Marco Casassa MontBMT Group Ltd | BMT · Defense and Security
Marco Casassa Mont
About
118
Publications
10,670
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,847
Citations
Publications
Publications (118)
Nowadays, due to the evolution of information technologies and their adoption in the healthcare domain, new risks to medical data protection and patient privacy are increasingly present. It is therefore important to implement approaches that can prevent rapidly emerging cyber-attacks. Essentially, the adoption of cyber security measures in healthca...
Complying with privacy in multi-jurisdictional health domains is important as well as challenging. The compliance management process will not be efficient unless it manages to show evidences of explicit verification of legal requirements. In order to achieve this goal, privacy compliance should be addressed through “a privacy by design” approach. T...
Organisations are witnessing an unprecedented escalation of cyber-crime attacks and struggle to protect against them. Rethinking security is required to cope with numerous new challenges arising today: the sophistication of new attacks, the increasing weakness of traditional security controls, the explosion of data to be collected and analysed to d...
The present disclosure relates to a network device that determines a persistent network identity for a networked device. Specifically, the network device receives a service request that includes an identifier for a second network device in a sub-network among a plurality of sub-networks. The identifier uniquely corresponds to the second network dev...
The increasing number of IoT devices raises concerns about the amount of data they generate and-more importantly-their content, having security and privacy implications. The Things are mostly constrained by typical embedded design limitations from non-extensible functionalities to poor or non-existent configuration; adding security features to thes...
The governance of privacy and personal information on cloud environments is challenging and complex. Usually many regulatory frameworks intervene to reflect diverse privacy wishes from several stakeholders. This includes data owners, data and services providers and also the end users. Focusing mainly on medical domains, this issue is particularly i...
We present an integrated approach for automating service providers' compliance with data protection laws and regulations, business and technical requirements in cloud computing. The techniques we propose in particular include: natural language analysis (of legislative and regulatory texts, and corporate security rulebooks) and extraction of enforce...
Web interactions usually require the exchange of personal and confidential information for a variety of purposes, including enabling business transactions and the provisioning of services. A key issue affecting these interactions is the lack of trust and control on how data are going to be used and processed by the entities that receive it. In the...
The management of privacy and personal information within multi-cultural domain such as clouds and other universal collaborative systems requires intrinsic compliance-checking and assurance modules in order to increase social trust and acceptance. Focusing mainly on medical domains, this issue is particularly important due to the sensitivity of hea...
Data to be output to a removable storage medium is encrypted for sending to an output device by an encryption process based on encryption parameters comprising public data of a trusted party and an encryption key string comprising a policy for allowing the output of the data. The trusted party provides a decryption key to the output device but only...
Increasing reliance on IT and the worsening threat environment mean that organisations are under pressure to invest more in information security. A challenge is that the choices are hard: money is tight, objectives are not clear, and there are many relevant experts and stakeholders. A significant proportion of the research in security economics is...
A system for analyzing a process, comprising a model engine to generate a model of the environment using multiple components defining adjustable elements of the model and including components representing a process for provisioning and de-provisioning of access credentials for an individual in the environment and a risk analyzer to calculate multip...
This paper describes a data management solution and associated key management approaches to provide accountability within service provision networks. One particular area of interest for the application of this solution would be in the cloud, in order to address privacy issues. The central idea involves machine readable policies that stick to data t...
We provide an approach for real-time analysis of ongoing events in a controlled network. We propose ReasONets, i.e. Reasoning on Networks, a distributed and lightweight system, able to process and reason about anomalies and incidents observed in closed net- works. To the best of our knowledge this is the first system combining detections and classi...
Web interactions usually require the exchange of personal and confidential information for a variety of purposes, including enabling business transactions and the provisioning of services. A key issue affecting these interactions is the lack of trust and control on how data is going to be used and processed by the entities that receive this data. I...
This document is an official, public delivery of the UK collaborative project EnCoRe (Ensuring Consent and Revocation), coordinated by HP Labs. It describes the final EnCoRe Technical Architecture and solutions to support dynamic consent (whereby data subjects provide or amend informed consent -potentially in a fine-grained way -to govern access an...
This document is an example of the type of report an organisation would receive at the end of a HP Security Analytics engagement. The focus is on the analysis of the security risks and performance of the organisation's Security Incident Management Processes and related Security Operation Centre (SOC)'s activities. HP Labs carried out the underlying...
We present in this paper the novel concept of a policy orchestration service, which is designed to facilitate security and privacy governance in the enterprise, particularly for the case where various services are provided to the enterprise through external suppliers in the cloud. The orchestration service mediates between the enterprises' internal...
