Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
ObjectSecurity
open-in-new
<h2 id="history">History</h2> <p>ObjectSecurity was founded in 2000 by information security experts, Ulrich Lang and Rudolf Schreiner.<a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a> At that time, Lang was a researcher at the <a href="/facts/University_of_Cambridge/0la7aX9o">University of Cambridge</a> <a href="/facts/Computer_Laboratory%2c_University_of_Cambridge/Dd9unFtw">Computer Laboratory</a>, working on "Access Policies for <a href="/facts/Middleware/HobNosz9">Middleware</a>", and both were working as independent information security consultants.<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a> </p><p>Initially, ObjectSecurity was mainly working on customer projects around <a href="/facts/Middleware/HobNosz9">middleware</a> security, esp. <a href="/facts/CORBA/VUDlTHs5">CORBA</a>, but they quickly remarked that it was not possible to author and maintain security configurations for interconnected, distributed application environments. In an attempt to solve this challenges, the team built a full <a href="/facts/Object_Management_Group/SNpN8n9U">OMG</a> <a href="/facts/CORBA/VUDlTHs5">CORBA</a> Security SL3 & <a href="/facts/SSLIOP/NhUA2Q8y">SSLIOP</a> open source implementation based on <a href="/facts/MICO/wPuk1Udv">MICO</a> CORBA.<a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a> </p> <h3>Security Policy Automation</h3> <p>To solve various challenges around implementing secure distributed systems, ObjectSecurity released OpenPMF version 1,<a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a> at that time one of the first <a href="/facts/Attribute_Based_Access_Control/G0e147WX">Attribute Based Access Control</a> (ABAC) products in the market. It allowed the central authoring of access rules, and the automatic enforcement across all middleware nodes using local decision/enforcement points. Thanks to the support of several <a href="/facts/European_Union/6GYcR8qM">EU</a> funded research projects, ObjectSecurity found that a central ABAC approach alone was not a manageable way to implement security policies.<a class="footnote-ref" id="fnref:9" href="#fn:9"><sup>9</sup></a><a class="footnote-ref" id="fnref:10" href="#fn:10"><sup>10</sup></a> </p><p>ObjectSecurity released OpenPMF version 2. It is based on a concept called <a href="/facts/Model-driven_security/khqXse3P">model-driven security</a> which allows the intuitive, business-centric specification of security requirements and the automatic generation of enforceable securities policies.<a class="footnote-ref" id="fnref:11" href="#fn:11"><sup>11</sup></a><a class="footnote-ref" id="fnref:12" href="#fn:12"><sup>12</sup></a> OpenPMF version 2 was designed to bridge the semantic gap between the policies that users manage, and the policies that are technically implemented. At the time of the release of OpenPMF version 2, <a href="/facts/Model-driven_security/khqXse3P">model-driven security</a> was tied together with a <a href="/facts/Model-driven_development/vznUHbSm">model-driven development</a> process for applications, especially for agile <a href="/facts/Service_oriented_architecture/g8krR0dk">service oriented architecture</a> (SOA).<a class="footnote-ref" id="fnref:13" href="#fn:13"><sup>13</sup></a> </p><p>After years of publishing and presenting the scientific and technical approach, some analyst firms, such as <a href="/facts/Gartner/T4pPSLWF">Gartner</a> took note of the scientific approach.<a class="footnote-ref" id="fnref:14" href="#fn:14"><sup>14</sup></a> Several other awards and recognition followed.<a class="footnote-ref" id="fnref:15" href="#fn:15"><sup>15</sup></a><a class="footnote-ref" id="fnref:16" href="#fn:16"><sup>16</sup></a> OpenPMF version 3 was released in 2010, supporting advanced policies, <a href="/facts/Eclipse_(software)/YoqHVjas">Eclipse</a>, <a href="/facts/Cloud_computing/guhg0FGV">cloud</a>, <a href="/facts/Business_Process_Model_and_Notation/JQ1w8eWJ">BPMN</a>,<a class="footnote-ref" id="fnref:17" href="#fn:17"><sup>17</sup></a> SOA, <a href="/facts/XACML/oWm4wa7C">XACML</a>, pub-sub/DDS, and numerous additional enforcement points.<a class="footnote-ref" id="fnref:18" href="#fn:18"><sup>18</sup></a> ObjectSecurity also extended their <a href="/facts/Model-driven_security/khqXse3P">model-driven security</a> approach to include automatic compliance/accreditation analysis and evidence generation<a class="footnote-ref" id="fnref:19" href="#fn:19"><sup>19</sup></a> </p><p>In 2009, ObjectSecurity set up an independent legal entity in <a href="/facts/California/zLW2vdQJ">California</a>, United States to be closer to their US-based customers.<a class="footnote-ref" id="fnref:20" href="#fn:20"><sup>20</sup></a> </p><p>In recent years, ObjectSecurity has extended OpenPMF to support automatic system detection, automated formal testing,<a class="footnote-ref" id="fnref:21" href="#fn:21"><sup>21</sup></a> virtual reality support, API server etc., enabling security policy automation without the need to install local agents, and allowing the use of <a href="/facts/Model-driven_security/khqXse3P">model-driven security</a> without the need for a <a href="/facts/Model-driven_development/vznUHbSm">model-driven development</a>. OpenPMF's support for advanced access control models including proximity-based access control, PBAC was also further extended.