Our track record and endorsements shows that we meet, and frequently even exceed, the expectations of our customers. We have a successful track record with many large blue chip companies and government organizations.

Our highly experienced and renowned experts in the field with excellent academic and business track records deliver safe, secure, reliable, flexible and cost effective IT integration solutions and tools to our customers. ObjectSecurity’s client list consists predominantly of large blue-chip companies and the military. We have numerous patents granted and pending.

“OpenPMF automates policy management, giving you the assurance that your security mechanisms are actually enforcing the policies you specify.”
— Dr. Alan Karp, HP Labs

” ObjectSecurity provides significant experience in security management.” (for US Navy & US Air Force)
— Joe Schlesselman, Real-Time Innovations

“We generally favor ‘model driven security’ to actually execute and implement digital dynamic access control…”
— Mike Davis, U.S. Navy SPAWAR, San Diego, CA

“ObjectSecurity provide rapid, one-to-one support from a highly knowledgeable technical
specialist”.
— David Carter-Hitchin, Royal Bank of Scotland

Publications

Gartner Research

  • Technology Overview for Adaptive Access Control (G00263380, 29 May 2014)
  • Hypce Cycle for Governance, Risk and Compliance Technologies, 2014 (17 July 2014)
  • Hype Cycle for Identity and Access Management Technologies, 2014 (15 July 2014)
  • Adaptive Access Control Brings Together Identity, Risk and Context (22 August 2013)
  • Hype Cycle for Application Security, 2013 (25 July 2013)
  • Externalized Authorization Managers (24 June 2013)
  • Entitlement Life Cycle Management: Access Control Through Entitlement Resolution (G00174164), 4 February 2010
  • Cool Vendors in Application Security and Authentication, 2008 (G00156005) 4 April 2008
  • Tear Down Application Authorization Silos With Authorization Management Solutions (G00147801) 31 May 2008
  • Model-Driven Security: Enabling a Real-Time, Adaptive Security Infrastructure (G00151498) 21 September 2007
  • Hype Cycle for Information Security, 2007 (G00150728) 4 September 2007
  • Hype Cycle for Identity and Access Management Technologies, 2008″ (G00158499) 30 June 2008
  • Hype Cycle for Context-Aware Computing, 2008 (G00158162) 1 July 2008
  • Cisco Buys Securent for Policy Management, and Relevance (G00153181), 5 Nov 2007

451 Group

  • Market Insight Service Impact Report” (54313)
  • In the report “Policy Management for Identity – Closing the Loop Between Identity Management, Security and IT Management?” OpenPMF 2.0 is mentioned as a “… a powerful framework that addresses the missing element in controlling user-resource interaction: policy management.”

Burton Group (acquired by Gartner)