This paper introduces and discusses a data management solution to provide accountability within the cloud as well as addressing privacy issues. The central idea is as follows: Customers allow cloud (service) providers to have access to specific data based on agreed policies and by forcing interactions with interchangeable independent third parties...
Machine-readable policies can stick to data to define allowed usage and obligations as it travels across multiple parties, enabling users to improve control over their personal information. The EnCoRe project has developed such a technical solution for privacy management that is suitable for use in a broad range of domains.
Clinical practitioners and medical researchers often have to share health data with other colleagues across Europe. Privacy compliance in this context is very important but challenging. Automated privacy guidelines are a practical way of increasing users' awareness of privacy obligations and help eliminating unintentional breaches of privacy. In th...
This paper presents and discusses our work to provide organizations with risk assessment and decision support capabilities when dealing with their strategic security policies. We aim at achieving this by using a rigorous and scientific methodology (and tools) which leverages modeling and simulation techniques. This methodology helps organizations t...
In this paper we survey existing work on automatically processing legal, regulatory and other policy texts for the extraction
and representation of privacy knowledge and rules. Our objective is to link and apply some of these techniques to policy enforcement
and compliance, to provide a core means of achieving and maintaining customer privacy in an...
This paper introduces and discusses a data management solution to provide accountability within the cloud as well as addressing
privacy issues. The central idea is as follows. Customers allow cloud (service) providers to have access to specific data
based on agreed policies and by forcing interactions with interchangeable independent third parties...
An important critical success factor for PRIME technology will be userfriendly and intelligible user interfaces that convey and enhance trust. Such user interfaces have to meet challenges such as:
User-friendly representation of complex PET concepts: PRIME and other privacy-enhancing technologies (PETs) are based on technical concepts or construct...
Privacy obligation policies define and describe the expected behaviours and constraints to be satisfied by data receiving
entities (e.g. enterprises, service providers, e-commerce sites, etc.) when handling confidential and personal data. In this
section we will often refer to data receiving entities as enterprises. They dictate a privacy-aware ide...
Privacy-aware identity lifecycle management processes must be put in place by enterprises to effectively manage the lifecycle
of personal and confidential information according to privacy (law) requirements – over time and across various contexts and
solutions. As anticipated, this includes dealing with data retention, data deletion, satisfying not...
An analytic methodology involving modeling and simulation could help decision makers determine how their employees' use of social networks impacts their organization, identify how to mitigate potential risks, and evaluate the financial and organizational implications of doing so.
The adoption of Social Networks by employees poses a new series of threats for organizations, including data leakage. Organizations need to better understand the implications and how to react. We aim at making progress in this area by analyzing some of the key risks that enterprises could face. We explore the suitability of using an analytic approa...
The increasing proportion of elderly people in most industrialised countries introduces new challenges. One of these is the provision of efficient and cost-effective caring. Assistedliving solutions use technological tools to allow medical care to be remotely provided to individuals and to provide monitoring capabilities permitting carers and medic...
This paper proposes a conceptual model for privacy policies that takes into account privacy requirements arising from different
stakeholders, with legal, business and technical backgrounds. Current approaches to privacy management are either high-level,
enforcing privacy of personal data using legal compliance, risk and impact assessments, or low-l...
We argue in favour of a set of particular tools and approaches to achieve accountability in cloud computing. Our concern is helping cloud providers achieve their security goals and meeting their customers? security and privacy requirements. The techniques we propose in particular include: natural-language analysis (of legislative and regulatory tex...
The sharing of medical data between different healthcare organizations in Europe must comply with the legislation of the Member State where the data were originally collected. These legal requirements may differ from one state to another. Privacy requirements such as patient consent may be subject to conflicting conditions between different nationa...
European data protection regulation states that or ganisations must have data subjects' consent to use their personally identifiable information (PII) for a variety of purposes. Solutions have been propose d which generally handle consent in a coarse-grained way, by means of opt in/out choices. However, we believe that consent's representation shou...
We make the case for an integrated approach to privacy management within organisations. Current approaches to privacy management are either too high-level, enforcing privacy of personal data using legal compliance, risk and impact assessments, or too low-level, focusing only on the technical implementation of access controls to personal data held b...
Federated Identity Management is an emerging paradigm that is rightly getting a lot of standardization and research attention. One aspect that is not receiving enough attention is assurance. Given the challenges enterprises faced trying to demonstrate appropriate control of their internal and monolithic identity management systems, the problem of h...
