Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Monday, May 30, 2011

Focusing on the Cloud and the Intersection of Cloud with Security

An area I am interested in spending more R&D time is the Cloud and the intersection of the Cloud with Security.

In particular I am interested exploring and contributing in the space of “Cloud middleware”. Some initial questions:

Which “middleware” services can be provided in the cloud to support various Cloud applications and services?
Which identity maangemet, security and privacy capabilities need to be in place?
How ensure accountability and assurance?
How to exploit recent Identity and Security Analytics capabilities, developed by HP Labs, in that space

I am currently gathering various information and documents in this space, related to business opportunities, current solution offering and technological approaches.

Any input and links to publicly available information are really welcome.

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

EnCoRe Project: Architecture Version 2 released

The second EnCoRe Architecture, D2.2, has been officially released and it is available online.

This architectural document updates and refines the first Architecture about the explicit management of Privacy, Consent and Revocation by introducing – among many things - refined internal and external workflow management capabilities, the explicit management of obligation policies and the support for sticky policies.


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Various papers accepted at International Conferences

I successfully managed to get, along with colleagues of mine, a few papers accepted at various international conferences – including WEIS 2011, STAVE 2011 and eChallenges 2011 focusing on aspects of Security Economics, Security and Privacy:

Simon Shiu, Adrian Baldwin, Yolanta Beres, Marco Casassa Mont, Geoff Duggan - Economic Methods and Decision Making by Security Professionals, WEIS 2011, George Mason University, 14-15 June 2011, US
Siani Pearson, Marco Casassa Mont and Gina Kounga, “Enhancing Accountability in the Cloud via Sticky Policies”, STAVE, Springer, June 2011.
Nick Papanikalaou, Siani Pearson and Marco Casassa Mont, “Towards Natural-Language Understanding and Automated Enforcement of Privacy Rules and Regulations in the Cloud: Survey and Bibliography”, STAVE, Springer, June 2011.
Nick Papanikolaou, Siani Pearson, Marco Casassa Mont and Ryan Ko, “Towards Greater Accountability in Cloud Computing through Natural-Language Analysis and Automated Policy Enforcement”, Proc. eChallenges, 2011.

Hopefully good debates and discussions will follow the presentations of these papers.

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Presentation - Centre for Cybercrime and Computer Security Conference 2011

I was invited to attend and present at the Centre for Cybercrime and Computer Security Conference 2011, Newcastle, UK, as an HP Labs representative.

My presentation, on "Risk Exposure to Social Networks in Enterprises", is now available online.

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---