Today, I eventually gave my Keynote speech at IEEE i-Society 2010.
The title was: “On the Future of Information Society: Emerging Trends, Security Threats and Opportunities”.
After discussing a few emerging trends, I presented work done at HP Labs which focused on exploring the Cybercrime ecosystem. This has been followed by an overview of HPL leading-edge R&D activities in the space of Trusted Infrastructure, Security Analytics and Privacy Management.
The speech went very well. Good audience, interesting questions and a few leads for future collaborations.
I have been asked by many people to share my presentation. It is now available online, here.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
Wednesday, June 30, 2010
Looking for Case studies and information about (Security) Compliance Management Processes with Organisations
In the context of the HP Labs Security and Identity Analytics projects, I am interested in exploring how to use modelling and simulations to support decision makers in making strategic decisions on compliance management, within their organisations.
What are the best investments that could be made in a specific organisational context, based on the compliance needs and issues to be addressed? What are the suitable trade-offs? How to best complement this analysis with traditional risk management approaches?
In order to make progress, I am looking for case studies and/or information about processes and steps carried out within organisations to deal with compliance management and related aspects.
Any input is really welcome.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
What are the best investments that could be made in a specific organisational context, based on the compliance needs and issues to be addressed? What are the suitable trade-offs? How to best complement this analysis with traditional risk management approaches?
In order to make progress, I am looking for case studies and/or information about processes and steps carried out within organisations to deal with compliance management and related aspects.
Any input is really welcome.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
EnCoRe Project: Press Event and Follow-up Panel of Expert
Yesterday (29 June 2010) there has been a Press Event at London School of Economics related to the collaborative EnCoRe project (Ensuring Consent and Revocation): our approach, current results (technology and prototype) and philosophy have been illustrated and debated.
This event has then been followed by a panel of experts whom provided their view on privacy and the management of consent and revocation.
I must say that the news coverage is very good! Some news highlights are already available here, here and here.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
This event has then been followed by a panel of experts whom provided their view on privacy and the management of consent and revocation.
I must say that the news coverage is very good! Some news highlights are already available here, here and here.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
Sunday, June 20, 2010
Is Federated Identity Management Dead (at least for Consumers)?
I am really wondering if, beyond the hype, federated identity management is actually happening – from the end-user/consumer side?
No doubt that federation and SSO solutions are more and more adopted by organisations – primarily driven by the need to cut costs.
But what about the adoption of federated identity management by web service providers, for services accessed by end-users/consumers?
I just read this article, written in 2008, called “Facing the pain of passwords”? Has anything improved? I do not think so …
My personal experience is that more and more accounts (and passwords) need to be created to access ***valuable services*** on the web (from web browsers and/or mobile applications).
Interestingly, this is contrast with the concept of “Personal Cloud” – as, for example, described in this article …
Is there any up-to-date statistic describing the adoption rate of federation for this kind of services? What is the actual impact of federation to easy the pain?
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
No doubt that federation and SSO solutions are more and more adopted by organisations – primarily driven by the need to cut costs.
But what about the adoption of federated identity management by web service providers, for services accessed by end-users/consumers?
I just read this article, written in 2008, called “Facing the pain of passwords”? Has anything improved? I do not think so …
My personal experience is that more and more accounts (and passwords) need to be created to access ***valuable services*** on the web (from web browsers and/or mobile applications).
Interestingly, this is contrast with the concept of “Personal Cloud” – as, for example, described in this article …
Is there any up-to-date statistic describing the adoption rate of federation for this kind of services? What is the actual impact of federation to easy the pain?
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
Consumerisation of the (IT) Enterprise and the Future Role of CIOs/CISOs
I have been reading a few interesting articles about the consumerisation of the (IT) enterprise (including here and here). Basically this trend is driven by employees using more and more their personal devices, possibly along with services in the cloud, to carry out their work activities.
This is indeed already happening in a few countries and for SMEs, where cost cutting, little bureaucracy and effectiveness are key driving aspects. However, it looks like that this trend is becoming also important for medium-large organisations.
Inevitably this has some cons: lack of control, potentially confidential data and information disseminated all over the places, data losses, lack of enforcement of basic security policies on devices, increased reliance on third parties and their (security and privacy) practices, etc.