Identity and Access Management (IAM) is a key enabler of enterprise businesses: it supports automation, security enforcement, and compliance. However, most enterprises struggle with their Identity and Access Management strategy. Discussions on IAM primarily focus at the IT operational level, rather than targeting strategic decision-makers' issues,...
Managing the information stewardship lifecycle is a chal-lenge. In the context of cloud computing, the stakeholders in cloud ecosystems must also take account of the demands of the information stewardship lifecycles of other participants in the ecosystem. We de-scribe a modelling framework — incorporating tools from mathematical systems modelling,...
Identity and Access Management (IAM) is a key enabler of enterprise businesses: It supports automation, security enforcement and compliance. However, most enterprises struggle with their Identity and Access Management strategy. Discussions on IAM primarily focus at the IT operational level, rather than targeting strategic decision makers' issues, a...
This paper proposes a conceptual model for privacy policies that takes into account privacy requirements arising from different stakeholders, with legal, business and technical backgrounds. Current approaches to privacy management are either high-level, enforcing privacy of personal data using legal compliance, risk and impact assessments, or low-l...
To be processed within a healthgrid environment, medical data goes through a complete lifecycle and several stages until it is finally used for the primary reason it has been collected for. This stage is not always the final occurrence of when the data would have been manipulated. The data could rather continue to be needed for secondary purposes o...
It is hard for security practitioners and decision-makers to know what level of protection they are getting from their investments in security, especially when they have invested in a number of technologies and processes which interact and combine together. It is even harder to estimate how well these investments can be expected to protect their or...
The integration of different European medical systems by means of grid technologies will continue to be challenging if technology does not intervene to enhance interoperability between national regulatory frameworks on data protection. Achieving compliance in European healthgrid domains is crucial but challenging because of the diversity and comple...
The process of making IT (security) policy decisions, within organizations, is complex: it involves reaching consensus between a set of stakeholders (key decision makers, e.g. CISOs/CIOs, domain experts, etc.) who might have different views, opinions and biased perceptions of how policies need to be shaped. This involves multiple negotiations and i...
The harmonization of data protection law in Europe has been theoretically achieved by means of the EU directive on data protection [1]. In practice the harmonization is not absolute and conflicts continue to exist on the ways member states are implementing the directive. The integration of different European medical systems by means of grid technol...
The harmonization of data protection legislation in Europe has been theoretically achieved by means of the EU directive on data protection. In practice the harmonization is not absolute and conflicts and inconsistencies continue to exist in the way Member States are implementing the directive. The integration of different European medical systems b...
Privacy [4] in the digital world is an important problem which is becoming even more pressing as new collaborative applications are developed. The lack of privacy preserving mechanisms is particularly problematic in federated identity management contexts. In such a context, users can seamlessly interact with a variety of federated web services, thr...
identity management, device, privacy, user control, trust, federated services This paper describes R&D work on "Identity-aware Devices", in the context of federated services. The aim is to put users in control of their credentials and identities and enable simple, secure, trustworthy and transparent access to federated services. Current users' expe...
People are usually asked by enterprises to disclose their personal information to access web services and engage in business interactions. Enterprises need this information to enable their business processes. This is unlikely to change, at least in the foreseeable future. When collecting personal data, enterprises must satisfy privacy laws and poli...
In today’s information society, users have lost effective control over their personal spheres. Emerging pervasive computing technologies, where individuals are usually unaware of a constant data collection and processing in their surroundings, will even heighten this problem. It is, however critical, to our society and to democracy to retain and ma...
This paper focuses on the management of device-based identities within enterprises. This is a key re- quirement in enterprises where the identities of platforms and devices have become as important as the identities of humans to grant access to enterprise resources. In this context, access control systems need to understand which devices with what...
Identity Management (IdM) comes in two dimensions: First, the secure and efficient creation, use, and administration of personal attributes which make up a digital identifier of a human and used in large scale global networks, such as the Internet. Second, as in-house IdM which is a core component of enterprise security management. In this panel we...
In this paper we address the appropriate management of risk in federated identity management systems by presenting an identity assurance framework and supporting technologies. We start by discussing the risk mitigation framework that should be part of any identity assurance solution. We then demonstrate how our model based assurance technologies ca...
Privacy management is important for enterprises that handle personal data: they must deal with privacy laws and people's expectations. Currently much is done by means of manual processes, which make them difficult and expensive to comply. Key enterprises' requirements include: automation, simplification, cost reduction and leveraging of current ide...