  • Covered ObjectSecurity in their “Entitlement Management” report
  • ObjectSecurity presents “R&D report: how to test access control before your IT inadvertently breaks” at ToorCon 2016
  • ObjectSecurity presents a discussion session “Discuss the top 10 things to damage-control both hacker pivots and insider leaks” at ToorCon 2016
  • ObjectSecurity presented OpenPMF for telecoms as part of Huawei’s presentation “Next-gen SDN/NFV powered Open Mobile Network live and win with partners” at Telecom Council Silicon Valley conference (TC3), 29 September 2016
  • ObjectSecurity presented “A Practical Approach to Integrated Automotive Safety and Security Development” with partner Intecs (John Favaro) at the Sixth VDA Automotive SYS 2016, 6-8 July 2016, Berlin Germany
  • ObjectSecurity presented “Access Control in 2016” at Security BSides, San Francisco, February 2016
  • ObjectSecurity publishes Proximity Based Access Control using Model-Driven Security in the Springer Proceedings for ISSE Conference 2015, Berlin, November 2015
  • ObjectSecurity presents Access Control in 2016 – what you need to know at Toorcon 2015 SanDiego , 23 October 2015
  • ObjectSecurity publishes Bridging the Gap between Privacy Requirements and Implementation with Semantic Privacy Modeling and a Privacy Technology Framework in the ISSA Journal August 2015 (By Dr. Ulrich Lang and Mike Davis, With Rudolf Schreiner, Patrick Aichroth, and Sebastian Mann)
  • ObjectSecurity presents about Cyber Security Market Failure at ISSA Cornerstones of Trust conference, Foster City, CA, 16 June 2015 (slides)
  • ObjectSecurity publishes an article (led by Mike Davis) Cyber Model for Privacy by Design (PbD) in the IEEE Consumer Electronics (CE) Magazine, January 2015 issue
  • ObjectSecurity presents Model Driven Security Policy Automation at INCOSE Model-Based Systems Engineering Conference, San Diego, CA, 01 November 2014
  • ObjectSecurity presents Model Driven Security Policy Automation at ISC2, San Diego, CA, 22 October 2014
  • ObjectSecurity presents Internet of Things S.O.S. – System of Systems Security Considerations at ISSA Cornerstones of Trust, Foster City, CA, 01 October 2014
  • ObjectSecurity presents OpenPMF – Model-Driven Security Policy Automation and TrustWand at San Diego IEEE – Cyber Security Entrepreneurial Workshop, San Diego, 28 March 2014
  • ObjectSecurity releases a new e-Book Attribute-Based Access Control (ABAC): ABAC is getting increasing attention by governments and enterprises. However, there is also a great deal of confusion about what ABAC is, why and how to adopt it, and what the main design decisions for an ABAC system are. This in-depth technical eBook introduces ABAC and contrasts terminology & definitions, its history, various ABAC related initiatives and standards (e.g. XACML). It also discusses ABAC benefits and challenges in depth. A large part of the document is dedicated to which ABAC design choices have to be made, and what the implications are. The document closes with a comparison of ABAC with other access control approaches, and a current and future ABAC market assessment (see e-books above)
  • Ulrich Lang moderated a panel Cloud Security Innovation at the Cloud Security Alliance (CSA) Innovation Conference, Santa Clara, CA, USA, 18 July 2013. Dr. Lang also co-organized the conference and worked on the conference program committee.
  • Ulrich Lang presents a poster Model-Driven Security Policy Automation at the NIST Attribute-Based Access Control (ABAC) workshop, : National Cybersecurity Center of Excellence (NCCoE), Rockville, Maryland 20850MD ,USA, 17 July 2013.(view poster).
    Gerardo Pardo-Castellote, RTI, and Ulrich Lang, Object Security Trusted remote attestation for secure embedded systems at Embedded.com, 4 March 2013 This article is based on a paper presented by the authors as part of a class (ESC-436) at the Spring 2012 ESC DESIGN West.
  • Ulrich Lang presents health information security at the StartX MedIC workshop, Stanford, CA, USA, February 22, 2013
  • ObjectSecurity & Cloud Security Alliance present CSA Identity & Access Management Guidance & Identity Roadmap at the Cloud Identity Summit, Vail, CO, USA, 16-20 Juy 2012.
  • ObjectSecurity & INTECS present Next Generation Requirements Engineering at the INCOSE Conference, Rome, Italy, 9-12 July 2012 The paper was awarded the “Best Paper” award.
  • ObjectSecurity publishes Least Privilege: What it Really Means When it is Done Right, What is Done Today, and What Can be Done in the ISSA Journal July 2012 issue.
  • Promia presents Promia’s & ObjectSecurity work SOA & Cloud Application Information Assurance at the Classified Advanced Technology Update Short Course (CATU) at the Naval Postgraduate School, Monterey, California, USA, 11-14 June 2012
  • ObjectSecurity presents Enabling and Shortening Government Information Assurance Accreditation for SOA & Cloud at the ISSA Cornerstones of Trust Conference, 06 June2012
  • ObjectSecurity presents Least Privilege: What it Really Means When it is Done Right, What is Done Today, and What Can be Done at the ISSA Cornerstones of Trust Conference, 06 June2012
  • ObjectSecurity publishes a cover article Manageable Smart Grid Security Policy Automation in the ISSA Journal April 2012 issue.
  • ObjectSecurity, Linköping University, Space Applications Solutions and VSL Systems present Real-time Support for Exercise Managers’ Situation Assessment and Decision Making at the ISCRAM 2012 Conference, 22-25 April 2012 .
