Research
People
- Leadership
- People
- Jobs
- Awards
- Blogs
About
- About
- Worldwide Sites

Marco Casassa Mont - Web Page - HP Labs

Senior Researcher
Systems Security Lab
Bristol, UK

Biography

Related links
- »HP Labs Palo Alto

My links
- »Detailed Biography
- »Projects
- »Publications
- »Inventions
- »Professional Activity
- »Previous Work and Education
- »Blogs and Other Links
- »My Personal web Page
- »My Contacts

I am a senior research scientist at the Hewlett Packard Laboratories in Bristol, UK - Systems Security Lab (SSL), focused on working to create a trustworthy information system environment in the face of challenges such as the growth of organized cybercrime and the rapid adoption of social networking tools and cloud-based services.

This web page contains public information about my R&D work, inventions, publications and technical reports and professional activity. Additional information is available about my biography (CV) and education.

I am currently a technical lead in the area of Identity Analytics (Security Analytics project) and UK TSB EnCoRe project. In general, I have worked as a lead and technical contributor in a variety of research and development programs including collaborations with HP business units and international projects (in the security, identity management and privacy areas), such as the EU F6 PRIME project (Privacy and Identity Management for Europe) and UK TSB EnCoRe project (Ensuring Consent and Revocation).

My R&D interests are in the following areas:

Security and Identity Analytics
Identity Management Technologies and Solutions
Risk Management, IT & Data Governance and Compliance
Trust, Security and Privacy Technologies for People, Enterprises and Internet-based environments
Web Services, Internet and Web 2.0 technologies
Adaptive Systems & Automation
Policy Management

I am active on the publication and conference front. I am part of various (IEEE, ACM, etc.) Program Committees. I have been recently elevated to Senior Member of IEEE. I am an IISP member.

I have more than 45 patents filed (about 80, considering filing patents in multiple countries) and 11 patents granted.

I run a blog on "Research on Identity Management" to share ideas and opinions on future R&D identity management areas.

I am currently co-chairing the W3C Policy Languages Interest Group (PLING) and I am the General Chair of the IEEE Symposium Policy 2009.

