ObjectSecurity

ObjectSecurity
Private
Industry Information Security
Founded UK (2000 (2000))
Founder Ulrich Lang, Rudolf Schreiner
Headquarters Cambridge, United Kingdom
Area served
Worldwide
Key people
Ulrich Lang (CEO)
Rudolf Schreiner (CTO)
Karel Gardas (Chief Software Engineer)[1]

ObjectSecurity is a British American Information Security company focusing on model-driven security, access control, and middleware security. The company pioneered the development of model-driven security.[2] It was mostly a scientific concept prior to company's developments. The company is best known for their OpenPMF (Open Policy Management Framework) model-driven security product,[3] for which the company received a "Cool Vendor" award by Gartner in 2008.[4]

History

In 2000, ObjectSecurity was founded by German information security experts, Ulrich Lang and Rudolf Schreiner.[5] At that time, Lang was a researcher at University of Cambridge Computer Laboratory, working on "Access Policies for Middleware", and both were working as independent information security consultants.[6]

Initially, ObjectSecurity was mainly working on customer projects around middleware security, esp. CORBA. ObjectSecurity soon realized that one major middleware security challenge was that it was not feasible to author and maintain security configurations for interconnected, distributed application environments. In an attempt to solve the challenges, the team built a full OMG CORBA Security SL3 & SSLIOP open source implementation based on MICO CORBA.[7]

To solve various challenges around implementing secure distributed systems, ObjectSecurity released OpenPMF version 1,[8] at that time one of the first Attribute Based Access Control (ABAC) products in the market. It allowed the central authoring of access rules, and the automatic enforcement across all middleware nodes using local decision/enforcement points. During several EU funded research projects, ObjectSecurity soon realized that a central ABAC approach alone was still not a manageable way to implement security policies.[9][10]

ObjectSecurity releases OpenPMF version 2, which is based on a concept called model-driven security which allows the intuitive, business-centric specification of security requirements and the automatic generation of enforceable securities policies.[2][11] OpenPMF v2 was designed to bridge the semantic gap between the policies users manage, and the policies technically implemented. At that time, model-driven security was tied together with a model-driven development process for applications, esp. for agile service oriented architecture (SOA).[11]

After years of publishing and presenting the scientific and technical approach, several analyst firms, incl. Gartner took note of the scientific approach.[12] Several other awards and recognition followed.[13][14] OpenPMF version 3 was released in 2010, supporting advanced policies, Eclipse, cloud, BPMN,[15] SOA, XACML, pub-sub/DDS, and numerous additional enforcement points.[16] ObjectSecurity also extended their model-driven security approach to include automatic compliance/accreditation analysis and evidence generation[17]

In 2009, ObjectSecurity expanded their business to California, United States to be closer to US based customers.[18]

In recent years, ObjectSecurity has extended OpenPMF to support automatic system detection with partner Promia, Inc.,[19]) allowing the use of model-driven security without the need for a model-driven development. OpenPMF's support for advanced access control models including proximity-based access control, PBAC was also further extended.[20])

References

  1. "Company Overview of ObjectSecurity Ltd.". Bloomberg.com. Retrieved 13 November 2015.
  2. 1 2 "Atif Memon (editor). Advances in Computers Volume 93. Academic Press (Elseviwer), 2014, ISBN 978-0-12-800162-2, page 113".
  3. "OpenPMF Website".
  4. "Cool Vendors in Application Security and Authentication, 2008".
  5. "ObjectSecurity Team Website".
  6. "Dr. Lang, Access Policies for Middleware, PhD Thesis" (PDF).
  7. "Ulrich Lang, Rudolf Schreiner. Developing Secure Distributed Systems with CORBA. Artech House Publisher, 2002, ISBN 1-58053-295-0".
  8. "Gerald Lorang. New Coach platform improves development of distributed applications. Primeur Magazine, 2004".
  9. "AD4EU FP6 Project Website".
  10. "COACH project flyer" (PDF).
  11. 1 2 "The newsletter of LTN's Information & Communications Technologies Special Interest Group 2008, p.4 (PDF hosted by ObjectSecurity, LTN is not operating anymore )" (PDF).
  12. "ObjectSecurity Publications Website".
  13. "TeleTrusT Awards" (PDF).
  14. "University of Cambridge Computer Lab Ring Awards".
  15. "Best of Open Source Software Awards 2009 (mentions the OpenPMF 2.0 integration into the open source Intalio BPMS".
  16. "ObjectSecurity OpenPMF v3 Release" (PDF).
  17. "Rudolf Schreiner and Ulrich Lang, "Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes", WISG Conference Proceedings 2009".
  18. "ObjectSecurity in Palo Alto aims to make security automatic, Silicon Valley Business Journal, 2009".
  19. "ObjectSecurity Publications Website" (PDF).
  20. "Proximity Based Access Control SBIR Award Notice, 2013".
This article is issued from Wikipedia - version of the 10/10/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.