  • ObjectSecurity & Promia present Enabling and Shortening Information Assurance Accreditation for SOA & Cloud in at the IFSEC SINET 2012 Conference, 18 March 2012, and published a matching technical whitepaper.
  • ObjectSecurity & INTECS present Next Generation Embedded Systems Requirement Engineering at the Embedded World 2012 Conference, 29 Feb 2012, together with INTECS (J. Favaro)
  • ObjectSecurity, ESA & INTECS present Improving Requirements Engineering within the European Space Industry at the ERTS 2012 Conference, Wednesday 1 Feb 2012, together with INTECS (S. Mazzini/J. Favaro) and European Space Agency (H-P De Koning)
  • ObjectSecurity presents Cloud Application Security Policy Automation at the Cloud Security Meetup Group, San Franciscoi, 11 Jan 2012
  • ObjectSecurity publishes an article Security Policy Automation for Smart Grids: Manageable Security & Compliance at Large Scale in the Proceedings of ISSE Conference 2011, Prague, Czech Republic.
  • ObjectSecurity publishes a paper Analysis of recommended cloud security controls to validate OpenPMF “policy as a service” in Elsevier Information Security Technical Preport (purchase)
  • ObjectSecurity presents s short course Ensuring Information Security and Compliance when Moving into the Cloud, at BioITWorld Health Cloud Computing Conference, 18 September 2011
  • ObjectSecurity presents Cyber security paradigm shift needed: Focus on solving problems instead of “something else” at the ISSA Cornerstones of Trust Conference, Foster City, CA, USA, 01 June 2011
  • ObjectSecurity presents OpenPMF™ – Making Smart Grid Security Manageable Through Automation at Plug & Play SmartGrid Expo, 14 April 2011
  • ObjectSecurity presents Cloud Application Security Policy Automation at Cloud Security Alliance, Silicon Valley Chapter, 08 February 2011
  • ObjectSecurity publishes an article Model-driven cloud security – Employ cloud application security policy automation to make cloud security better at IBM developerWorks.
  • ObjectSecurity publishes a scientific paper Authorization as a Service for Cloud & SOA Applications at the International Workshop on Cloud Privacy, Security, Risk & Trust (CPSRT 2010), Collocated with 2nd IEEE International Conference on Cloud Computing Technology and Science (Cloudcom) CPSRT 2010, Indianapolis, Indiana, USA, December 2010
  • ObjectSecurity publishes an article Security Policy Automation: Improve Cloud Application Security ROI in the Information Systems Security Association (ISSA) Journal, Featured Article, October 2010
  • ObjectSecurity publishes a paper about their vision for Cloud & SOA Application Security as a Service at ISSE 2010, 5-7 October 2010, Berlin, Germany.
  • ObjectSecurity presents Model Driven Security Accreditation of Agile Systems at the 11th International Common Criteria Conference & Exhibition, 21-23 September 2010, Antalya, Turkey
  • ObjectSecurity publishes a whitepaper Security Policy Automation: Improve Cloud Application Security ROI on the Cloud Security Alliance discussion board – an updated version was published in the Octoberr 2010 ISSA Journal
  • ObjectSecurity presents their vision for Model Driven Security to NEASCOG, NATO HQ, 24 September 2010, Brussels, Belgium.
  • ObjectSecurity is featured in London Technology Network’s Security & Sensing Newsletter “Imprints”
  • ObjectSecurity presents their vision for Cloud & SOA Security Policy Automation at the ISSA/Security Network Collaboration Summit 2010, 09 March 2010, San Diego, CA, USA
  • ObjectSecurity presents their vision for Cloud & SOA Security Policy Automation at PACT 2010, 25 Mach 2010, Sunnyvale, CA, USA
  • ObjectSecurity presents their vision for Cloud & SOA Security Policy Automation at the SVB Showcase 2010, 23 Mach 2010, Palo Alto, CA, USA
  • ObjectSecurity presents their vision for Agile Policy Management & Agile Accreditation Automation at the ISSA / SecurityNetwork / SPAWAR Information Assurance Collaboration Workshop, 19 November 2009, San Diego, CA, USA
  • ObjectSecurity presents their scientific ACM publication Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes at The 1st ACM Workshop on Information Security Governance, November 13, 2009, Hyatt Regency Chicago, Chicago, USA
  • ObjectSecurity presents a paper about their vision for Building Secure, Accredited Future Military Software Applications to the Center for Advanced Defence Studies, Washington, DC, USA
  • ObjectSecurity presents Application & Workflow Policy Automation – OpenPMF and Model Driven Security at the ISSA Cornerstones of Trust 2009 Conference, Foster City, CA, USA, 14 October2009
  • ObjectSecurity published a paper Safety, Security and Software Reuse: A Model-Based Approach with ikv++ and Intecs at RESAFE 2009, 4th Int Workshop in Software Reuse and Safety, Washington DC, 27 September 2009
  • ObjectSecurity presents Application & Workflow Policy Automation – OpenPMF and Model Driven Security at the Global Security Challenge Regional Finals America West, where ObjectSecurity is shortlisted top 3 most promising security startup, Palo Alto, CA, USA, 29 September 2009
  • ObjectSecurity presents Application & Workflow Policy Automation – OpenPMF and Model Driven Security at a “lightning round” panel discussion at the Burton Group Catalyst Conference, San Diego, CA, USA, 28-31 July 2009
  • ObjectSecurity presents Making Regulatory Compliance Happpen for Service Oriented Architecture (SOA) in Healthcare at the OMG SOA in Healthcare Conference, Chicago, IL, USA, 02-04 June 2009
