Marco Casassa Mont - Web Page - HP Labs

Marco Casassa Mont at HP Labs
Senior Researcher
Cloud & Security Lab
Bristol, UK

Biography

I am a Principal Research Scientist at the Hewlett Packard Laboratories in Bristol, UK - Cloud & Security Lab (CSL). This web page contains public information about my R&D work, inventions, publications,  technical reports and professional activity. Additional information is available about my biography (CV) and education.

My  expertise and current R&D interests are in the following areas:  

  • Security and Security Analytics
  • Big Data for Security
  • Information Management
  • Cloud Computing
  • Situational Awareness, Event Management, SIEM Technologies and Solutions
  • Identity and Access Management (IAM) Technologies and Solutions
  • Risk Management, IT & Data Governance and Compliance
  • Trust, Security and Privacy Technologies  for People, Enterprises and Web environments
  • Web Services and Internet technologies
  • Adaptive Systems, Automation and Policy Management
  • Privacy and Privacy Management

During my 18 years at HP Labs, I have been the lead in a variety of R&D programs including collaborations with and technology transfers to HP business units and international projects (in the security, identity management and privacy areas), such as the EU F6 PRIME project (Privacy and Identity Management for Europe) and UK TSB EnCoRe project (Ensuring Consent and Revocation). I have also been the UK TSB EnCoRe Privacy project Coordinator and the technical lead of its Work Package 2, in charge of defining and delivering the EnCoRe Technical Architecture.

I am a HPL technical lead in the areas of: Security; Big Data for Security; Security Analytics; IAM; Privacy; Policy Management; Cloud Management; Privacy.

I currently work in the Big Data for Security (BD4S) project: leveraging Big Data in the security realm to identify new threats and attacks. Recent deliverables include R&D work in the space of: Safe Cloud (Cloud Computing; Safe and Controlled Information Sharing; Situational Awareness for next-generation disaggregated IT scenarios); Security Intelligence-as-a Service (SILAS); Situational Awareness for companies operating in the Cloud. These R&D activities are carried out jointly with HP business groups. 

I am collaborating with various HP SW businesses for the delivery of  innovative security solutions, that leverage HP SW products and solution portfolio. I  am collaborating with HP Enterprise Security Solutions and contributing to their  Security Innovation offerings, in particular in providing risk assessment and strategic decision support capabilities in the Security, Incident Management and IAM areas.

I am active on the publication and patenting front. I am part of various (IEEE, ACM, etc.) conference Program Committees. I am a Senior Member of IEEE. I am also an IISP member. I have more than 45 patents filed (about 80, considering  patents filed in multiple countries) and 12 patents granted.

I run a blog on "Research on Security and Innovation in the Cloud" to share ideas and opinions on future R&D security and Cloud areas.

Recent Work and News

Big Data for Security Project Big Data for Security Project [March 2013 - current]: I am currently working in an HPL R&D project  focusing on Big Data for Security. The objective is to research and develop innovative security solutions able to identify anomalies, emerging threats and security issues from Big security Data.
Program Committees Serving in Program Committees [January-June 2013]: I have served as a member of the following Program Committees: CLOSER 2013, IDOA-SVI 2013, IEEE WI 2013, MobiWIS 2013, NSS 2013, PRISM 2013,  SECRYPT 2013, TrustBus 2013
Safe Cloud Safe Cloud Demonstrator [January2013 - February 2013]: In collaboration with HPL colleagues, we delivered an innovative "Controlled Information Sharing" demonstrator to illustrate issues and opportunities of sharing sensitive information and analytics in the cloud. This work has been carried out in the context of the Safe Cloud project. The demonstrator and details are available to HP customers and HP business groups.
Information Sharing and Situational Awareness Information Sharing and Situational Awareness Demonstrator [November 2012]: a full working R&D demonstrator has been developed by HP Labs, jointly with HP businesses, to illustrate:

 - next generation Business Operation Centers in Disaggregated IT scenarios, i.e. where an organisation relies on service providers (SaaS) and infrastructure providers (IaaS) in the Cloud to run their IT operation
 - Information Sharing as a key requirement for the organisation to improve its (security, business, etc.) situational awareness, now that it has not anymore control over their IT operations-  issues and trade-offs involving information sharing, involving the company and the other stakeholders, including SaaS and IaaS providers
- next generation war rooms

This demonstrator is now available and can be shown to HP customers and business partners. I have been the technical lead of this demonstrator in collaboration with a team of colleagues.
SILAS Project Security Intelligence-as-a-Service (SILAS) [November 2012]: a full working R&D solution, called SILAS, has been developed by HP Labs, jointly with HP businesses, to:

 - provide estimation of strategic (security, risk and business) metrics to decision makers and customers, in multi-tenancy, multi-customer contexts, such as Security Operation Centers and Cloud Operation Centers
- use these metrics to enable predictive and what-if analysis, by leveraging the HP/HPL Security Analytics Solution (based on modelling and simulation techniques)
 - provide customers with strategic reports - based on processed metrics and prediction - to illustrate historical trends and benchmarks
- leverage Cloud infrastructure for data processing and metric estimations

SILAS is not meant to be a reactive, real-time analytic solution. It leverages existing solutions such as  HP ArchSight, HP TippingPoint/ThreatLinq, OSVDB, etc. to gather the relevant data. As unique differentiation,. it provides longer-term estimates of  critical metrics and uses them to make predictions. It provides decision support capabilities to key stakeholders (risk management teams, customers ,etc). As such it nicely complement current HP SW offerings.

We are currently trialling this solution in collaboration with HP business groups. I have been the technical lead of this work in collaboration with a team of colleagues.