Last but not least, this has profound implications for the roles of CIOs and CISOs: they will increasingly lose control on the enterprise’s IT infrastructure (or whatever will remain of it …) and the way they mandate policies.
I wonder if any study is available providing an analysis of the longer terms transformation of the enterprise and the role of CIOs/CISOs. I am looking for: so far I have not yet found anything too much relevant …
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
This is indeed already happening in a few countries and for SMEs, where cost cutting, little bureaucracy and effectiveness are key driving aspects. However, it looks like that this trend is becoming also important for medium-large organisations.
Inevitably this has some cons: lack of control, potentially confidential data and information disseminated all over the places, data losses, lack of enforcement of basic security policies on devices, increased reliance on third parties and their (security and privacy) practices, etc.
Last but not least, this has profound implications for the roles of CIOs and CISOs: they will increasingly lose control on the enterprise’s IT infrastructure (or whatever will remain of it …) and the way they mandate policies.
I wonder if any study is available providing an analysis of the longer terms transformation of the enterprise and the role of CIOs/CISOs. I am looking for: so far I have not yet found anything too much relevant …
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
ACM Digital Identity Management (DIM) 2010 – Submission Deadline: June, 28th
Please consider submitting to the Sixth ACM Workshop on Digital Identity Management October 8, 2010, Chicago, IL, USA. Collocated with ACM CCS 2010
http://www2.pflab.ecl.ntt.co.jp/dim2010
http://www.sigsac.org/ccs/CCS2010/
Important dates
* Paper submissions due : June 28, 2010
* Notification to the authors : August 6, 2010
* Camera ready papers due : August 16, 2010 (Firm deadline)
* DIM Workshop : October 8, 2010 (CCS Conference : October 4 – 10, 2010)
The Digital Identity Management Workshop brings together academia and industry to explore all aspects of identity management.
Identity management is an endeavor to make identities available to humans, services, and systems in a secure and privacy-protecting manner. Currently we are facing grand challenges, such as financial and ecological crises, which require global collaboration.
Best exemplified in the cloud computing and smart grid movement, ICT-enabled infrastructures are playing a crucial role in facilitating global collaboration for economic and ecological advancement.
Such infrastructures must incorporate identity management capabilities that allow individuals and organizations to identify and trust each other over networks in a scalable and reliable manner, while striking the best balance between usability, security, and privacy.
The goal of this workshop is to share new findings and ideas, discover key issues, and seek opportunities for active collaboration between industry and academia.
The workshop seeks submissions from diverse communities, such as open source projects, standardization fora, government organizations, security and privacy experts, software engineers, and corporate & academic researchers. Topics of interest include, but are not limited to:
* Identity management for cloud computing
* Identity management for critical infrastructure (e.g., smart grid)
* Identity assurance
* Identity governance
* Attribute aggregation
* Identity in service-oriented architecture (SOA)
* Anonymity and pseudonymity
* Accountability in identity management
* Identity management APIs
* Identity management in ubiquitous and mobile computing
* Reputation and incentive systems, and reputation management
* Privacy-enhanced identity management
* Identity solutions for specific areas
(e.g., healthcare, government, education, and telecommunications)
* Identity-based access control
* Identity discovery
* Identity theft prevention
* User-centric identity management
* User experience models and integrity
* Standardization of IDM and policies thereof, standards harmonization
* Case studies and lessons from large scale deployment
* Vulnerabilities, threat analysis and risk assessment of IDM solutions (e.g., threat of malware affecting identity theft)
* Analysis of differences between requirements for consumer and enterprise IDM
________________________
Submission Instructions
Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings.
Papers should be at most 10 pages, using at least 10.5-point font and reasonable margins on A4 or US letter-size paper (8.5 inch x 11 inch).
Committee members are not required to read the appendices, and so submissions should be intelligible without them. Each submission should start with the title, abstract, and names and contact information of authors. The introduction should give background and summarize the contributions of the paper at a level appropriate for a non-specialist reader. Authors of accepted papers must guarantee that their paper will be presented at the workshop.