  • ObjectSecurity presents SOA security concerns – closing the loop between business and IT information assurance at the DISA/Navy SPAWAR US Cyber Security Collaboration Summit, San Diego, CA, USA, 20 Nov 2008
  • ObjectSecurity presents Manageable IT integration and manageable security for integrated airports at Passenger Terminal Expo, Abu Dhabi, UAE, 18 Nov 2008
  • ObjectSecurity runs a workshop on SOA Security Concerns for the UK Cyber Security KTN, London, UK, 03 Nov 2008
  • ObjectSecurity presents Aligning Business Compliance and IT Security at the RSA Security Conference, London, UK, 28 Oct 2008
  • ObjectSecurity presented Integration of Security into Enterprise Architecture Frameworks Practical Experiences at the Open Group Conference, Munich, Germany, 20 Oct 2008
  • ObjectSecurity presented Aligning Business Compliance and IT Enforcement at the Business Service Management (BSM) Forum, Cologne, Germany, 15 Oct 2008
  • ObjectSecurity published a paper at ISSE 2008, Madrid, Spain, 09 Oct 2008: Lang U., Schreiner R., Managing business compliance using model-driven security management, in Pohlmann N., Reimer H., Scheiner W. (editors), Proceeedings ISSE 2008 Securing Electronic Business Processes – Highlights of the Information Security Solutions Europe 2008 Conference, Vieweg + Teubner, ISBN 978-3-83480660-4, Edition 2009 (more)
  • ObjectSecurity presents Aligning business and IT: Model-Driven, Cross-Platform Secure Information Sharing for Distributed Synthetic Environments at the NATO Workshop on Development and Use of Computer Generated Forces Technologies, 03 Sept 2008
  • ObjectSecurity published a paper Model Driven Security Management: Making Security Management Manageable in Complex Distributed Systems at MODSEC 2008 (Modeling Security Workshop) CEUR Workshop Proceedings, Tolouse, France, 28 Sept 2008 (more)
  • ObjectSecurity presented “Secure Model Driven Information Exchange ” at the Future Security Symposium 2008, Karlsruhe, Germany, 10 September 2008.
  • ObjectSecurity presented Model-driven security management at the OMG Technical Meeting, Ottawa, Canada, 23 June 2008.
  • ObjectSecurity presented “Rapid Model-driven Simulation/Prototyping/Testing of Secure Information Sharing in Distributed Systems” at the ITEC Conference 2008, Stockholm, Sweden, 10-12 June 2008.
  • ObjectSecurity presented “Airport operations optimisation through agile, secure IT integration” with Eamonn Cheverton, Enterprise Architect, BAA, at the Airport IT conference (Berlin ILA), Berlin, Germany, 28-29 May 2008
  • ObjectSecurity presents two peer-to-peer sessions “How can we secure SOA without losing agility?” at the RSA Conference 2008, San Francisco, CA, USA, 7-11 April 2008. Contact us to arrange a meeting. Abstract: In this Ask the Moderator session,
  • ObjectSecurity discusses how SOA security must go beyond web services security. The core issue is how to specify and maintain consistent/effective security policies for *agile* SOA. This cannot be done manually (too complex/labor-intensive). New approaches such as Model Driven Security are needed. Session topics incl. security stove-piping, how to reduce cost/effort, architecture approaches, experiences, secure BPM SOA.” (P2P-205A, 9 Apr 2008, 1:40 PM – 2:30 PM, and repeat session April 9 at 5:40pm – 6:30pm).
  • ObjectSecurity published a short article Model Driven Security helps simplify IT security management in the ICT TechNews newsletter April 2008 (article).
  • ObjectSecurity presented “The SOA Security Hurdle” with Intel at the RSA Conference Executive Briefing Center, San Francisco, CA, USA, 7-11 April 2008.
  • ObjectSecurity presented OpenPMF™ 2.0 Model Driven Security at the Libraryhouse Innovation & Growth Forum 2008, London, UK, 17 March 2008
  • ObjectSecurity held a workshop session “OMG standards for Model Driven Security – How can we secure SOA without losing agility?” on Thursday 13 March 2008 at the Software Assurance group (SwA) at the OMG technical meeting, Washington DC, USA , 10-14 March 2008. A related presentation “A Model Driven Security approach for SOA” will also be presented on Tuesday 11 March 2008 at the SOA group. Abstract: ObjectSecurity discusses the need for OMG standards for Model Driven Security, and how SOA security must go beyond web services security. The core issue is how to specify and maintain consistent/effective security policies for *agile* SOA. This cannot be done manually (too complex/labor-intensive). New approaches such as Model Driven Security are needed. Session topics incl. security stove-piping, how to reduce cost/effort, architecture approaches, experiences, secure BPM SOA.”
  • ObjectSecurity presented an SME showcase “OpenPMF 2.0 and Model Driven Security” at the Exploring Breakthrough Security Technologies event in London, UK, 13 February 2008. Contact us to arrange a meeting.
  • ObjectSecurity held a workshop session “OMG standards for Model Driven Security – How can we secure SOA without losing agility?” on Thursday 13 March 2008 at the Software Assurance group (SwA) at the OMG technical meeting, Washington DC, USA , 10-14 March 2008. A related presentation “A Model Driven Security approach for SOA” will also be presented on Tuesday 11 March 2008 at the SOA group. Abstract: ObjectSecurity discusses the need for OMG standards for Model Driven Security, and how SOA security must go beyond web services security. The core issue is how to specify and maintain consistent/effective security policies for *agile* SOA. This cannot be done manually (too complex/labor-intensive). New approaches such as Model Driven Security are needed. Session topics incl. security stove-piping, how to reduce cost/effort, architecture approaches, experiences, secure BPM SOA.”