Recent Work and News

EEMA e-Identity Conference	EEMA e-Identity Conference [June 2009]: I gave a presentation on "The Future of Identity in The Cloud: Requirements, Risks and Opportunities"
	New HP Labs Technical Report [June 2009]: Yolanta Beres, Marco Casassa Mont, Jonathan Griffin, Simon Shiu - Using Security Metrics Coupled with Predictive Modelling and Simulation to Assess Security Processes - HPL-2009-142
	New HP Labs Technical Report [June 2009]: Anna Squicciarini, Marco Casassa Mont, Sathya Dev Rajasekaran - Towards an Analytics Approach to Evaluate Enterprises' Risk Exposure to Social Networks - HPL-2009-138
IEEE Policy 2009 Symposium	IEEE Policy 2009 Symposium [May 2009]: paper accepted at the IEEE Policy 2009 Symposium: Adrian Baldwin, Marco Casassa Mont, Simon Shiu - Using Modelling and Simulation for Policy Decision Support in Identity Management.
Program Committees	Serving in Program Committees [April 2009]: I am serving as a member of the following Program Committees: ACM DIM 2009 and IEEE ICSC 2009.
	2nd Open Group Security Practitioners Conference [April 2009]: I gave a presentation on "The Future of Identity in The Cloud: Requirements, Risks and Opportunities"
	New HP Labs Technical Report [March 2009]: Marco Casassa Mont, Adrian Baldwin, Simon Shiu - Identity Analytics - User Provisioning Case Study: Using Modelling and Simulation for Policy Decision Support - HPL-2009-57
	New HP Labs Technical Report [March 2009]: Adrian Baldwin, Marco Casassa Mont, Simon Shiu - Using Modelling and Simulation for Policy Decision Support in Identity Management - HPL-2009-56
	New HP Labs Technical Report [March 2009]: Marco Casassa Mont, Siani Pearson, Gina Kounga, Yun Shen, Pete Bramhall - On the Management of Consent and Revocation in Enterprises: Setting the Context - HPL-2009-49
Program Committees	Serving in Program Committees [February 2009]: I am serving as a member of the following Program Committees: TrustBus 2009 and ICIMP 2009.
10th IEEE Symposium Policy 2009	IEEE Symposium Policy 2009 [January 2009]: I am serving as the General Chair of IEEE Policy 2009. Please consider submitting a paper.
	UK TSB EnCoRe Project - Ensuring Consent and Revocation [November 2008]: I am a member of the EnCoRe Project researching on aspects of consent and revocation.
	New HP Labs Technical Report [November 2008]: Marco Casassa Mont, Adrian Baldwin, Jonathan Griffin, Simon Shiu - Identity Analytics: Using Modelling and Simulation to Improve Data Security Decision Making - HPL-2008-188
	New HP Labs Technical Report [October 2008]: Marco Casassa Mont, Adrian Baldwin, Jonathan Griffin, Simon Shiu - Towards Identity Analytics in Enterprises - HPL-2008-186
	PrivacyOS Conferences [October 2008]: I have attended and presented at the PrivacyOS Conference. My presentation was on "Enabling Privacy-aware Information Lifecycle Management in Enterprises"
	IEEE Senior Member [August 2008]: I have been elevated to Senior Member of IEEE.
	New HP Labs Technical Report [July 2008]: Marco Casassa Mont, Adrian Baldwin, Simon Shiu - On Identity Analytics: Setting the Context - HPL-2008-84
9th IEEE Policy 2008	IEEE Policy 2008 [June 2008]: paper accepted at IEEE Policy 2008 - Anna Squicciarini, Marco Casassa Mont, Abhilasha Bhargav-Spantzel, Elisa Bertino - Automatic Compliance Verification of Privacy Policies in Federated Digital Identity Management
	New HP Labs Technical Report [April 2008]: Marco Casassa Mont, Boris Balacheff, Jason Rouault, Daniel Drozdzewski - On Identity-aware Devices: Putting Users in Control across Federated Services - HPL-2008-26