_______________________
=== Organizing Committee ===
Co-chairs
* Thomas Groß, IBM Research, Switzerland
* Kenji Takahashi, NTT, Japan
________________________
=== Program Committee ===
* Gail-Joon Ahn, Arizona State University, USA
* Abhilasha Bhargav-Spantzel, Intel, USA
* Hu Bin, Huawei Technologies, USA
* Federica Paci, University of Trento, Italy
* Jan Camenisch, IBM Research, Switzerland
* Marco Casassa Mont, HP Labs, UK
* David Chadwick, University of Kent, UK
* Chihung Chi, Tsinghua University, China
* Hidehito Gomi, Yahoo! Japan Research, Japan
* Weili Han, Fudan University, China
* Seung-Hyun Kim, ETRI, Korea
* Brian LaMacchia, Microsoft, USA
* Hyung-Jin Lim, Financial Security Agency, Korea
* Howard Lipson, CERT, USA
* Paul Madsen, NTT, Canada
* Eve Maler, PayPal, USA
* Piotr Pacyna, AGH Univ. of Science and Technology, Poland
* Andreas Pfitzmann, Dresden Univ. of Technology, Germany
* Rakesh Radhakrishnan, Sun Microsystems, USA
* Amardeo Sarma, NEC Laboratories Europe, Germany
* Jörg Schwenk, Ruhr-University Bochum, Germany
* Diana Smetters, PARC, USA
* Anna C. Squicciarini, Pennsylvania State Univ., USA
* Tsuyoshi Takagi, Future University - Hakodate, Japan
* Peter Weik, Fraunhofer FOKUS, Germany
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
http://www2.pflab.ecl.ntt.co.jp/dim2010
http://www.sigsac.org/ccs/CCS2010/
Important dates
* Paper submissions due : June 28, 2010
* Notification to the authors : August 6, 2010
* Camera ready papers due : August 16, 2010 (Firm deadline)
* DIM Workshop : October 8, 2010 (CCS Conference : October 4 – 10, 2010)
The Digital Identity Management Workshop brings together academia and industry to explore all aspects of identity management.
Identity management is an endeavor to make identities available to humans, services, and systems in a secure and privacy-protecting manner. Currently we are facing grand challenges, such as financial and ecological crises, which require global collaboration.
Best exemplified in the cloud computing and smart grid movement, ICT-enabled infrastructures are playing a crucial role in facilitating global collaboration for economic and ecological advancement.
Such infrastructures must incorporate identity management capabilities that allow individuals and organizations to identify and trust each other over networks in a scalable and reliable manner, while striking the best balance between usability, security, and privacy.
The goal of this workshop is to share new findings and ideas, discover key issues, and seek opportunities for active collaboration between industry and academia.
The workshop seeks submissions from diverse communities, such as open source projects, standardization fora, government organizations, security and privacy experts, software engineers, and corporate & academic researchers. Topics of interest include, but are not limited to:
* Identity management for cloud computing
* Identity management for critical infrastructure (e.g., smart grid)
* Identity assurance
* Identity governance
* Attribute aggregation
* Identity in service-oriented architecture (SOA)
* Anonymity and pseudonymity
* Accountability in identity management
* Identity management APIs
* Identity management in ubiquitous and mobile computing
* Reputation and incentive systems, and reputation management
* Privacy-enhanced identity management
* Identity solutions for specific areas
(e.g., healthcare, government, education, and telecommunications)
* Identity-based access control
* Identity discovery
* Identity theft prevention
* User-centric identity management
* User experience models and integrity
* Standardization of IDM and policies thereof, standards harmonization
* Case studies and lessons from large scale deployment
* Vulnerabilities, threat analysis and risk assessment of IDM solutions (e.g., threat of malware affecting identity theft)
* Analysis of differences between requirements for consumer and enterprise IDM
________________________
Submission Instructions
Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings.
Papers should be at most 10 pages, using at least 10.5-point font and reasonable margins on A4 or US letter-size paper (8.5 inch x 11 inch).
Committee members are not required to read the appendices, and so submissions should be intelligible without them. Each submission should start with the title, abstract, and names and contact information of authors. The introduction should give background and summarize the contributions of the paper at a level appropriate for a non-specialist reader. Authors of accepted papers must guarantee that their paper will be presented at the workshop.