  • ObjectSecurity presents Secure information sharing and effective security management for ATM at the UK ATM-KN Industry Showcase Event at the British Airports Group Offices, London, 08 November 2007
  • ObjectSecurity presents Rapid prototyping, simulation, testing of secure information sharing in distributed systems at the 5th Annual Simulation & Synthetic Environments Symposium, London, 06 November 2007
  • ObjectSecurity presents Rapid prototyping, simulation, testing of secure information sharing in distributed systems at the QinetiQ Synthetic Air Traffic Environment event, Farnborough, 29 October 2007
  • ObjectSecurity presents a paper “Model Driven Security (MDS) management and enforcement to support SOA-style agility” at the Information Security Solutions Europe (ISSE) conference, Warsaw, Poland, 26 September 2007
  • ObjectSecurity reviewed the Gartner publications Model-Driven Security: Enabling a Real-Time, Adaptive Security Infrastructure and Tear Down Application Authorization Silos With Authorization Management Solutions. ObjectSecurity is listed as an innovative enterprise authorization management solutions vendor in the reports and on the Hype Cycle for Information Security, 2007. September 2007 (more)
  • ObjectSecurity presents Simplifying security management of cross-organisation collaborative decision making at ECIW 2007: The 6th European Conference on Information Warfare and Security Defence College of Management and Technology, 2-3 July 2007, Shrivenham, UK
  • ObjectSecurity presents Simplifying security management using model driven security: SecureMDA™, OpenPMF™, TrustedSOA™ (bmi/07-06-10) at the OMG Technical Meeting, 28 June 2007, Brussels, Belgium
    ObjectSecurity presents Simplifying security policies by using model-driven engineering at Code Generation 22007, 18-20 May 2007, Cambridge, UK.
  • ObjectSecurity (with T. Ritter/J. Reznik from Fraunhofer FOKUS) published a paper Model Driven Development of Security Aspects at the Electronic Notes in Theoretical Computer Science Volume 163, Issue 2, 16 April 2007, Pages 65-79  Proceedings of the Second International Workshop on Aspect-Based and Model-Based Separation of Concerns in Software Systems (ABMB 2006).
  • ObjectSecurity presents The need for a standard secure information sharing infrastructure for airport terminals at the 12th International Conference and Exhibition for Passenger Terminal Technology, Security, Design, Operations and Management, Barcelona, Spain, 27-29 March 2007.
  • ObjectSecurity presents Automatic model-driven security policy generation for high assurance systems (with the US Naval Research Laboratory and Fraunhofer FOKUS) at the OMG Software Assurance Workshop, Washington D.C., 5.-9. March 2007.
  • ObjectSecurity presents Simplifying security policies by using model-driven engineering at the RSA Security Conference, San Francisco, 5.-9. February 2007. Please contact us to get the slides.
  • ObjectSecurity presented DDS Security – Architecture concepts for data distribution services at the OMG TC meeting in Washington D.C, 6 Decmber 2006
  • ObjectSecurity presents From Models to Secure Distributed Systems (with Fraunhofer FOKUS) at the 5th EUROCONTROL Innovative Research Workshop & Exhibition – Workshop Parallel Events (Visualization and Distributed Systems Technologies, the AD4 approach and beyond), Bretigny sur Orge, France, 5 December 2006
  • ObjectSecurity presents Building Secure and Interoperable ATC Systems (with Fraunhofer FOKUS) at the 5th EUROCONTROL Innovative Research Workshop & Exhibition – Workshop Parallel Events (Visualization and Distributed Systems Technologies, the AD4 approach and beyond), Bretigny sur Orge, France, 5 December 2006
  • ObjectSecurity published an article on Secure integration of existing ATM systems in Jane’s Airport Review, in the October 2006 issue. The article describes the benefits of secure IT integration for ATM.
  • ObjectSecurity (with Fraunhofer FOKUS) published a paper on Generating High Assurance Security Policies with Model Transformations at the 2nd International Workshop on Aspect-Based and Model-Based Separation of Concerns in Software Systems (ABMB 2006), 10-12 July 2006, Bilbao, Spain
  • ObjectSecurity published an article about Simplifying Security in Complex IT Environments in the September issue of Information Security Bulletin
  • ObjectSecurity (with Fraunhofer FOKUS) published an improved version of the paper on Integrating Security Policies via Container Portable Interceptors in IEEE Distributed Systems Online, vol. 7, no. 7, 2006, art. no. 0607-o7001. The paper was invited after the Best Paper Award at the ARM2005 workshop.
  • In December 2005, ObjectSecurity published a whitepaper on Integrated Security for Air Traffic Management IT Systems. This paper explains how to achieve secure integration and administration of the IT systems involved in air traffic management using ObjectSecurity’s OpenPMF (A4 PDF, 8 pages) (more).
