact)
- ObjectSecurity will launch a major cloud extension to OpenPMF 3.0 later this year (details, online contact)

7. Ongoing Projects

Three-year EU FP7 R&D "CRISIS" project
ObjectSecurity’s ongoing multi-person-year contribution involves the development of a model-driven architecture for secure information sharing, involving involve information modeling, information exchange modeling, model-driven security, various application platforms and more.
(press release)

European Space Agency (ESA) project “Next Generation Requirements Engineering”
ObjectSecurity work with a consortium led by Intecs on the project Next Generation Requirements Engineering for the European Space Agency (ESA). The project concerns investigations to improve the state of the art of Requirements Engineering for Space Systems in the context of the ECSS standards in support of the Model Based Systems Engineering. Rather than document-based taxonomies and glossaries, we will implement domain specific languages for requirements definition that point the way to an eventual full ontology-based RE tool support.
(press release)

Eurocontrol Joint Air Traffic Management Study on SWIM Civil-Military Interoperability
ObjectSecurity continues work on a study contract by EUROCONTROL that supports SESAR (Single European Sky ATM Research) WP14. This study will ensure that the SWIM technical design being developed in WP14 addresses the military requirements including civil-military interoperability, interconnection of military systems, architecture, and middleware. The specific focus of the study is on the interfacing possibilities of the military legacy systems, including military ATM as well as Air Defence (AD) and Command & Control (C2). The outcome of the study will be a clearly defined interoperability concept and architecture for SWIM along with a set of requirements for the civil-military interface. The study will identify the systems that require interoperability, the services they will consume and provide, the quality of service requirements (including security) that these services entail and the interoperability concepts and architecture that are required to ensure cost effective interoperability. We then use our innovative formal method to derive requirements for middleware that will help ensure interoperability is actually achievable and provide a plan for its validation. (more)

8. Recent Publications & Media

Video clip
- Navy deliverable video: OpenPMF SOA IA policy automation & accreditation (open)
- OpenPMF Policy Automation & Accreditation (OpenPMF subset of the full Navy deliverable video) (more)

Training course recording
A recording of ObjectSecurity's pre-conference workshop "Ensuring information security and compliance when moving to the cloud" at the Health IT Conference "Cloud Computing: Looking beyond the cloud" conference is available for purchase (more)

Scientific paper
Analysis of recommended cloud security controls to validate OpenPMF “policy as a service” (more)

OpenPMF flyer
Enjoy our new OpenPMF product flyer (more)

Whitepaper:
IBM DeveloperWorks Cloud Zone - Model-driven cloud security: How to employ cloud application security policy automation to make cloud security better (read)

Webinar recording:
Cloud Security Alliance presentation & webinar: OpenPMF Cloud Application Security Policy Automation (8 February 2011) (learn more)

OpenPMF Frequently Asked Questions (FAQ):
Read the OpenPMF & Model-Driven Security FAQ online (read).

TV Interview:
- Watch Dr. Ulrich Lang, CEO of ObjectSecurity, answer questions about ObjectSecurity (watch)
- Video interview Dr Lang about smart grid security for InnovatingSmart ( more)

Blog:
ObjectSecurity blog "modeldrivensecurity.org" discusses model driven security, and now also model-driven security accreditation (read)

OpenPMF Information:
slide show online, FAQ, free trial, webinar, podcast, white paper, demo videos, blogs, supported technologies

(full publication list here)

More Information:
Twitter - News List - Events List - Publication List - LinkedIn, Blogger

You are receiving this email because you have subscribed to ObjectSecurity's email newsletter.
Please contact us if you have any feedback - we aim to make this newsletter as useful as possible for you.
Please simply reply to this email with "unsubscribe" in the subject or body if you would like to unsubscribe.
We are aiming to make this newsletter as useful for you as possible, so any comments or suggestions would be greatly appreciated.
Simply reply to this email if you would like to get in touch with us. And please tell your colleagues about this newsletter.