Poster & Demo Accepted at ACM CCS 2012 conference ACM CCS 2012 [October2012]: Poster and Demo accepted at ACM CCS 2012 International Conference: Giuseppe Petracca, Anna Cinzia Squicciarini, William Horne, Marco Casassa Mont “ReasONets: a fuzzy-based approach for reasoning on network incidents”, ACM Conference on Computer and Communication Security 2012, October 2012
New HP Labs Technical Report [September 2012] Marco Casassa Mont, Richard Brown, Simon Arnell, Neil Passingham Security Analytics: Risk Analysis for an Organisation's Incident Management Process -  HPL-2012-206

Program Committees

Serving in Program Committees [June-November 2012]: I have served as a member of the following Program Committees: ACM SAC - DADS 2012, IEEE CloudCom 2012, IEEE CSE 2012,  DOA-SVI 2012, NSS 2012

 

Program Committees Serving in Program Committees [February-May 2012]: I have served as a member of the following Program Committees: IEEE ATC 2012, IEEE NCC 2012, CSS 2012, Mobisec 2012, TrustBus 2012, SECRYPT 2012.

EnCoRe Project Successful completion of the UK EnCoRe Project [April 2012]: the UK collaborative EnCoRe Project has been successfully completed. A closure meeting has been held in conjunction with the UK Technology Strategy Board (TSB), a key project co-funder. HPL an partners will carry out with their exploitation plans.

Papers Accepted at Closer 2012 conference Closer 2012 [April 2012]: Two papers accepted at the Closer 2012 International Conference:

1. Marco Casassa Mont, Kieran McCorry, Nick Papanikolaou, Siani Pearson “Security and Privacy Governance In Cloud Computing via SLAs and a policy orchestration service”, Frank Leymann, Ivan Ivanov, Marten van Sinderen and Tony Shan (eds.), Proc. Closer 2012, Portugal, SciTePress, April 2012.

2. Nick Papanikolaou, Siani Pearson, Marco Casassa Mont and Ryan Ko, “Automating Compliance for Cloud Computing Services”, Frank Leymann, Ivan Ivanov, Marten van Sinderen and Tony Shan (eds.), Proc. Closer 2012, Portugal, SciTePress, April 2012.

Situational Awareness as a Service (SAaaS)
HPL SAaaS demonstrator [March 2012]: completed the first specification of the HP Labs Situational Awareness-as-a-Service Demonstrator, focusing on the Cyber Security vertical.  Shared concepts with HP customers. Proceeding with refinements and implementation activities.

New HP Labs Technical Report [February 2012] Marco Casassa Mont, Vaibhav Sharma, Siani Pearson, EnCoRe: Dynamic Consent, Policy Enforcement and Accountable Information Sharing within and across Organisations -  HPL-2012-36

New HP Labs Technical Report [February2012] Marco Casassa Mont, Matteucci Ilaria, Marinella Petrocchi, Marco Luca Sbodio, Enabling Data Sharing in the Cloud -  HPL-2012-22


EnCoRe EnCoRe UAG Meeting [February 2012]: successfully carried out the final User Advisory Group meeting. Received good feedback and input to drive the next steps for EnCoRe, in particular about its exploitation.
 
Security Analytics as a Service (SILAS) SILAS Project Milestone [January 2012]:  A full working prototype and demonstrator of the Security Intelligence-as-a-Service is now available. R&D in this space will be further carried out in 2012.
EnCoRe Service Framework
EnCoRe Service Framework [December 2011]: A full working implementation of the EnCoRe Architecture is now available, along with a demonstrator for the UP Cabinet Office/Identity Assurance Programme. This demonstrator, named HP Labs EnCoRe Service Framework for managing consent and revocation, is a general purpose, reference implementation for the EnCoRe Architecture.

Program Committees Serving in Program Committees [June-December 2011]: I served as a member of the following Program Committees: ACM DIM 2011, IEEE Policy 2011, IEEE ATC 2011, IWSSC 2011, IEEE NSS 2011

IEEE CloudCom 2011 IEEE CloudCom 2011 [November 2011]Siani Pearson, Marco Casassa Mont, Liqun Chen, Archie Reed, End-to-end Policy-based Encryption and Management of Data in the Cloud, 29 November - 1 December 2011, Athens, Greece.

UK EnCoRe  Project EnCoRe Technical Architecture [November 2011]: The EnCoRe third Technical Architecture has been released and is available online. It specifically focuses on the third case study involving UK Cabinet Office/Identity Assurance scenarios.

IEEE Computer Magazine IEEE Computer Magazine [September 2011]: article published by IEEE Computer Magazine:

Siani Pearson, Marco Casassa Mont -  Sticky Policies: An Approach for Managing Privacy across Multiple Parties,  Volume 44, Number 9, September 2011, 2011.

 

EnCoRe Engagement with UK Cabinet Office EnCoRe Engagement with the UK Cabinet Office [August/September 2011]: I am continuing to coordinate the UK collaborative EnCoRe Project. Specifically, we managed to successfully engage with the UK Cabinet Office/Identity Assurance (IdA) Programme to transfer EnCoRe capabilities for privacy and consent management. This is  part of the ongoing EnCoRe exploitation plan.

 

Security Analytics Security Analytics Case Study with Major HP Customer [August 2011]: I successfully delivered a Security Analytics case study in the space of Incident and Remediation Management Processes, jointly carried out with a major HP customer in UK. This work will form the basis for HP ESS's Security Analytics offerings in the space of  Incident and Remediation Management.

 

IEEE Policy 2011 Symposium IEEE Policy 2011 Symposium [June 2011]: paper presented at the IEEE Policy 2011 Symposium: Marco Casassa Mont, Richard Brown - Risk Assessment and Decision Support for Security Policies and Related Enterprise Operational Processes, 6-8 June 2011, Pisa, Italy. The presentation is available online.