  • In November 2005, ObjectSecurity published a paper on Integrating Security Policies via Container Portable Interceptors (with Fraunhofer FOKUS), at the ACM/IFIP/USENIX 6th International Middleware Conference, and the 4th Workshop on Adaptive and Reflective Middleware (ARM05), November 28th – December 2nd, 2005, Europole Congress Center, Grenoble, France.We received the Best Paper Award and an invitation to publish a new version in IEEE Distributed Systems Online.
    In September 2005, ObjectSecurity published a whitepaper on Information Security in Command & Control for Defense and Homeland Security. This paper explains how to achieve secure shared situational awareness and distributed collaborative working using ObjectSecurity’s OpenPMF (US letter PDF, 8 pages) (more).
  • On September 27, 2005, Ulrich Lang presented Integrated IT Security: Air-Traffic Management Case Study at the at the ISSE Conference in Budapest, Hungary, 26.-28.09.2005..
  • On July 7, 2005, Ulrich Lang presented OpenPMF: Integrated Security Policy Management at the at the CALIBRE/RMLL2005 Open Source Conference in Dijon, France, 5.-9.07.2005.
  • On September 29, 2004, Ulrich Lang presented OpenPMF Security Policy Framework for Distributed Systems at the Information Security Solutions Europe (ISSE 2004) Conference, Berlin, Germany
  • On June 4, 2004, Rudolf Schreiner (and Marc Born & Tom Ritter, Fraunhofer FOKUS) presented Adaptive Middleware For Challenged Networks at the First International Workshop on Languages, Methods, and Tools for Model-driven Agile Development (MAD 2004), Naval Research Laboratory, Washington DC, USA
  • On June 3, 2004, Rudolf Schreiner (and Marc Born & Tom Ritter, Fraunhofer FOKUS) presented Adaptive Middleware For Challenged Networks at the NATO Workshop ‘Cross-Layer Issues in the Design of Tactical Mobile Ad Hoc Wireless Networks: Integration of Communication and Networking Functions to Support Optimal Information Management’, US Naval Research Laboratory in Washington, DC
  • April 26-30 2004, Rudolf Schreiner presented OpenPMF Policy Management Framework Managing Security Policies in Large Distributed Systems at the OMG Technical Meeting in St. Louis, MO, USA.
  • April 26-30 2004, Rudolf Schreiner (and Dr. Ramesh Bharadwaj, US Naval Research Lab, Marc Born & Tom Ritter, Fraunhofer Fokus) presented Information Assurance and Access Control Requirements for for Combat Management Systems at the OMG Technical Meeting in St. Louis, MO, USA.
  • On March 4, 2004, Ulrich Lang presented Modelling Security for Complex, Heterogeneous, Distributed IT Systems at the EU FET Consultation Workshop on “Communication Paradigms for 2020” at the European Commission, Brussels, Belgium
  • On Feburary, 5, 2004, Rudolf Schreiner  – together with Dr. Ramesh Bharadwaj (US Naval Research Lab) and Dr. Marc Born (Fraunhofer Fokus) – presented Secure Middleware for Defence Applications at the OMG Technical Meeting in Anaheim, CA, USA
  • December 10-12, 2003 Dr. Ulrich Lang presented a paper on A Flexible, Model-Driven Security Framework for Distributed Systems: Policy Management Framework (PMF) at The IASTED International Conference on Communication, Network, and Information Security (CNIS 2003) in New York, USA.
  • On November 18, 2003 Rudolf Schreiner and Dr. Ulrich Lang together with Dr. Marc Born (Fraunhofer Fokus) and Dr. Ramesh Bharadwaj (US Naval Research Lab) presented The CORBA Component Model and its new security framework: Policy Management Framework (PMF) at the OMG Security By Design Day in London, UK.
  • On November 4, 2003 Dr. Ulrich Lang presented A Flexible, Model-Driven Security Framework for Distributed Systems: Policy Management Framework (PMF) at the University of Cambridge Computer Laboratory in Cambridge, UK.
  • On October 28, 2003 Rudolf Schreiner presented Komponenten-basierte Anwendungsentwicklung auf OpenSource-Plattformen – Die nächste Generation heterogener Middleware (component-based application development on open source platforms – the next generation of heterogeneous middleware) at the LinuxWorld Conference and Expo in Frankfurt, Germany
    October 14-16, 2003 Ulrich Lang presented A Flexible, Model-Driven Security Framework for Distributed Systems: Policy Management Framework (PMF) at The Ultimate Leading Edge International IT Conferences & Expos in Toronto, Canada.
  • In August 2003 Tom Ritter from Fraunhofer Fokus and Rudolf Schreiner presented Flexible CORBA Components for Mission-Critical Distributed Applications at the “Role of Middleware in Systems Functioning over Mobile Wireless Networks Workshop” (Task Group 12 of the NATO Research and Technology Organization’s Information Science and Technology Panel; hosted by FGAN/FKIE)
    In July 2003 Ulrich Lang presented Ein flexibles, modell-basiertes Sicherheitsframework für verteilte Systeme (a flexible, model-driven security framework for distributed systems): Policy Management Framework (PMF) at the Technical University Munich, Germany.
  • In May 2003 Ulrich Lang presented COACH – A Component Based Open Source Architecture for Distributed Telecom Applications at the OMG Technical Committee Meeting in Paris, France.
  • In April 2003 Ulrich Lang presented Model Driven Security (Policy Management Framework – PMF): Protection of Resources in Complex Distributed System at the DOCSec 2003 Workshop
  • In March 2003 Ulrich Lang submitted his Ph.D. dissertation on Access Policies for Middleware to the University of Cambridge Computer Laboratory – read the summary or download the dissertation.