	New HP Labs Technical Report [March 2008]: Adrian Baldwin, Marco Casassa Mont, Yolanda Beres, Simon Shiu - Assurance for Federated Identity Management - HPL-2008-25
	Article published on IEEE Security & Privacy Magazine [February 2008]: Siani Pearson, Marco Casassa Mont, Manny Novoa - Securing Information Transfer in Distributed Computing Environments, pp. 34-42, January/February 2008
ACM DIM 2008	ACM DIM 2008 [February 2008]: I am serving as a member of the Program Committee of the 4th ACM Workshop on Digital Identity Management 2008 (colocated with ACM CCS 2008), TrustBus 2008. Please consider submitting a paper. More information on this conference can be found here.
	New HP Labs Technical Report [February 2008]: Anna Squicciarini (Purdue University), Marco Casassa Mont, Abhilasha Barghav-Spantzel (Purdue University), Elisa Bertino (Purdue University) - Automatic Compliance of Privacy Policies in Federated Digital Identity Management - HPL-2008-8
	TrustBus 2008 [February 2008]: I am serving as a member of the Program Committee of the 5th International Conference on Trust, Privacy and Security for Digital Businesses 2008, TrustBus 2008. Please consider submitting a paper. More information on this conference can be found here.
	Journal of Computer Security [January 2008]: article published by Journal of Computer Security: Marco Casassa Mont, Robert Thyne - Privacy Policy Enforcement in Enterprises with Identity Management Solutions, Volume 16, Number 2/2008, 2008.
	Sarbanes-Oxley Compliance Journal [January 2008]: article published by Sarbanes-Oxley Compliance Journal: Phil Hunt (Oracle), Marco Casassa Mont - Identity Governance Framework: Liberty Alliance's Initiative Addressing Privacy and SOX, 2008.
	ACM DIM 2007 [November 2007]: paper accepted at the ACM CCS2007 Workshop on Digital Identity Management (DIM) 2007: Adrian Baldwin, Marco Casassa Mont, Yolanta Beres, Simon Shiu - On Identity Assurance in the Presence of Federated Identity Management Systems (the entire DIM 2007 program and related presentations are available here).
9th IEEE Policy 2008	IEEE Policy 2008 [October 2007]: I am serving as a member of the Program Committee of the 9th IEEE Workshop on Policies for Distributed Systems and Networks. Please consider submitting a paper. More information on this workshop can be found here.
23rd IFIP SEC 2008	IFIP SEC 2008 [October 2007]: I am serving as a member of the Program Committee of the 23rd IFIP International Information Security Conference. Please consider submitting a paper. More information on this workshop can be found here.
W3C PLING Interest Group	New W3C Policy Languages Interest Group (PLING) [October 2007]: A new Interest Group - PLING - has just been announced by W3C. It is going to be chaired by Marco Casassa Mont (HP Labs) and Renato Iannella (NICTA). This group is open to the public and is chartered to discuss interoperability, requirements and related needs for integrating and computing the results when different policy languages are used together, for example, OASIS XACML, IETF Common Policy, and P3P, etc. A PLING Charter and a PLING Mailing List are available.
TrustBus 2007	TrustBus 2007 [September 2007]: paper presented at the 4th International Conference TrustBus 2007: Marco Casassa Mont, Boris Balacheff - On Device-based Identity Management in Enterprises (my .ppt presentation is available here). I have been invited and I have given a presentation at a TrustBus Panel, focusing on the topic: "Managing Digital Identities: Challenges and Opportunities". My presentation, along with a list of top challenges and opportunities, can be found here. I also chaired a session on "Policy Management".