 

UK Collaborative EnCoRe Project UK Collaborative EnCoRe Project [May 2011]: I have recently become the Project Coordinator of the UK TSB EnCoRe project. I am also the lead of the EnCoRe WP2 package,  in charge of producing architectural and design solutions for EnCoRe.

 

Program Committees Serving in Program Committees [May 2011]: I am serving as a member of the TrustBus 2011 and PriMo 2011 Program Committees

 

WEIS 2011 Papers accepted at WEIS 2011 [May 2011]: paper accepted at the 10th Workshop on economics of Information Security, WEIS 2011: Simon Shiu, Adrian Baldwin, Yolanta Beres, Marco Casassa Mont, Geoff Duggan - Economic Methods and Decision Making by Security Professionals, WEIS 2011, George Mason University,  14-15 June 2011, US

 

Papers accepted at STAVE 2011 Papers accepted at STAVE and eChallenges 2011 [April - May 2011]: various papers accepted at STAVE and eChallenges 2011 Conferences:
  • Siani Pearson, Marco Casassa Mont and Gina Kounga, “Enhancing Accountability in the Cloud via Sticky Policies”, STAVE, Springer, June 2011.
  • Nick Papanikalaou, Siani Pearson and Marco Casassa Mont, “Towards Natural-Language Understanding and Automated Enforcement of Privacy Rules and Regulations in the Cloud: Survey and Bibliography”, STAVE, Springer, June 2011.

 

Centre for Cybercrime and Computer Security Conference 2011

 

CCCS 2011 [March 2011]: I have been invited to attend and present at the Centre for Cybercrime and Computer Security Conference 2011, Newcastle, UK, as an HP Labs representative. My presentation, available online, focused on "Risk Exposure to Social Networks in Enterproses"
UK Cyber Security Challenge 2011

 

UK Cyber Security Challenge 2011 [March 2011]: I have been involved in the first UK Cyber Security Challenge, as an HP Labs representative
Program Committees Serving in Program Committees [March 2011]: I am serving as a member of the ICST Mobisec 2011 and ICETE SECRYPT 2011 Program Committees

 

IEEE Policy 2011 Symposium IEEE Policy 2011 Symposium [February 2011]: paper accepted at the IEEE Policy 2011 Symposium: Marco Casassa Mont, Richard - Risk Assessment and Decision Support for Security Policies and Related Enterprise Operational Processes, 6-8 June 2011, Pisa, Italy

 

New HP Labs Technical Report [January 2011] Marco Casassa Mont, Richard, Risk Assessment and Decision Support for Security Policies and Related Enterprise Operational Processes -  HPL-2011-12

 

Computer January 2011 Cover: Outlook IEEE Computer Magazine [January 2011]: article published by IEEE Computer Magazine:

Anna Squicciarini, Sathya Dev Rajasekaran, Marco Casassa Mont -  Using Modelling and Simulation to Evaluate Enterprises' Risk Exposure to Social Networks, Volume 44, Number 1, January 2011, 2011.

 
HP Information Security Launch of HP Information Security [December 2010]: HP Information Security (previously known as Vistorm) has been officially launched. I actively contributed (and I am contributing) to their Security Analytics and Security Innovation offering, in particular in providing risk assessment and strategic decision support capabilities in the IAM area.

 

New HP Labs Technical Report [December 2010]Gina Kounga, Marco Casassa Mont, Pete Bramhall, Privacy Preserving Management of Personal Data for Assisted Living Applications -  HPL-2010-200

 

secIoT 2010 1st International Workshop on the Security of Internet of Things [November 2010]: paper accepted at secIoT 2010 - Gina Kounga, Marco Casassa Mont, Pete Bramhall, Privacy Preserving Management of Personal Data for Assisted Living Applications

 

CloudComp 2010 2nd ICST International Conference on Cloud Computing 2010  [October 2010]: given  presentation at CloudComp 2010:  David Pym, Martin Sadler, Simon Shiu, Marco Casassa Mont - Information Stewardship in the Cloud: A Model-based Approach. Presentation slideset available here.

 

RAND EUROPE Event Presentation and Panel at RAND EUROPE Event - EC Commission [September 2010]:  I gave a presentation and took part at a Panel discussion at the RAND EUROPE Event on "The Cloud: Understanding the security, privacy and trust aspects", in the context of a related study commissioned by the EU Commission. This presentation, available online,  provided an Industrial and R&D perspective and focused on "Cloud Computing: Security, Privacy and Trust Aspects across Public and Private  Sectors"

 

HP Labs Identity Analytics Update on HP Labs Identity Analytics [August 2010]:  IAM Case Study successfully delivered to major HP customer (Identity Analytics, Security Analytics initiative). More details about HP Labs Identity Analytics also available in my Blog site.

 

Program Committees Serving in Program Committees [July 2010]: I am serving as a member of the ACM DIM 2010 Program Committee.

 

HP Labs Identity Analytics Update on HP Labs Identity Analytics [July 2010]: major progress  in the area of Identity Analytics (Security Analytics initiative). More details about HP Labs Identity Analytics also available in my Blog site.

 

Journal of Computer Security Journal of Computer Security [July 2010]: article published by Journal of Computer Security:

Adrian Baldwin, Marco Casassa Mont, Yolanta Beres, Simon Shiu -  Assurance for Federated Identity Management, Volume 18, Number 4/2010, 2010.

