OpenPMF Projects
The following list contains only a few of ObjectSecurity’s OpenPMF projects, including subcontracts. If you’re looking for specific information on these projects, we encourage you to request further details directly from us.
April 28, 2011 – ObjectSecurity has been awarded a contract by the UK Technology Strategy Board (TSB) to conduct a feasibility analysis under the Feasibility Studies for Digital Services program. The project will explore gaps and solutions for ObjectSecurity’s OpenPMF™ to automate security policies for cloud applications as a service, addressing cloud security—the top barrier to cloud adoption. The study will analyze cloud-specific security challenges, identify gaps in standards and technology, and propose solutions for security and compliance policy automation, aiming for rapid commercialization. OpenPMF™ automates application security management, especially valuable for agile, interconnected environments like SOA and cloud platforms. It translates security and compliance requirements into consistent, low-cost technical policies, allowing proactive control, auditing, and continuous application-layer security monitoring. OpenPMF follows five steps—configure, generate, enforce, audit, and update—and supports the entire application development lifecycle, from policy abstraction to verification.
April 30, 2010 – ObjectSecurity and Promia, Inc. successfully completed a critical phase for the US Navy under Promia’s Raven™ engineering and support program, delivering an advanced security architecture that emphasizes XML information assurance across Navy networks. ObjectSecurity’s OpenPMF™ policy management was seamlessly integrated with Promia Raven™ XML exchange and scalable Authorization-Based Access Control (ZBAC), enhancing Navy network protection. Dr. Ulrich Lang, CEO of ObjectSecurity, called the successful integration of OpenPMF with Raven a significant milestone in high-assurance SOA and Cloud security, while Promia’s CEO, John Mullen, praised the collaboration with ObjectSecurity, NuParadigm, and HP Labs for effectively advancing Navy objectives. Utilizing Promia Raven/Blocker/Notebook, ObjectSecurity OpenPMF, and HP Labs ZBAC, the team expanded security services with minimal system impact. The project provided the Navy with a comprehensive Information Assurance (IA) platform, supporting the secure operation of Navy SOA and Cloud applications and delivering enhanced cyber situational awareness. Key achievements include the establishment of a robust trust architecture, effective policy enforcement tools, lifecycle training, and dynamic IA management. Technical deliverables included a secure development environment, a trusted runtime platform with full-stack protection, and a global policy management system. This initiative has been essential for the Navy’s SOA and Cloud adoption, enabling agile change, rapid certification, and flexible policy management.
April 12, 2010 – ObjectSecurity and Promia, Inc. completed a key project milestone for the US Navy under the Promia Raven™ engineering and support contract. This milestone is part of a planned development project to deliver an Information Assurance (IA) platform that supports secure, reliable operations for government, commercial, and military systems, particularly enhancing Navy SOA and Cloud application defense and situational awareness. The project focuses on establishing a high-performance trust architecture, combining lifecycle training and proactive IA to handle the agile changes, rapid certification, and policy flexibility needed for interconnected SOA & Cloud applications. The recently completed milestone involved designing a next-generation full-stack security architecture with XML information assurance and advanced policy management for real-time monitoring, reporting, configuration, and automated accreditation. Dr. Ulrich Lang, CEO of ObjectSecurity, emphasized the innovative approach used to achieve high assurance through automated policy management and hardened hardware, while Promia’s CEO John Mullen highlighted the collaborative expertise from ObjectSecurity, NuParadigm, and HP Labs in advancing Navy security objectives. Future phases will further develop this technology, leveraging existing tools like Promia Raven, ObjectSecurity OpenPMF, and ZBAC for extended security at minimal impact.
February 18, 2010 – ObjectSecurity and Promia, Inc. were tasked a project milestone by US Navy to design a vision blueprint and XML information assurance features for the US Navy SOA information assurance features. As part of the ongoing and proposed future work, Promia and ObjectSecurity will jointly develop a next-generation full-stack, high-assurance security intrusion detection and enforcement product, using their respective products ObjectSecurity OpenPMF and Promia Raven. This project is particularly relevant for Department of Defense (DoD) adoption of Service Oriented Architecture (SOA), private Cloud applications, and virtualization technologies. ObjectSecurity and Promia already formed a strategic partnership in 2007. The agreement makes market access for ObjectSecurity in the US and for Promia in Europe easier. Dr. Ulrich Lang, CEO and co-founder of ObjectSecurity commented: “We are extremely excited to be part of this ground-breaking project, which has the potential to revolutionize security and compliance across the full technology stack for SOA and Cloud applications. This is a highly innovative combination of security and compliance policy management and enforcement capabilities, intrusion detection / monitoring / reporting capabilities, a hardened hardware appliance, and application security for SOA and Cloud”. John Mullen, CEO and co-founder of Promia added:” This project moves our product strategy forward together with ObjectSecurity, Nuparadigm, and HP Labs technology (ZBAC)”.
July 9, 2009 – ObjectSecurity completed a U.S. Air Force Research Laboratories (AFRL) SBIR phase 1 project, “Proactive Determination of Networked Node Vulnerability,” in partnership with Real-Time Innovations (RTI). The project addresses the need to proactively identify network security weaknesses before and during intrusions, aligned with the DoD’s Global Information Grid (GIG) network goals. The project automates vulnerability scanning of network nodes and DDS-based applications, analyzes vulnerability impacts, and shares findings across network nodes for timely responses. RTI integrated ObjectSecurity’s OpenPMF 2.0 for its policy-driven incident monitoring for DDS. OpenPMF, previously used in a Navy project, provides application policy enforcement and enables automatic generation of detailed security rules for middleware platforms. OpenPMF extends network intrusion detection to the application layer, displaying incidents in its GUI and exporting alerts into the DDS shared space or to Promia Raven. This integrated approach merges network and application-level intrusion prevention, supporting agile, complex IT environments.