Blogging	Blog on "Research on Identity Management" [August 2007]: I created a mirror site of my blog on "Research on Identity Management" to allow readers to anonymously post their comments. This mirror blog is available here.
	Identity Governance Framework (IGF) [July 2007]: a new document is available in the Liberty Alliance site, about Identity Governance Framework, titled "Id Governance - Privacy and Access Policies Market Requirements". This document can be downloaded here. On behalf of HP/HP Labs I contributed to the definition of requirements, use cases and terminology.
	IEEE Policy 2007 [June 2007]: paper presented at IEEE Policy 2007 - Marco Casassa Mont, Filipe Beato - On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprise (presentation .ppt). I have also been involved in a panel on "Business-driven IT Management" and impact research on policies can have in this space. Here is my presentation (.ppt) highlighting my vision.
	New HP Labs Technical Report [May 2007]: Siani Pearson, Marco Casassa Mont, Manny Novoa - Securing Information Transfer within Distributed Computing Environments - HPL-2007-70
	New HP Labs Technical Report [May 2007]: Marco Casassa Mont, Boris Balacheff - On Device-based Identity Management in Enterprises - HPL-2007-53
	Article published by DIGMA Magazine [April 2007]: An article on "Automation of Privacy Management" (author: Marco Casassa Mont) has been published by the DIGMA Magazine - end-of March Issue, 2007.
1st IEEE International Conference on Semantic Computing	ICSC 2007 [April 2007]: I am serving as a member of the Program Committee of the 1st International Conference on Semantic Computing. Among other things, of particular interest is the focus on aspects of semantic computing for security, trust, identity management and privacy. Please consider submitting a paper.
	New HP Labs Technical Report [April 2007]: Adrian Baldwin, Marco Casassa Mont, Simon Shiu - On Identity Assurance in the Presence of Federated Identity Management Systems - HPL-2007-47
	New HP Labs Technical Report [April 2007]: Siani Pearson, Marco Casassa Mont - A System for Privacy-Aware Resource Allocation and Data Processing in Dynamic Environments - HPL-2006-185
RSA 2007	RSA 2007 [February 2007]: I have been involved in the R&D phase of an Identity Management pilot - jointly developed with Intel, BT and HP Software - in the context of the Liberty Alliance Project. This pilot has been presented at a workshop at RSA 2007. It shows how "identity tokens/credentials" can be securely and privately provisioned to advanced identity-capable devices (e.g. smartphones, PDAs, laptops, etc.) to enable users' simplified single-sign-on interactions in federated identity management contexts. There devices can leverage trusted computing capabilities (e.g. Trusted Platforms Modules) to store and protect identity tokens. More information is available here.
TrustBus 2007	TrustBus 2007 [February 2007]: I am serving as a member of the Program Committee of the 4th International Conference on Trust, Security and Privacy in Digital Business. Please consider submitting a paper.
ICGD&BC 2007	ICGD&BC 2007 [February 2007]: I am serving as Co-Chair and a member of the Program Committee of the 1st International Conference on Global Defence and Business Continuity, Please consider submitting a paper.
	New HP Labs Technical Report [January 2007]: Marco Casassa Mont, Filipe Beato - On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises - HPL-2007-7
8th IEEE Policy 2007 Workshop	IEEE Policy 2007 [January 2007]: I served as a member of the Program Committee of the 8th IEEE Workshop on Policies for Distributed Systems and Networks. More information on this workshop can be found here.