 

SECRYPT 2010 IEEE and ACM International Conference on Security and Cryptography [July 2010]: paper accepted at SECRYPT 2010 - Nick Papanikolau, Sadie Creese, Michael Goldsmith, Marco Casassa Mont, Siani Pearson, EnCoRe: Towards a Holistic Approach to Privacy

 

New HP Labs Technical Report [July 2010]Nick Papanikolau, Sadie Creese, Michael Goldsmith, Marco Casassa Mont, Siani Pearson - EnCoRe: Towards a Holistic Approach to Privacy  -  HPL-2010-83

 

New HP Labs Technical Report [July 2010]Marco Casassa Mont, Siani Pearson, Sadie Creese, Michael Goldsmith, Nick Papanikolau - Towards a Conceptual Model for Privacy Policies -  HPL-2010-82

 

IEEE i-Society 2010 Keynote speech at IEEE i-Society 2010 [June 2010]: I gave a Keynote speech at i-Society 2010, on the following topic: "On the Future of Information Society: Emerging Trends, Security Threats and Opportunities"

 

TrustBus 2010 7th International Conference on Trust, Privacy & Security in Digital Business [ June 2010]: paper accepted at TrustBus 2010 - Gina Kounga, Marco Casassa Mont, Pete Bramhall, Extending XACML Access Control Architecture for Allowing Preference-Based Authorization

 

EnCoRe Press Event EnCoRe Press Event [June 2010]: I attended the collaborative UK EnCoRe (Ensuring Consent and Revocation) Project Press Event. My work on the design and definition of the EnCoRe Architecture and approach has been covered. Very good press coverage.

 

Program Committees Serving in Program Committees [May 2010]: I am serving as a member of the IEEE ICSC 2010, TrustBus 2010  and IEEE NSS 2010 Program Committees.

 

IFIP/IEEE BDIM 2010 5th IFIP/IEEE International Workshop on Business-driven IT Management 2010  [April 2010]: given  (remote) presentation at BDIM 2010:  Marco Casassa Mont, Yolanta Beres, David Pym, Simon Shiu - Economics of Identity and Access Management: Providing Decision Support for Investments. Presentation slideset available here.

 

Journal Article Reviews Review of Journal Articles [March-April 2010]: I reviewed articles for the following Journals: Journal of Systems and Software (JSS), ACM Transactions on the Web (TWEB) and  Identity in the Information Society (IDIS).

 

Program Committees Serving in Program Committees [March-April 2010]: I am serving as a member of the IEEE Policy 2010,   SECRYPT 2010 and MobiSec 2010 Program Committees.

 

EnCoRe Architecture Document Release EnCoRe Architecture Release [March 2010]: The first release of the EnCoRe Project  (Ensuring Consent and Revocation) Architecture has been released. I contributed as one of the key authors.
New HP Labs Technical Report [March 2010]Marco Casassa Mont, Adrian Baldwin, Simon Shiu, Paul Collins - Job Design: Providing Strategic Decision Support for Risk Analysis and  Policy Definitions -  HPL-2010-35

 

IFIP/IEEE BDIM 2010 5th IFIP/IEEE International Workshop on Business-driven IT Management 2010  [February 2010]: full paper accepted at BDIM 2010 - Marco Casassa Mont, Yolanta Beres, David Pym, Simon Shiu - Economics of Identity and Access Management: Providing Decision Support for Investments

 

New HP Labs Technical Report [February 2010]Marco Casassa Mont, Yolanta Beres, David Pym, Simon Shiu - Economics of Identity and Access Management: A Case Study on Enterprise Business Services -  HPL-2010-12

 

New HP Labs Technical Report [February 2010]Marco Casassa Mont, Yolanta Beres, David Pym, Simon Shiu - Economics of Identity and Access Management: Providing Decision Support for Investments -  HPL-2010-11

 

Program Committees Serving in Program Committees [January-February2010]: I am serving as a member of the IEEE FutureTech 2010 and ICIMP 2010 Program Committees.

 

Program Committees Serving in Program Committees [December 2009]: I am serving as a member of the WISTP 2010 Program Committee - Workshop on Information Security Theory and Practices.

 

 

New HP Labs Technical Report [November 2009]Kounga, Gina, Marco Casassa Mont, Pete Bramhall - Extending XACML Access Control Architecture for Allowing Preference-Based Authorization -  HPL-2009-361
W3C Access Control Workshop 2009 W3C Workshop on Access Control  Application Scenarios 2009  [November 2009]: position paper accepted at W3C Workshop on Access Control Application Scenarios:  Marco Casassa Mont, Siani Pearson, Sadie Creese, Michael Goldsmith, Nick Papanikolaou -  Towards an Integrated Approach to the Management, Specification and Enforcement of Privacy Policies.

 

Program Committees Serving in Program Committees [October 2009]: I am serving as a member of the W3C Access Control Workshop 2009 Program Committee.

 

HP Labs Security and Identity Management Blog

 

Research on Security and Identity Management [October 2009]: I extended the topics covered in my HP Labs Blog, reflecting my R&D interests in the areas of Security and Identity Management - "Research on Security and Identity Management"

 

New HP Labs Technical Report [August 2009]Marco Casassa Mont, Patrick Goldsack - Secure Delivery of Services: The HP Labs Vision and Framework (abstract) -  HPL-2009-191

 

IEEE MetriSec 2009  [August 2009]: paper accepted at  IEEE MetriSec 2009: Yolanta Beres, Marco Casassa Mont, Jonathan Griffin, Simon Shiu -  Using Security Metrics Coupled with Predictive Modelling and Simulation to assess Security Processes.

 

Program Committees Serving in Program Committees [August 2009]: I am serving as a member of the following Program Committees: ACSAC 2009IEEE BIDS 2009 and IEEE InSpec 2009.