  • Rudolf Schreiner and Ulrich Lang co-authored a paper on SimpleGIS: Platform for Location Based Services, which will be presented at the Eurescom 2002 Summit in Heidelberg October 21-24, 2002.
  • On March 19, 2002, Ulrich Lang gave a two hour tutorial about Integrated Enterprise Security Policy at the  Distributed Object and Components Security Workshop (DOCsec2002), Baltimore/USA.
  • On March 12, 2002, Ulrich Lang gave a seminar talk about Middleware Security – Current Research and Future Work at the University of Cambridge Computer Laboratory.
    Ulrich Lang’s and Rudolf Schreiner’s book Developing Secure Distributed Systems with CORBA was published (more…).
  • In December 2001, Ulrich Lang presented a paper on Verifiable Identifiers in Middleware Security at ACSAC (Annual Computer Security Application Conference), which was co-authored by Ulrich Lang, Rudolf Schreiner, and Dieter Gollmann (Microsoft Research).
  • In November 2001, Ulrich Lang and Rudolf Schreiner, and Dieter Gollmann (Microsoft Resarch) co-submitted a paper on Cryptography and Middleware Security to ICICS2001 (Third International Conference on Information and Communications Security). It was presented by Ulrich Lang in Xi’an, China. It has also been published in Springer Lecture Notes in Computer Science (LNCS) 2229 (11/2001).
  • In November 2001, Rudolf Schreiner gave a tutorial on middleware security at the Middleware 2001 conference in Heidelberg, Germany
  • In August, 2001, Rudolf Schreiner and Ulrich Lang co-submitted a paper on CORBA as a Secure Platform for Mobile Applications, which was presented by Rudolf Schreiner at EURESCOM 3G Technologies and Applications 2001 .
  • In February, 2001, Ulrich Lang and Rudolf Schreiner co-submitted a paper on MICOSec: An Open Source Implementation of the CORBA Security Services, which was presented at ISSE 2001 (Information Security Solutions Europe Conference) by Ulrich Lang.
    In January 2001 Rudolf Schreiner and Ulrich Lang co-submitted a paper on Eine Open-Source Implementierung der CORBA Sicherheitsdienste (An OpenSource implementation of the CORBA Security Services), which was presented at the 7. Deutscher IT-Sicherheitskongress (7. German IT Security Conference) by Rudolf Schreiner.
    In March, 2001, Ulrich Lang gave a talk on MICOSec: CORBA Security Reality Check at the DOCsec2001 workshop in Annapolis, MD (USA).
  • On November 27, 2000, Ulrich Lang gave a guest lecture on Security in Distributed Systems for the Computer Security (IS4) course in Information Security at Royal Holloway, University of London, covering ‘What is CORBA?’, ‘Securing CORBA Applications’, and ‘The CORBASec Specification ‘
  • On November 7, 2000, Ulrich Lang submitted a paper on Security Attributes in CORBA and gave a seminar talk on the same topic at the University of Cambridge Computer Laboratory.
  • In June, 2000, Rudolf Schreiner and Ulrich Lang co-wrote a paper on The Challenges of CORBA Security which will be presented at workshop “Sicherheit in Mediendaten” and published with Springer .
  • In April, 2000, Ulrich Lang gave a talk on CORBA Security in a Telecommunications Environment at the DOCsec2000 workshop in Boston (MA)
  • In February, 2000, Ulrich Lang and Rudolf Schreiner published a paper on Flexibility and Interoperability in CORBA Security in ‘Electronic Notes in Theoretical Computer Science’ (Elsevier).
  • On December 15, 1999, Ulrich Lang gave a talk on CORBA security for a large telecommunications provider
  • On December 6, 1999, I gave a guest lecture on Security in Distributed Systems for the Computer Security (IS4) course in Information Security at Royal Holloway, University of London, covering ‘What is CORBA?’, ‘CORBA Security Architecture’, and ‘CORBA in Practice’
  • On December 1, 1999, I gave a talk on Why CORBA Security (Still) Fails at the DERA Security Workshop 1999
    In August ’99, Ulrich Lang’s paper on CORBA Security on the Web  was published in Future Generation Computer Systems, Special Issue: Security on the Web (Elsevier).
  • In July, 1999, Ulrich Lang gave talk on CORBA Security in a Large Banking Environment at the DOCsec’99 workshop in Baltimore
    After his first year at the University of Cambridge, Ulrich Lang submitted his PhD Thesis Proposal and a First Year Report.
    On February 25, 1999, Ulrich Lang gave a talk on Distributed Access Control at DERA (Malvern).
  • On December 3, 1998, Ulrich Lang gave a talk on The Current State of CORBA Security Implementations at the DERA Security Workshop 1998.
  • On November 30, 1998, Ulrich Lang gave a guest lecture on Security in Distributed Systems for the Computer Security (IS4) course in Information Security at Royal Holloway, University of London
  • A general overview of CORBA security which was published in the German computer magazine “iX” in October 1998: “Schutz und Trutz – Sicherheit in CORBA-Systemen” (Rudolf Schreiner & Ulrich Lang).
    Ulrich Lang’s first PhD publication was an article on Secure CORBA based Electronic Commerce Systems which was published in the Elsevier/Zergo Information Security Technical Report, Vol. 3, No 2.
  • When Ulrich Lang started his Ph.D. at the Cambridge University Computer Laboratory, he gave a talk on CORBA, CORBA Security, and CORBA security in practice.
  • As part of his M.Sc. in Information Security at Royal Holloway, University of London, Ulrich Lang wrote a dissertation on CORBA Security which describes CORBA, the CORBA Security Service Specification, and CORBA security in practice.