Past Work and News

	Paper Presented at PST 2006 - 4th International Conference on Privacy, Security and Trust [30 October - 1 November 2006]: Marco Casassa Mont, Robert Thyne - Privacy Policy Enforcement in Enterprises with Identity Management Solutions - Conference Presentation: slides (MS .ppt) I served as a member of the Program Committee. I also chaired a session at PST 2006 on "Privacy and Security Issues".
W3C Privacy Workshop	Position Paper Presented at the W3C Workshop on Languages for Privacy Policy Negotiation and Semantic-driven Enforcement [October 2006]: Marco Casassa Mont - On the Need to Explicitly Manage Privacy Obligation Policies as Part of Good Data Handling Practices - Workshop Presentation: slides (MS .ppt) I also served as a member of the Program Committee. The Workshop Agenda and the complete list of submitted Position Papers can be found here
	Paper Presented at ISSE 2006 - The Independent European ICT Security Conference and Exhibition [10-12 October 2006]: Marco Casassa Mont - Privacy-aware Information Lifecycle Management in Enterprises: Setting the Context - Conference Presentation: slides (MS .ppt)
	Two Papers Presented at TrustBus 2006 [September 2006]: Marco Casassa Mont - Towards Scalable Management of Privacy Obligations in Enterprises - Conference Presentation: slides (MS .ppt) Marco Casassa Mont, Siani Pearson, Robert Thyne - A Systematic Approach to Privacy Enforcement and Policy Compliance Checking in Enterprises - Conference Presentation: slides (MS .ppt) I also served as a member of the Program Committee and chaired a session on "Security requirements and Development".
	New HP Labs Technical Report [August 2006]: Marco Casassa Mont - On Privacy-aware Information Lifecycle Management in Enterprises: Setting the Context - HPL-2006-109
PRIME Std. Workshop	Presentation at PRIME Standardisation Workshop [July 2006]: Marco Casassa Mont, Siani Pearson, Tariq EE, Stephen Crane - HPL Privacy Policies for PRIME: Obligations, Trust Establishment and Compliance (presentation .ppt) I have also served as a member of the Program Committee
PET 2006	Paper presented at 6th Workshop on Privacy Enhancing Technologies PET2006 [June 2006]: Marco Casassa Mont, Robert Thyne - A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises (presentation .ppt, pre-proceedings paper)
	Paper presented at 21st International Conference SEC2006 - I-NetSec06 Workshop on Privacy and Anonymity Issues in Networked and Distributed Systems [May 2006]: Siani Pearson, Marco Casassa Mont - A System for Privacy-aware Resource Allocation and Data Processing in Dynamic Environments (presentation .ppt)
	New HP Labs Technical Report [May 2006]: Marco Casassa Mont, Robert Thyne - Privacy Policy Enforcement in Enterprises with Identity Management Solutions - HPL-2006-72
	New HP Labs Technical Report [April 2006]: Marco Casassa Mont, Stephen Crane - A Customizable Privacy Assurance System based on Active Feedback - HPL-2006-56
	New HP Labs Technical Report [April 2006]: Marco Casassa Mont, Robert Thyne - A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises - HPL-2006-51
	New HP Labs Technical Report [March 2006]: Marco Casassa Mont - Towards Scalable Management of Privacy Obligations in Enterprises - HPL-2006-45
	New HP Labs Technical Report [March 2006]: Marco Casassa Mont, Siani Pearson, Robert Thyne - A Systemic Approach to Privacy Enforcement and Policy Compliance Checking in Enterprises - HPL-2006-44
	Paper published on International Journal of Computer Systems Science & Engineering - CSSE [January 2006]: Marco Casassa Mont - Handling Privacy Obligations in Enterprises: Important Aspects and Technical Approaches - CSSE Vol. 20, Number 6, November 2005
i-Trust 2006	Paper accepted at 4th International Conference on Trust Management i-Trust 2006 [January 2006]: Siani Pearson, Marco Casassa Mont - Provision of Trusted Identity Management using Trusted Credentials
	Paper accepted at 21st International Conference SEC2006 - I-NetSec06 Workshop on Privacy and Anonymity Issues in Networked and Distributed Systems [January 2006]: Siani Pearson, Marco Casassa Mont - A System for Privacy-aware Resource Allocation and Data Processing in Dynamic Environments
HP Software Universe 2005	HP Software Universe 2005 - Press Event and Technical Presentation [December 2005]: Presentation at the Press Event: Marco Casassa Mont - HP Labs Privacy Management: Vision, Research and Work (presentation .ppt) Presentation at a Technical Session: Archie Reed, Marco Casassa Mont - Privacy Management with HP OpenView Identity Management (presentation .ppt)
	TrustBus 2006 - I joined the Program Committee of the 3rd International Conference on Trust, Privacy and Security on Digital Businesses 2006 [December 2005]: Conference details and Call for Papers available at http://www.icsd.aegean.gr/trustbus06/