 

New HP Labs Technical Report [July 2009]Adrian Baldwin, Marco Casassa Mont, David Pym, Simon Shiu - System Modelling for Economic Analysis of Security Investments: A Case Study in Identity and Access Management -  HPL-2009-173

 

IEEE Policy 2009 Symposium IEEE Policy 2009 Symposium [July 2009]: paper presented at the IEEE Policy 2009 Symposium: Adrian Baldwin, Marco Casassa Mont, Simon Shiu -  Using Modelling and Simulation for Policy Decision Support in Identity Management. My presentation is available here.

 

EEMA e-Identity Conference EEMA e-Identity Conference [June 2009]: I gave a presentation on "The Future of Identity in The Cloud: Requirements, Risks and Opportunities"

 

New HP Labs Technical Report [June 2009]Yolanta Beres, Marco Casassa Mont, Jonathan Griffin, Simon Shiu - Using Security Metrics Coupled with Predictive Modelling and Simulation to Assess Security Processes -  HPL-2009-142

 

New HP Labs Technical Report [June 2009]Anna Squicciarini, Marco Casassa Mont, Sathya Dev Rajasekaran - Towards an Analytics Approach to Evaluate Enterprises' Risk Exposure to Social Networks - HPL-2009-138

 

IEEE Policy 2009 Symposium IEEE Policy 2009 Symposium [May 2009]: paper accepted at the IEEE Policy 2009 Symposium: Adrian Baldwin, Marco Casassa Mont, Simon Shiu -  Using Modelling and Simulation for Policy Decision Support in Identity Management.

 

Program Committees Serving in Program Committees [April 2009]: I am serving as a member of the following Program Committees: ACM DIM 2009 and IEEE ICSC 2009.

 

The Open Group : Making Standards Work 2nd Open Group Security Practitioners Conference [April 2009]: I gave a presentation on "The Future of Identity in The Cloud: Requirements, Risks and Opportunities"

 

New HP Labs Technical Report [March 2009]Marco Casassa Mont, Adrian Baldwin, Simon Shiu - Identity Analytics - User Provisioning Case Study:  Using Modelling and Simulation for Policy Decision Support  - HPL-2009-57

 

New HP Labs Technical Report [March 2009]Adrian Baldwin, Marco Casassa Mont, Simon Shiu - Using Modelling and Simulation for Policy Decision Support in Identity Management  - HPL-2009-56

 

New HP Labs Technical Report [March 2009]Marco Casassa Mont, Siani Pearson, Gina Kounga, Yun Shen, Pete Bramhall - On the Management of Consent and Revocation in Enterprises: Setting the Context  - HPL-2009-49

 

Program Committees Serving in Program Committees [February 2009]: I am serving as a member of the following Program Committees: TrustBus 2009 and ICIMP 2009.

 

10th  IEEE Symposium

Policy 2009

 

IEEE Symposium Policy 2009 [January 2009]: I am serving as the General Chair of IEEE Policy 2009. Please consider submitting a paper.

 

UK TSB EnCoRe Project - Ensuring Consent and Revocation [November 2008]: I am a member of the EnCoRe Project researching on aspects of consent and revocation. 

 

New HP Labs Technical Report [November 2008]Marco Casassa Mont, Adrian Baldwin, Jonathan Griffin, Simon Shiu - Identity Analytics: Using Modelling and Simulation to Improve Data Security Decision Making  - HPL-2008-188

 

New HP Labs Technical Report [October 2008]Marco Casassa Mont, Adrian Baldwin, Jonathan Griffin, Simon Shiu - Towards Identity Analytics in Enterprises  - HPL-2008-186

 

PrivacyOS Conferences [October 2008]: I have attended and presented at the PrivacyOS Conference. My presentation was on "Enabling Privacy-aware Information Lifecycle Management in Enterprises"

 

IEEE Senior Member [August 2008]: I have been elevated to Senior Member of IEEE. 

 

New HP Labs Technical Report [July 2008]Marco Casassa Mont, Adrian Baldwin, Simon Shiu - On Identity Analytics: Setting the Context - HPL-2008-84

 

9th IEEE Policy 2008 IEEE Policy 2008 [June 2008]: paper accepted at IEEE Policy 2008 -  Anna Squicciarini, Marco Casassa Mont, Abhilasha Bhargav-Spantzel, Elisa Bertino -  Automatic Compliance Verification of Privacy Policies in Federated Digital Identity Management

 

New HP Labs Technical Report [April  2008]Marco Casassa Mont, Boris Balacheff, Jason Rouault, Daniel Drozdzewski - On Identity-aware Devices: Putting Users in Control across Federated Services - HPL-2008-26

 

 

New HP Labs Technical Report [March 2008]Adrian Baldwin, Marco Casassa Mont, Yolanda Beres, Simon Shiu - Assurance for Federated Identity Management - HPL-2008-25

 

Current Issue Article published on IEEE Security & Privacy Magazine [February 2008]: Siani Pearson, Marco Casassa Mont, Manny Novoa - Securing Information Transfer in Distributed Computing Environments, pp. 34-42, January/February 2008

 

ACM 

DIM 2008

ACM DIM 2008 [February 2008]: I am serving as a member of  the Program Committee of the 4th ACM Workshop on Digital Identity Management 2008 (colocated with ACM CCS 2008), TrustBus 2008. Please consider submitting a paper. More information on this conference can be found here.

 

New HP Labs Technical Report [February 2008]Anna Squicciarini (Purdue University), Marco Casassa Mont, Abhilasha Barghav-Spantzel (Purdue University), Elisa Bertino (Purdue University) - Automatic Compliance of Privacy Policies in Federated Digital Identity Management - HPL-2008-8

 

TrustBus 2008 [February 2008]: I am serving as a member of  the Program Committee of the 5th International Conference on Trust, Privacy and Security for Digital Businesses 2008, TrustBus 2008. Please consider submitting a paper. More information on this conference can be found here.