February 16, 2009 – ObjectSecurity was awarded a UK Ministry of Defence (MoD) contract to carry out research related to agile Service Oriented Architecture (SOA) accreditation. The project was awarded by MoD’s Centre for Defence Enterprise (CDE) and is managed by MoD’s Defence Technology and Innovation Centre (DTIC). The contract award underscores ObjectSecurity’s innovative defence / civilian “dual use” capabilities in the areas model-driven security and secure integration (e.g. SOA), which have previously been demonstrated in projects with the US Naval Research Lab, with RTI for the US Navy & US Air Force, and with ESG for the German Bundeswehr. Lack of “agile SOA accreditation” methods and tools have been identified by leading trade bodies (e.g. by ISSA, Cyber Security KTN, Security Network) as one of the top two concerns related to SOA and security. The other top concern, the lack of manageable SOA security policy management tools, is already tackled by ObjectSecurity’s OpenPMF product & solution. It is anticipated that the results of this project will be commercially available as part of future OpenPMF releases, and that they will be “dual use”.
September 22, 2008 – ObjectSecurity signed a contract with Promia, Inc. to jointly develop a next-generation IT security intrusion detection and enforcement product, combining ObjectSecurity’s OpenPMF 2.0 with Promia’s Raven system. This integrated demonstrator, scheduled for presentation to the US Navy in 2009, supports the Department of Defense’s (DoD) move towards Service-Oriented Architecture (SOA). The partnership, initially established in early 2007 with a reseller agreement to facilitate market access in the U.S. and Europe, aims to integrate Promia’s network appliances with ObjectSecurity’s policy enforcement points (PEPs). The joint product will feature a central graphical manager, merging ObjectSecurity’s model-driven security manager with Promia’s intrusion detection and remote asset monitoring capabilities. This collaboration will deliver intuitive, business-driven policy management, robust enforcement, and precise anomaly detection, reducing false positives for mission-critical sectors. Dr. Ulrich Lang, CEO of ObjectSecurity, described the project as potentially revolutionary for security policy management and SOA security. Promia’s CEO, John Mullen, emphasized the agreement’s role in expanding Promia’s information assurance offerings.
June 19, 2008 – ObjectSecurity was awarded a £50,000 (US$100,000 in 2008) consulting contract by the UK Cyber Security Knowledge Transfer Network (KTN), which is funded by the UK government’s Technology Strategy Board. The project involves a Service Oriented Architecture (SOA) security concerns analysis report with input from the KTN and the wider community. Several workshops are held in London to facilitate a dialogue, and a website with collaboration tools was made available (now retired). Dr. Ulrich Lang, CEO and co-founder of ObjectSecurity says “We are excited to work on this project. The open nature of the project allows us to bring all involved stakeholders together and facilitate a discussion about how to move SOA security forward.” “’We are delighted to be working with ObjectSecurity. This is a complex topic on which there is plethora of views. We are looking forward to being able to circulate a useful and exploitable white paper which will get to the core of the problem. We expect the at the output will incorporate the expertise of a wide and diverse stakeholder group.”, Nigel Jones and Ralph James from the Cyber Security KTN say.
April 1, 2008 – ObjectSecurity, a leader in Model-Driven Security Management, received a £30,000 grant from the East of England Development Agency’s (EEDA) Proof of Concept fund, designed to help entrepreneurs define markets for innovative concepts. ObjectSecurity has engaged Gartner, an IT research and advisory company, for a year-long project to provide strategic market insights for its OpenPMF 2.0 technology. ObjectSecurity’s OpenPMF 2.0, noted on Gartner’s 2007 “Hype Cycle for Information Security” for model-driven security, is the first fully developed technology of its kind, facilitating low-maintenance, model-driven security policy management for agile SOAs. Administrators can manage security policies as intuitive models, enabling flexible, automated enforcement across IT environments and detecting breaches. Ed Bowie, EEDA’s finance manager, expressed enthusiasm, stating the fund supports innovative projects like OpenPMF 2.0 to help find successful market routes.
July 14, 2006 – ObjectSecurity delivered an air traffic control proof-of-concept to the U.S. Naval Research Laboratory (NRL), demonstrating a robust integration with NRL’s survivable SINS middleware for mission-critical deployments in defense and civilian sectors. This demo, featuring simulated plane transponder, radar, and collision detection data, highlights SINS’ ability to maintain a global shared state across distributed systems, ensuring minimum safety distances between aircraft. The project proves SINS as a viable platform for developing and integrating applications in tactical defense and critical civilian infrastructure, with unique features like system-wide safety and survivability, allowing applications to recover from node loss—essential for net-centric defense. The deliverable also includes a feature analysis and a roadmap for SINS’ certification and market readiness. ObjectSecurity proposes integrating SINS with model-driven engineering tools (like SecureMiddleware MDA) to simplify secure, survivable distributed application development and a centralized policy management system (similar to OpenPMF) to streamline security, safety, and QoS policies. This approach enables automatic policy generation from application models, reducing management complexity and risk. Dr. Ramesh Bharadwaj from NRL plans to continue collaborating with ObjectSecurity as part of SINS’ commercialization strategy.