Privacy management is important for enterprises that collect, store, access and disclose personal data. Among other things,
the management of privacy includes dealing with privacy obligations that dictate duties and expectations an enterprise has
to comply with, in terms of data retention, deletion, notice requirements, etc. This is still a green a...
The Trusted Computing Group (TCG) has developed specifications for computing platforms that create a foundation of trust for
software processes, based on a small amount of extra hardware [1,2]. Several million commercial desktop and laptop products
have been shipped based upon this technology, and there is increasing interest in deploying further p...
People are often required to disclose personal identifying information (PII) in order to achieve their goals, e.g. when accessing services, obtaining information and goods, etc. Being able to say with absolute certainty that another party can be trusted to properly handle personal data with today's technology is probably unrealistic. Feedback solut...
It is common practice for enterprises and other organisations to ask people to disclose their personal data in order to grant them access to services and engage in transactions. This practice is not going to disappear, at least in the foreseeable future. Most enterprises need personal information to run their businesses and provide the required ser...
In this paper we describe a system for allocating computational re- sources to distributed applications and services (within distributed data centres and utility computing systems) in order to perform operations on personal or confidential data in a way that is compliant with associated privacy policies. Relevant privacy policies are selected on th...
People are usually asked by enterprises and other organizations to disclose their personal information to access web services and engage in business interactions. Enterprises need this information to enable their business processes. This is unlikely to change, at least in the foreseeable future. When collecting personal data, enterprises must satis...
This paper aims at setting the context for privacy-aware information lifecycle management within enterprises, i.e. the process of handling the lifecycle of personal and confidential information in a way that is compliant with privacy laws and people’s expectations (including data retention, deletion, notifications, data transformation, etc.). Despi...
By 'Obligation Management' we refer to the definition, automated enforcement, and monitoring of privacy obligation policies. Privacy policies are nowadays found on most organisations' web pages, especially when data is directly collected from the user/customer. The paper demonstrates how users can influence rather than merely accept a privacy polic...
This paper explores and analyses the explicit management of privacy obligations in enterprises. Privacy obligations dictate behaviours, tasks and constraints that must be satisfied by enterprises when handling personal and confidential data. it is important for enterprises to satisfy obligations to comply with laws, preserve their reputation and me...
This paper describes issues and requirements related to privacy management as an aspect of improved governance in enterprises.
Most of the existing related technical work is based on auditing and reporting mechanisms. The focus of this paper is on privacy
enforcement for personal data: this is still a green field. To enforce the execution of privac...
are retrieved from standard data repositories, in such a way that parts of these data are obfuscated and associated with privacy policies. Data structures containing confidential data are "first class" objects that can be sent to other parties. Entities that try to access their content can be different from those entities that retrieve these object...
privacy, IT governance, privacy policy enforcement, privacy-aware access control, privacy obligations, regulatory compliance This paper describes issues and requirements related to privacy management as an aspect of improved governance in enterprises. It focuses on the privacy enforcement aspect, in particular related to privacy-aware access contro...
This paper reviews trust from both a social and technological perspective and proposes a distinction between persistent and
dynamic trust. Furthermore, this analysis is applied within the context of trusted computing technology.
This paper draws a distinction between persistent and dynamic trust and analyses this distinction within the context of trusted computing technology. Abstract. This paper draws a distinction between persistent and dynamic trust and analyses this distinction within the context of trusted computing technology.
Being able to say with absolute certainty that another party can be trusted to handle personal information with today's technology is probably unrealistic. In this paper we explain an approach to establishing trust based on the status of a remote platform and an anticipated willingness of the other party to comply with prior negotiated obligations....
The management and enforcement of privacy obligations is a challenging task: it involves legal, organizational, behavioral
and technical aspects. This area is relevant for enterprises and government agencies that deal with personal identity information.
Privacy and data protection laws already regulate some of the related aspects. Technical work ha...
This paper focuses on the problem of dealing with privacy obligations in enterprises. Privacy obligations dictate expected behaviours, tasks and constraints that must be satisfied when handling personal and confidential data. This includes being compliant with data retention policies and satisfying constraints dictated by customers’ opt-in and opt-...
Digital identities are fundamental to enable digital interactions and transactions on the web. The current digital identity model, based on the "identity = data" paradigm, starts showing its limitations when addressing people's expectations about their identities (in terms of preferences, privacy, trust, etc.) and providing them with degrees of ass...
Digital identities and profiles are valuable assets: they are more and more relevant to allow people to access services and
information on the Internet. They need to be secured and protected. Unfortunately people have little control over the destiny
of this information once it has been disclosed to third parties. People rely on enterprises and orga...
