Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Tuesday, August 25, 2009

Good R&D Progress in the Space of Identity (and Security) Analytics

Good progress has been made in the R&D space of Identity Analytics at HP Labs (in the broader context of Security Analytics).

Various IAM case studies have been explored, investigating how event-driven probabilistic modelling, coupled with economic studies, can be used to help decision makers to make decision on investments, identify suitable metrics & policies, better understand the impact of choices, trade-offs and risk implications.

We got a few papers accepted in international conferences, in particular at IEEE Policy 2009 Symposium, Trust Economics 2009 Workshop and IEEE MetriSec 2009 – covering various IAM aspects.

A few HP Labs Technical Reports are now publicly available:

  • HPL-2009-173 Adrian Baldwin, Marco Casassa Mont, David Pym, Simon Shiu - System Modelling for Economic Analysis of Security Investments: A Case Study in Identity and Access Management - HPL-2009-173
  • HPL-2009-142 Yolanta Beres, Marco Casassa Mont, Jonathan Griffin, Simon Shiu - Using Security Metrics Coupled with Predictive Modelling and Simulation to Assess Security Processes - HPL-2009-142
  • HPL-2009-138 Anna Squicciarini, Marco Casassa Mont, Sathya Dev Rajasekaran - Towards an Analytic Approach to Evaluate Enterprises’ Risk Exposure to Social Networks - HPL-2009-138
  • HPL-2009-57 Marco Casassa Mont, Adrian Baldwin, Simon Shiu - Identity Analytics - User provisioning Case Study: Using Modelling and Simulation for Policy Decision Support - HPL-2009-57, 2009
  • HPL-2009-56 Adrian Baldwin, Marco Casassa Mont, Simon Shiu - Using Modelling and Simulation for Policy Decision Support in Identity Management - HPL-2009-56, 2009
  • HPL-2008-84 Marco Casassa Mont, Adrian Baldwin, Simon Shiu - On Identity Analytics: Setting the Context- HPL-2008-84, 2008


I am looking for input and feedback, in particular additional case studies where to apply our approach and techniques.


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: my original HP blog can be found here ---

Posted by at 2 comments:
Labels:

Serving in the Technical Program Committee of International Conferences

This year I have been serving as a member of many Technical Program Committees, in various International (IEEE, ACM, etc.) Conferences, including: ACSAC 2009, IEEE BIDS 2009, IEEE InSpec 2009, ACM DIM 2009, IEEE ICSC 2009, TrustBus 2009 and ICIMP 2009.

I found this experience very rewarding. Despite the need to allocate some amount of time for peer reviewing papers, this really provides good overviews of the state-of-art of research (and applied research) in the field of interest – in my case security, identity management and privacy.

I would encourage the members of this community in having a similar role, especially the one interested in R&D and research.


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: my original HP blog can be found here ---
Posted by at No comments:
Labels:

Call for Actions: W3C Policy Languages Interest Group (PLING)

We are looking for active contributions in the context of the W3C PLING Interest Group, in the space of: use cases, policy language reviews, policy initiatives and open issues.

Of particular interest are any input related to the implication of using policies and policy management in the space of cloud computing.

The charter of W3C PLING ha now been extended to December 2009. We are looking for your input and contributions.

The next general phone meeting (open to everybody) is planned to happen on 09 September 2009, 12:00 AM (UTC)


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: my original HP blog can be found here ---
Posted by at No comments:
Labels:

Good progress in the TSB EnCoRe Project – Ensuring Consent and Revocation

The TSB EnCoRe project (Ensuring Consent and Revocation) is making good progress towards his various objectives, involving the provision and management of consent and revocation.

This topic has been tackled from various perspectives including: legal and social aspects, user requirements, architectural and technological aspects, risk assessment and compliance.

More information is available on the EnCoRe web site, including a brief summary of the project’s fourth quarter activities.


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: my original HP blog can be found here ---
Posted by at No comments:
Labels:

New HP Labs Technical Report – “Secure Delivery of Services: The HP Labs Vision and Framework”

A new HP Labs Technical Report has been released, in the area of Security management, called “Secure Delivery of Services: The HP Labs Vision and Framework” by Marco Casassa Mont and Patrick Goldsack:

“The secure delivery and management of services and information is complex and subject to a multitude of factors and issues. Key challenges are posed by current trends towards outsourcing of services/decentralization, loss of control over the IT infrastructure, remote access to services by citizens and civil servants, an increasingly mobile workforce along with mutable threat environments and new risks posed by new devices and ways to store, process and transport information. Traditional approaches to security and related controls (e.g. Vulnerability Management, Identity and Access Management, Data Protection, etc.) need to be reassessed and adapted to cope with this ever changing IT environment. To ensure secure delivery, IT consultants, government planners, decision makers and IT Operations teams need to have a holistic approach to security and understand the implications and impact of these aspects. At HP Labs we are developing a vision and framework for the secure delivery of services and related information, based on an integrated approach underpinned by four core capabilities and technologies developed in HP Laboratories: Security Analytics to model policy and reason about the security and other risks; Secure IT Configuration and Deployment to act as the automated engine of policy implementation; Trusted Infrastructure which is the basic building block for the secure delivery of services; and finally Continuous Compliance and Monitoring which ensures that the systems behave as intended in the policy description.”


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: my original HP blog can be found here ---
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)