 

Journal of Computer Security Journal of Computer Security [January 2008]: article published by Journal of Computer Security:

Marco Casassa Mont, Robert Thyne -  Privacy Policy Enforcement in Enterprises with Identity Management Solutions, Volume 16, Number 2/2008, 2008.

 

Sarbanes-Oxley Compliance Journal [January 2008]: article published by Sarbanes-Oxley Compliance Journal:

Phil Hunt (Oracle), Marco Casassa Mont Identity Governance Framework: Liberty Alliance's Initiative Addressing Privacy and SOX, 2008.

 

ACM DIM 2007 [November 2007]: paper accepted at the ACM CCS2007 Workshop on Digital Identity Management (DIM) 2007:

Adrian Baldwin, Marco Casassa Mont, Yolanta Beres, Simon Shiu -  On Identity Assurance in the Presence of Federated Identity Management Systems  (the entire DIM 2007 program and related presentations  are available here).

 

9th IEEE Policy 2008 IEEE Policy 2008 [October 2007]: I am serving as a member of  the Program Committee of the 9th IEEE Workshop on Policies for Distributed Systems and Networks. Please consider submitting a paper. More information on this workshop can be found here

 

23rd IFIP SEC 2008

IFIP SEC 2008 [October 2007]: I am serving as a member of  the Program Committee of the 23rd IFIP International Information Security Conference. Please consider submitting a paper. More information on this workshop can be found here.

 

 

W3C PLING

Interest Group

 

New W3C Policy Languages Interest Group (PLING) [October 2007]: A new Interest Group - PLING - has just been announced by W3C. It is going to be chaired by Marco Casassa Mont (HP Labs) and Renato Iannella (NICTA).
This group is open to the public and is chartered to discuss interoperability, requirements and related needs for integrating and computing the results when different policy languages are used together, for example, OASIS XACML, IETF Common Policy, and P3P, etc. A PLING Charter and a PLING Mailing List are available.

 

 

 

TrustBus 2007

 

TrustBus 2007 [September 2007]: paper presented at the 4th International Conference TrustBus 2007:

Marco Casassa Mont, Boris Balacheff -  On Device-based Identity Management in Enterprises  (my .ppt presentation is available here).

I have been invited and I have given a  presentation at a TrustBus Panel, focusing on the topic:  "Managing Digital Identities: Challenges and Opportunities". My presentation, along with a list of top challenges and opportunities, can be found here. I also chaired a session on "Policy Management".

 

hp security - unauthorized logo

Blogging

Blog on "Research on Identity Management" [August 2007]: I created a mirror site of my blog on "Research on Identity Management" to allow readers to anonymously post their comments. This mirror blog is available here.  

 

 

Identity Governance Framework (IGF) [July 2007]: a new document is available in the Liberty Alliance site, about Identity Governance Framework, titled "Id Governance - Privacy and Access Policies Market Requirements". This document can be downloaded here.

On behalf of HP/HP Labs I contributed to the definition of requirements, use cases and terminology.

 

 

 

IEEE Policy 2007 [June 2007]:  paper presented at IEEE Policy 2007 - Marco Casassa Mont, Filipe Beato - On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprise (presentation .ppt).

I have also been involved in a panel on "Business-driven IT Management" and impact research on policies can have in this space. Here is my presentation (.ppt) highlighting my vision. 

 

New HP Labs Technical Report [May 2007]: Siani Pearson, Marco Casassa Mont, Manny Novoa - Securing Information Transfer within Distributed Computing Environments - HPL-2007-70

 

New HP Labs Technical Report [May 2007]Marco Casassa Mont, Boris Balacheff - On Device-based Identity Management in Enterprises - HPL-2007-53

 

Article published by DIGMA Magazine [April 2007]: An article on "Automation of Privacy Management" (author: Marco Casassa Mont) has been published by the DIGMA Magazine - end-of March Issue, 2007.

 

  1st IEEE International Conference on Semantic Computing ICSC 2007 [April 2007]: I am serving as a member of the Program Committee of the 1st International Conference on Semantic Computing. Among other things, of particular interest is the focus on aspects of semantic computing for security, trust, identity management and privacy. Please consider submitting a paper

 

New HP Labs Technical Report [April 2007]Adrian Baldwin, Marco Casassa Mont, Simon Shiu - On Identity Assurance in the Presence of Federated Identity Management Systems - HPL-2007-47

 

New HP Labs Technical Report [April 2007]Siani Pearson, Marco Casassa Mont - A System for Privacy-Aware Resource Allocation and Data Processing in Dynamic Environments - HPL-2006-185

 

hp security - unauthorized logo

RSA 2007

 

RSA 2007 [February 2007]: I have been involved in the R&D phase of an Identity Management pilot - jointly developed with Intel, BT and HP Software - in the context of the Liberty Alliance Project. This pilot has been presented at a workshop at RSA 2007. It shows how "identity tokens/credentials" can be securely and privately provisioned to advanced identity-capable devices (e.g. smartphones, PDAs, laptops, etc.) to enable users' simplified single-sign-on interactions in federated identity management contexts. There devices can leverage trusted computing capabilities (e.g. Trusted Platforms Modules) to store and protect identity tokens. More information is available here.

 

TrustBus 2007

 

TrustBus 2007 [February 2007]: I am serving as a member of the Program Committee of the 4th International Conference on Trust, Security and Privacy in Digital Business. Please consider submitting a paper.