	PST 2006 - I joined the Program Committee of the 4th International Conference on Privacy, Security and Trust 2006 [November 2005]: Conference details and Call for Papers available at http://www.businessandit.uoit.ca/pst2006/
	New HP Labs Technical Report [November 2005]: Marco Casassa Mont - A System to Handle Privacy Obligations in Enterprises - HPL-2005-180
	Paper Presented at HP Technology Forum 2005 [October 2005]: Marco Casassa Mont, Robert Thyne, Pete Bramhall - Privacy Management in Enterprises for IT Governance - Conference Presentation: slides (MS .ppt)
	Paper Presented at ISSE 2005 [September 2005]: Marco Casassa Mont, Robert Thyne, Pete Bramhall, Kwok-Nga Chan - Privacy Policy Enforcement in Enterprises: Addressing Regolatory Compliance and Governance Needs - Conference Presentation: slides (MS .ppt)
	Article Published by Information Security Bulleting (ISB) Magazine [September 2005]: Marco Casassa Mont, Kwok-Nga (Annie) Chan, Pete Bramhall - Management and Enforcement of Privacy Obligations in Enterprises - Information Security Bulletin
	Two Papers Presented at TrustBus 2005 [August 2005]: Marco Casassa Mont, Robert Thyne, Pete Bramhall - Privacy Enforcement for IT Governance: Doing it for Real - Conference Presentation: slides (MS .ppt) Marco Casassa Mont, Siani Pearson - An Adaptive Privacy Management System for Data Repositories - Conference Presentation: slides (MS .ppt) I also served as a member of the Program Committee.
	New HP Labs Technical Report [June 2005]: Marco Casassa Mont, Robert Thyne, Kwok Chan, Pete Bramhall - Extending HP Identity Management Solutions to Enforce Privacy Policies and Obligations for Regulatory Compliance by Enterprises - HPL-2005-110
	HP Software Forum 2005 [June 2005]: Marco Casassa Mont - Presentation at HP Software Forum 2005 on "Managing and Enforcing Privacy with HP OpenView Identity Management Solutions"
	DIDW 2005 [May 2005]: Marco Casassa Mont - Presentation and Demonstration of HPL Technology at the HP booth - Privacy Management for IT Governance: Privacy Enforcement and Privacy Obligation Management
	New HP Labs Technical Reports [March 2005]: In the context of the EU PRIME project, three new HPL Technical Reports have been written to address Trust, Privacy, Assurance and Usability aspects when dealing with Personal Data: Stephen Crane, Marco Casassa Mont, Siani Pearson - On Helping Individuals to Manage Privacy and Trust - HPL-2005-53 Marco Casassa Mont, Stephen Crane, Siani Pearson - Handling Privacy Obligations and Constraints to Underpin Trust and Assurance - HPL-2005-54 Siani Pearson, Marco Casassa Mont, Stephen Crane - Analysis of Trust Properties and Related Impact of Trusted Platforms - HPL-2005-55
RSA 2005	RSA 2005 [14-18 February 2005]: Marco Casassa Mont, Robert Thyne - Presentation and Demonstration of HPL Technology at the HP booth - Privacy Management for IT Governance: Privacy Enforcement and Privacy Obligation Management. Document (.pdf) with more details.
	New HP Labs Technical Report [21 January 2005]: Marco Casassa Mont, Robert Thyne, Pete Bramhall - Privacy Enforcement with HP Select Access for Regulatory Compliance - HPL-2005-10
	New HP Labs Technical Report [18 November 2004]: Marco Casassa Mont, Siani Pearson, Pete Bramhall - An Adaptive Privacy Management System For Data Repositories - HPL-2004-211
	Paper at ISSE 2004 [28/09-30/09/2004]: Marco Casassa Mont - Dealing with Privacy Obligations in Enterprises - Conference Presentation: slides (MS .ppt)
	Paper at TrustBus 2004 [30/08-01/09/2004]: Marco Casassa Mont - Dealing with Privacy Obligations: Important Aspects and Technical Approaches - Conference Presentation: slides (MS .ppt)
	New HP Labs Technical Report [30 June 2004]: Marco Casassa Mont - Dealing with Privacy Obligations in Enterprises - HPL-2004-109
	EPAL Workshop 2004: [13-14 May 2004]: Presentation on "EPAL and Management of Privacy Obligations" - Link to EPAL Workshop 2004
	EU PRIME Project 2004 [March 2004] - I am involved in the EU PRIME project (Privacy and Identity Management for Europe) along with other HP Labs/TSL people.
	HP Labs Technical Report [08 March 2004]: Marco Casassa Mont - Dealing with Privacy Obligations: Important Aspects and Technical Approaches - HPL-2004-34
	HP Labs Technical Report [24 February 2004]: Marco Casassa Mont - Identity Management: On the "Identity=Data+Policies" Model - HPL-2004-14
	AA Terena Workshop [20 November 2003]: Presentation on "Privacy Management for Identity Information: It is Not Just a Matter of Authorization"
	Liberty Alliance Meeting [19 November 2003]: Presentation on "Privacy Management - Focusing on the Real Issues: Enforcement and Accountability"
	Paper on the External HP Labs Web Site- Reference to IEEE publication: "A flexible role-based Secure Messaging Service"
	Paper at ESORICS 2003: Marco Casassa Mont, Siani Pearson, Pete Bramhall - Towards Accountable Management of Privacy and Identity Management - Conference Presentation: slides (MS .ppt)
	Adaptive Identity Management (vision): paper and presentation