_______________________
=== Organizing Committee ===
Co-chairs
* Thomas Groß, IBM Research, Switzerland
* Kenji Takahashi, NTT, Japan
________________________
=== Program Committee ===
* Gail-Joon Ahn, Arizona State University, USA
* Abhilasha Bhargav-Spantzel, Intel, USA
* Hu Bin, Huawei Technologies, USA
* Federica Paci, University of Trento, Italy
* Jan Camenisch, IBM Research, Switzerland
* Marco Casassa Mont, HP Labs, UK
* David Chadwick, University of Kent, UK
* Chihung Chi, Tsinghua University, China
* Hidehito Gomi, Yahoo! Japan Research, Japan
* Weili Han, Fudan University, China
* Seung-Hyun Kim, ETRI, Korea
* Brian LaMacchia, Microsoft, USA
* Hyung-Jin Lim, Financial Security Agency, Korea
* Howard Lipson, CERT, USA
* Paul Madsen, NTT, Canada
* Eve Maler, PayPal, USA
* Piotr Pacyna, AGH Univ. of Science and Technology, Poland
* Andreas Pfitzmann, Dresden Univ. of Technology, Germany
* Rakesh Radhakrishnan, Sun Microsystems, USA
* Amardeo Sarma, NEC Laboratories Europe, Germany
* Jörg Schwenk, Ruhr-University Bochum, Germany
* Diana Smetters, PARC, USA
* Anna C. Squicciarini, Pennsylvania State Univ., USA
* Tsuyoshi Takagi, Future University - Hakodate, Japan
* Peter Weik, Fraunhofer FOKUS, Germany
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
Monday, June 7, 2010
Permanent Job Req: Permanent position in HP Labs, Systems Security Lab (Bristol UK or Princeton US).
Researcher in Information Security
We are seeking a high calibre individual to join the Systems Security Lab within HP Labs. A successful candidate would be expected to reside either in Bristol or Princeton.
To apply visit http://www8.hp.com/uk/en/jobsathp/index.html and search for job number 416389
Job Description
The successful applicant will join the Systems Security Lab (SSL) within HP Labs, which has expertise in a wide range of disciplines relevant to information security. SSL performs high impact research of significance to HP business. Increasing complexity, an evolving threat environment and cost pressures are making security ever more challenging. To address this, the Lab is innovating to automate security management in large infrastructures and we continue research in security analytics, trusted infrastructure and privacy.
Most of our research is done in large collaborative groups, and individuals are expected to be comfortable working with customers, business units, academia, industrial partners and government agencies.
Applicants should have experience of and track record in academic or industrial research in information security.
Desirable Qualifications
We are seeking a high calibre individual to join the Systems Security Lab within HP Labs. A successful candidate would be expected to reside either in Bristol or Princeton.
To apply visit http://www8.hp.com/uk/en/jobsathp/index.html and search for job number 416389
Job Description
The successful applicant will join the Systems Security Lab (SSL) within HP Labs, which has expertise in a wide range of disciplines relevant to information security. SSL performs high impact research of significance to HP business. Increasing complexity, an evolving threat environment and cost pressures are making security ever more challenging. To address this, the Lab is innovating to automate security management in large infrastructures and we continue research in security analytics, trusted infrastructure and privacy.
Most of our research is done in large collaborative groups, and individuals are expected to be comfortable working with customers, business units, academia, industrial partners and government agencies.
Applicants should have experience of and track record in academic or industrial research in information security.
Desirable Qualifications
- A PhD in a discipline relevant to information security.
- Experience of security management in large organisations.
- Deep knowledge of at least one area of significance to security management, e.g. network security, economics of security, systems architecture, trusted computing, operating system security, security policy, privacy, security of distributed systems, security modelling, information security, threats.
- Strong communication skills.
HP Labs, Bristol
HP Labs (www.hpl.hp.com) is the exploratory and advanced research group for Hewlett-Packard, tackling complex challenges facing HP’s customers and society, while pushing the frontiers of fundamental science. HP Labs Bristol is HP's second-largest central research laboratory and is among the premier corporate research labs in Europe.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
Subscribe to:
Posts (Atom)