 

ICGD&BC 2007

 

ICGD&BC 2007 [February 2007]: I am serving as Co-Chair and a member of the Program Committee of the 1st International Conference on Global Defence and Business Continuity, Please consider submitting a paper.

 

New HP Labs Technical Report [January 2007]Marco Casassa Mont, Filipe Beato - On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises - HPL-2007-7

 

8th IEEE

Policy 2007 Workshop

IEEE Policy 2007 [January 2007]: I served as a member of  the Program Committee of the 8th IEEE Workshop on Policies for Distributed Systems and Networks. More information on this workshop can be found here

 

Past Work and News

Paper Presented at PST 2006 - 4th International Conference on Privacy, Security and Trust  [30 October - 1 November 2006]: Marco Casassa Mont, Robert Thyne - Privacy Policy Enforcement in Enterprises with Identity Management Solutions  - Conference Presentation: slides (MS .ppt)

I served as a member of the Program Committee. I also chaired a session at PST 2006 on "Privacy and Security Issues".

 

W3C

W3C Privacy Workshop

 

 

Position Paper Presented at the W3C  Workshop on Languages for Privacy Policy Negotiation and Semantic-driven Enforcement [October 2006]: Marco Casassa Mont - On the Need to Explicitly Manage Privacy Obligation Policies as Part of Good Data Handling Practices - Workshop Presentation: slides (MS .ppt)

I also served as a member of the Program Committee.

The Workshop Agenda and the complete list of submitted Position Papers can be found here 

 

Paper Presented at ISSE 2006 - The Independent European ICT Security Conference and Exhibition [10-12 October 2006]: Marco Casassa Mont - Privacy-aware Information Lifecycle Management in Enterprises: Setting the Context - Conference Presentation: slides (MS .ppt)

 

Two Papers Presented at TrustBus 2006 [September 2006]:

Marco Casassa Mont - Towards Scalable Management of Privacy Obligations in Enterprises - Conference Presentation: slides (MS .ppt)

Marco Casassa Mont, Siani Pearson, Robert Thyne - A Systematic Approach to Privacy Enforcement and Policy Compliance Checking in Enterprises - Conference Presentation: slides (MS .ppt)

I also served as a member of the Program Committee and chaired a session on "Security requirements and Development".

 

New HP Labs Technical Report [August 2006]Marco Casassa Mont  - On Privacy-aware Information Lifecycle Management in Enterprises: Setting the Context - HPL-2006-109

 

PRIME Std. Workshop

 

 

Presentation at PRIME Standardisation Workshop  [July 2006]: Marco Casassa Mont, Siani Pearson, Tariq EE, Stephen Crane - HPL Privacy Policies for PRIME: Obligations, Trust Establishment and Compliance   (presentation .ppt)

I have also served as a member of  the Program Committee

 

PET 2006

 

Paper presented at 6th Workshop  on Privacy Enhancing Technologies PET2006  [June 2006]:  Marco Casassa Mont, Robert Thyne - A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises (presentation .ppt, pre-proceedings paper)

 

Paper presented at 21st International  Conference SEC2006 - I-NetSec06 Workshop on Privacy and Anonymity Issues in Networked and Distributed Systems [May 2006]: Siani Pearson, Marco Casassa Mont - A System for Privacy-aware Resource Allocation and Data Processing in Dynamic Environments (presentation .ppt)

 

New HP Labs Technical Report [May 2006]Marco Casassa Mont, Robert Thyne - Privacy Policy Enforcement in Enterprises with Identity Management Solutions - HPL-2006-72

 

New HP Labs Technical Report [April 2006]Marco Casassa Mont, Stephen Crane - A Customizable Privacy Assurance System based on Active Feedback  - HPL-2006-56

 

New HP Labs Technical Report [April 2006]Marco Casassa Mont, Robert Thyne - A Systemic Approach to Automate Privacy Policy Enforcement  in Enterprises - HPL-2006-51

 

New HP Labs Technical Report [March 2006]Marco Casassa Mont - Towards Scalable Management of Privacy Obligations  in Enterprises - HPL-2006-45

 

New HP Labs Technical Report [March 2006]Marco Casassa Mont, Siani Pearson, Robert Thyne  - A Systemic Approach  to Privacy Enforcement and Policy Compliance Checking in Enterprises - HPL-2006-44

 

Paper published on International Journal of Computer Systems Science & Engineering  - CSSE [January 2006]: Marco Casassa Mont  - Handling Privacy Obligations in Enterprises: Important Aspects and Technical Approaches - CSSE Vol. 20, Number 6, November 2005

 

 

i-Trust 2006

Paper accepted at 4th International Conference on Trust Management i-Trust 2006 [January 2006]: Siani Pearson, Marco Casassa Mont - Provision of Trusted Identity Management using Trusted Credentials

 

Paper accepted at 21st International  Conference SEC2006 - I-NetSec06 Workshop on Privacy and Anonymity Issues in Networked and Distributed Systems [January 2006]: Siani Pearson, Marco Casassa Mont - A System for Privacy-aware Resource Allocation and Data Processing in Dynamic Environments

 

hp security - unauthorized logo

HP Software Universe 2005

 

HP Software Universe 2005 - Press Event and Technical Presentation  [December 2005]:
  • Presentation at the Press Event: Marco Casassa Mont - HP Labs Privacy Management: Vision, Research and Work (presentation .ppt)
  • Presentation at a Technical Session: Archie Reed, Marco Casassa Mont - Privacy Management with HP OpenView Identity Management (presentation .ppt)

 

TrustBus 2006 - I joined the Program Committee of the 3rd International Conference on Trust, Privacy and Security on Digital Businesses 2006  [December 2005]:   Conference details and Call for Papers available at  http://www.icsd.aegean.gr/trustbus06/