The management of private and confidential information is a major problem for dynamic organizations. Secure solutions are needed to exchange confidential documents, protect them against unauthorized accesses and cope with changes of people's roles and permissions. Traditional cryptographic systems and PKI show their limitations, in terms of flexibi...
Digital identities and profiles are precious assets. On one hand they enable users to engage in transactions and interactions on the Internet. On the other hand, abuses and leakages of this information could violate the privacy of their owners, sometimes with serious consequences. Nowadays most of the people have limited understanding of security a...
This paper presents a distributed authorisation model suitable for use in a web service framework where multiple parties are involved in performing a particular transaction. The authorisation model uses a third party authorisation service that checks users or services' credentials against a set of authorisation policies. A traditional service provi...
This paper describes our approach to the evolution of enterprise privacy policies and related privacy management ecosystems. We argue that it is important to be able to express enforceable privacy policies, to explicitly manage accountability and to develop the whole privacy infrastructure, rather than just one part of this. In this paper we briefl...
This document describes an innovative approach and related mechanisms to enforce users' privacy by putting users in control and making organizations more accountable
Digital information is increasingly more and more important to enable interactions and transactions on the Internet. On the other hand, leakages of sensitive information can have harmful effects for people, enterprises and governments.This paper focuses on the problems of dealing with timed release of confidential information and simplifying its ac...
privacy policy, privacy language, accountability, enforcement, mobility This paper describes our approach to the evo lution of enterprise privacy policies and related privacy management ecosystems. We argue that it is important to be able to express enforceable privacy policies, to explicitly manage accountability and to develop the whole privacy i...
The management of confidential and sensitive information is a major problem for people and organisations. Dynamic organisations require secure solutions to protect confidential documents against unauthorised access and to cope with changes to people's roles and permissions. Solutions based on traditional cryptographic systems and PKI show their lim...
This paper describes our approach to the long-term evolution of enterprise privacy languages and related privacy management ecosystems. We believe in the importance of privacy languages that express enforceable policies, in the need for an explicit management of accountability and in the development of the whole privacy infrastructure, rather than...
Digital information is increasingly more and more important to enable interactions and transactions on the Internet. On the other hand, leakages of sensitive information can have harmful effects for people, enterprises and governments.This paper focuses on the problems of dealing with timed release of confidential information and simplifying its ac...
This paper focuses on the problem of protecting confidential information from unauthorized disclosures, subject to time-based criteria: it is a common issue in the industry, government and day-to-day life. We introduce an innovative service, the Time Vault Service, that leverages the emerging Identity-based Encryption (IBE) cryptography schema to e...
In this paper we briefly describe some current techniques and mechanisms used to ensure diversity in software applications. We then introduce and discuss an alternative approach to software diversity aiming at the reduction of widespread software attacks and faults. This approach takes advantage of the componentisation of modern software solutions...
This paper analyses the role identity services play in supporting business-to-business (B2B) e-commerce. There are many good reasons for outsourcing identity management, and current solutions address some of these such as convenience or access control at the time of a transaction
In this paper we address the problem of providing up-to-date certified information in dynamic contexts without the burden of heavy management processes. We introduce and discuss the concept of active digital credential, based on a novel mechanism to provide up-to-date certified identity and profile information along with a fine-grained assessment o...
Digital identities, profiles and their management are increasingly required to enable interactions and transactions on the Internet among people, enterprises, service providers and government institutions.
The rise of e-marketplaces on the Internet is going to bring a
broad new set of business opportunities to enterprises and customers at
a fraction of the physical-world costs. However, to be really
successful, these e-marketplaces must be open, trusted, fair and
transparent. They must be able to convey on-line the same feeling of
trust, security and...
It is well understood that using a software component methodology can simplify the development and maintenance of systems. Web services allow this vision to be extended allowing components to be made available on the Internet. This paper proposes the use of trust services as third party Web services that allow trust operations to be extracted from...
Recent IT attacks demonstrated how vulnerable consumers and enterprises are when adopting commercial and widely deployed operating systems, software applications and solutions. Diversity in software applications is fundamental to increase chances of survivability to faults and attacks. Current approaches to diversity are mainly based on the develop...
Identities and profiles are important to enable e-commerce transactions. Recent initiatives, like Microsoft .MyServices and
Liberty Alliance Project, aim at the provision of identity and profile management solutions along with mechanisms to simplify
users’ experience. These solutions must be trusted and accountable. Current PKI solutions can be use...