Awards

  • “Cool Vendor 2008” (Gartner)

  • “Most Promising Security Startup 2009” Global Security Challenge (Top 3 America West)

  • “TeleTrusT Innovation Award 2009 ” (Top 3 short listed, pending ISSE 2009)

  • “Product of the Year 2009”, (University of Cambridge Computer Lab Ring)

E-Books by ObjectSecurity

SOA Security Concerns & Recommendations

study-soasec-title-buttonIs your organization considering rolling out a Service Oriented Architecture (SOA)? Or are you already in the process of it? In either case it is critically important to consider the security and assurance implications early on. Only this way will you be able to minimize risks and to ensure the benefits of SOA. If security is implemented incorrectly, your SOA will not achieve the desired level of agility and reuse. ObjectSecurity produced an in-depth study about the security challenges of SOA, with specific in-depth recommendations. The in-depth (in excess of 60 pages) study also relates SOA to Cloud / SaaS / Web 2.0 and previous software architectures.

Security Policy Management with Model Driven Securitystudy-mds-title-button

Security policy management is one of the top security challenges in today’s complex, interconnected world (e.g. SOA, Cloud, SaaS, Web2.0). For numerous reasons, using traditional approaches is an outright show-stopper. Model-driven security has been identified as best-of-breed approach to tackle the policy management challenge .ObjectSecurity is acclaimed as the leading model-driven security expert and product vendor. This in-depth (in excess of 50 pages) study provides detailed information about approaches, architectures, solutions, recommendations, products, and market forecasts.

Model-Driven Security Accreditation for Agile IT Landscapes

study-mds-title-buttonAgile information assurance accreditation (e.g. Common Criteria) and agile compliance (e.g. NERC, FERC, HIPAA, PCI) have been identified as one of the main adoption challenges for agile IT architectures such as SOA . This in-depth study (>80 pages) provides detailed information about the challenge of agile accreditation, and illustrates a model-driven solution approach that automates a large part of the accreditation process for modern IT architectures. UK MoD, US DoD and many others are actively looking for agile accreditation solutions, and this deliverable helps clarify the fog.

Cloud PaaS Application Security

study-mds-title-buttonIs your organization considering moving IT and applications to the Cloud? If so, you will surely be aware that there are numerous security implications. In contrast to most Cloud security literature, this eBook focuses on the security and compliance management for applications run on Platform-as-a-Service (PaaS) Clouds and across Clouds using Cloud mash-ups. This in-depth eBook analyzes the security implications, how they relate to security issues of Service Oriented Architecture (SOA), and what methods and technologies are available to manage PaaS application security with confidence.

Attribute-Based Access Control (ABAC)

study-mds-title-buttonABAC is getting increasing attention by governments and enterprises. However, there is also a great deal of confusion about what ABAC is, why and how to adopt it, and what the main design decisions for an ABAC system are. This in-depth technical eBook introduces ABAC introduces and contrasts terminology & definitions, its history, various ABAC related initiatives and standards (e.g. XACML). It also discusses ABAC benefits and challenges in depth. A large part of the document is dedicated to which ABAC design choices have to be made, and what the implications are. The document closes with a comparison of ABAC with other access control approaches, and a current and future ABAC market assessment.

Developing Secure Distributed Systems with CORBA

corbasecbookThis book is a clearly written, well structured guide to building secure distributed applications with CORBA. It helps securing CORBA applications, integrating security infrastructure with CORBA applications, and evaluating the security effectiveness of distributed applications. You get a comprehensive study of the CORBA security architecture, providing you with a better understanding of its goals and limitations. It serves as your complete reference for understanding security in distributed systems. The book also generously illustrates the usage of the MICOSec CORBA security services implementation.

Order online at Amazon

Interested in learning more and understand how your organisation can benefit from OpenPMF. Request a free licence for the OpenPMF SAAS trial.

Learn More