 

PST 2006 - I joined the Program Committee of the 4th International Conference on Privacy, Security and Trust 2006 [November 2005]:  Conference details and Call for Papers available at  http://www.businessandit.uoit.ca/pst2006/

 

New HP Labs Technical Report [November 2005]Marco Casassa Mont - A System to Handle Privacy Obligations in Enterprises - HPL-2005-180

 

hp security - unauthorized logo Paper Presented at HP Technology Forum 2005 [October 2005]: Marco Casassa Mont, Robert Thyne, Pete Bramhall - Privacy Management  in Enterprises for IT Governance - Conference Presentation: slides (MS .ppt)

 

Paper Presented at ISSE 2005 [September 2005]: Marco Casassa Mont, Robert Thyne, Pete Bramhall, Kwok-Nga Chan - Privacy Policy Enforcement in Enterprises: Addressing Regolatory Compliance and Governance Needs - Conference Presentation: slides (MS .ppt)

 

Article Published by Information Security Bulleting (ISB) Magazine [September 2005]:

Marco Casassa Mont, Kwok-Nga (Annie) Chan, Pete Bramhall - Management and Enforcement of Privacy Obligations in Enterprises  - Information Security Bulletin

 

Two Papers Presented at TrustBus 2005 [August 2005]:

Marco Casassa Mont, Robert Thyne, Pete Bramhall - Privacy Enforcement for IT Governance: Doing it for Real - Conference Presentation: slides (MS .ppt)

Marco Casassa Mont, Siani Pearson - An Adaptive Privacy Management System for Data Repositories - Conference Presentation: slides (MS .ppt)

I also served as a member of the Program Committee.

 

New HP Labs Technical Report [June 2005]Marco Casassa Mont, Robert Thyne, Kwok Chan, Pete Bramhall - Extending HP Identity Management Solutions to Enforce Privacy Policies and Obligations for Regulatory Compliance by Enterprises  - HPL-2005-110

 

Openview HP Software Forum 2005 [June 2005]: Marco Casassa Mont - Presentation at HP Software Forum 2005 on "Managing and Enforcing Privacy with HP OpenView Identity Management Solutions"

 

hp security - unauthorized logo DIDW 2005 [May 2005]: Marco Casassa Mont - Presentation and Demonstration of HPL Technology at the HP booth - Privacy Management for IT Governance: Privacy Enforcement and Privacy Obligation Management

 

New HP Labs Technical Reports [March 2005]:  In the context of the EU PRIME project, three new HPL Technical Reports have been written to address Trust, Privacy, Assurance and Usability aspects when dealing with Personal Data:

 

hp security - unauthorized logo

 

 

 

RSA 2005

RSA 2005 [14-18 February 2005]: Marco Casassa Mont, Robert Thyne - Presentation and Demonstration of HPL Technology at the HP booth - Privacy Management for IT Governance: Privacy Enforcement and Privacy Obligation Management. Document (.pdf) with more details.

 

New HP Labs Technical Report [21 January 2005]Marco Casassa Mont, Robert Thyne, Pete Bramhall - Privacy Enforcement with HP Select Access for Regulatory Compliance - HPL-2005-10

 

New HP Labs Technical Report [18 November 2004]Marco Casassa Mont, Siani Pearson, Pete Bramhall - An Adaptive Privacy Management System For Data Repositories - HPL-2004-211

 

 

Paper at ISSE 2004 [28/09-30/09/2004]: Marco Casassa Mont - Dealing with Privacy Obligations in Enterprises - Conference Presentation: slides (MS .ppt)

 

Paper at TrustBus 2004 [30/08-01/09/2004]: Marco Casassa Mont - Dealing with Privacy Obligations: Important Aspects and Technical Approaches - Conference Presentation: slides (MS .ppt)

 

New HP Labs Technical Report [30 June 2004]Marco Casassa Mont - Dealing with Privacy Obligations in Enterprises - HPL-2004-109

 

EPAL Workshop 2004: [13-14 May 2004]: Presentation on "EPAL and Management of Privacy Obligations" - Link to EPAL Workshop 2004

 

EU PRIME Project 2004 [March 2004] - I am involved in the EU PRIME project (Privacy and Identity Management for Europe) along with other HP Labs/TSL people.

 

HP Labs Technical Report [08 March 2004]Marco Casassa Mont - Dealing with Privacy Obligations: Important Aspects and Technical Approaches - HPL-2004-34

 

HP Labs Technical Report [24 February 2004]Marco Casassa Mont - Identity Management: On the "Identity=Data+Policies" Model - HPL-2004-14

 

TERENA Logo small

AA Terena Workshop [20 November 2003]: Presentation on   "Privacy Management for Identity Information: It is Not Just a Matter of Authorization"

 

Liberty Alliance Meeting [19 November 2003]: Presentation on  "Privacy Management - Focusing on the Real Issues: Enforcement and Accountability"

 

finger print and encryption illustration Paper on the External HP Labs Web Site- Reference to IEEE publication: "A flexible role-based Secure Messaging Service"

 

ESORICS 2003 Paper at ESORICS 2003: Marco Casassa Mont, Siani Pearson, Pete Bramhall - Towards Accountable Management of Privacy and Identity Management - Conference Presentation: slides (MS .ppt)

 

hp security - unauthorized logo Adaptive Identity Management (vision): paper and presentation

My Contacts:

Marco Casassa Mont

HP Laboratories

Cloud & Security Lab

Long Down Avenue

Stoke Gifford

Bristol, BS34 8QZ, UK       

TEL: +44-117-3162196

marco.casassa-mont@hp.com