<a class="footnote-ref" id="fnref:22" href="#fn:22"><sup>22</sup></a> </p> <h2 id="products">Products</h2> <h3>OpenPMF 4.0</h3> <p>In 2017, ObjectSecurity released OpenPMF version 4.0, which includes a new browser-based user interface, cloud support, and numerous other features.<a class="footnote-ref" id="fnref:23" href="#fn:23"><sup>23</sup></a> </p> <h3>Supply Chain Risk Analysis Automation</h3> <p>In 2019, ObjectSecurity released a beta version of a <a href="/facts/United_States_Navy/xYK0fUou">United States Navy</a> <a href="/facts/SBIR/0XBSXmpt">SBIR</a> funded<a class="footnote-ref" id="fnref:24" href="#fn:24"><sup>24</sup></a> Supply Chain Risk Analysis Management Solution (SCRAMS),<a class="footnote-ref" id="fnref:25" href="#fn:25"><sup>25</sup></a> which analyzes procurement information from <a href="/facts/SAP_SE/pVwH8lks">SAP</a> and other sources for anomalies indicating supply chain risks. </p> <h3>Vulnerability Assessment & Pen-Testing Automation (VAPT)</h3> <p>In 2019, ObjectSecurity released an alpha version of a U.S. <a href="/facts/United_States_Navy/xYK0fUou">United States Navy</a> <a href="/facts/SBIR/0XBSXmpt">SBIR</a> funded<a class="footnote-ref" id="fnref:26" href="#fn:26"><sup>26</sup></a> VAPT automation tools,<a class="footnote-ref" id="fnref:27" href="#fn:27"><sup>27</sup></a> which automatically analyze both IP systems/networks and embedded devices (via non-IP ports) for software vulnerabilities. </p> <h3>BinLens</h3> <p>BinLens,<a class="footnote-ref" id="fnref:28" href="#fn:28"><sup>28</sup></a> previously known as OT.AI Platform,<a class="footnote-ref" id="fnref:29" href="#fn:29"><sup>29</sup></a> is an <a href="/facts/Operational_Technology/jHUvzTEl">Operational Technology</a> / <a href="/facts/Industrial_control_system/YzgsMy2x">Industrial control system</a> firmware security-assessment platform, aimed to detect <a href="/facts/Common_Vulnerabilities_and_Exposures/r6uEABNB">Common Vulnerabilities and Exposures</a> at the firmware level for many industrial devices, including PLCs, HMIs, SCADA Systems, etc. </p> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>Memon, Atif M., ed. (26 February 2014). Advances in Computers Volume 93. Academic Press (Elsevier). p. 113. ISBN 978-0-12-800162-2. <a href="978-0-12-800162-2" target="_blank">978-0-12-800162-2</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>"OpenPMF Website". Object Security. <a href="http://www.openpmf.com" target="_blank">http://www.openpmf.com</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>"Cool Vendors in Application Security and Authentication, 2008". Archived from the original on March 4, 2016. <a href="https://web.archive.org/web/20160304201523/https://www.gartner.com/doc/639714/cool-vendors-application-security-authentication" target="_blank">https://web.archive.org/web/20160304201523/https://www.gartner.com/doc/639714/cool-vendors-application-security-authentication</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>"AFMEP: Air Force Supply Chain Challenge Finalist & ITC 2019 expo". Object Security. 2019-11-12. <a href="https://objectsecurity.com/afwerx" target="_blank">https://objectsecurity.com/afwerx</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>"About Object Security". Object Security. <a href="http://www.objectsecurity.com/en-contact-team.html" target="_blank">http://www.objectsecurity.com/en-contact-team.html</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>Lang, Ulrich (May 2003). "Technical Report (Number 564): Access Policies for Middleware, PhD Thesis" (PDF). University of Cambridge Computer Laboratory. Retrieved 2024-03-18. <a href="http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-564.pdf" target="_blank">http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-564.pdf</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>Lang, Ulrich; Schreiner, Rudolf (1 February 2002). Developing Secure Distributed Systems with COBRA. Artech House Publishers. ISBN 9781580532952. <a href="9781580532952" target="_blank">9781580532952</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>Lorang, Gerald (2004). "New Coach platform improves development of distributed applications. in Primeur Magazine". www.hoise.com. Archived from the original on December 12, 2004. <a href="https://web.archive.org/web/20041212163759/http://www.hoise.com/primeur/04/articles/monthly/AE-PR-09-04-61.html" target="_blank">https://web.archive.org/web/20041212163759/http://www.hoise.com/primeur/04/articles/monthly/AE-PR-09-04-61.html</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>"AD4EU FP6 Project Website". <a href="http://ec.europa.eu/research/transport/projects/items/ad4_en.htm" target="_blank">http://ec.europa.eu/research/transport/projects/items/ad4_en.htm</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> <li id="fn:10"><p>"COACH project flyer" (PDF). <a href="http://objectsecurity.com/doc/coachprojectflyer.pdf" target="_blank">http://objectsecurity.com/doc/coachprojectflyer.pdf</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></p></li> <li id="fn:11"><p>Memon, Atif M., ed. (26 February 2014). Advances in Computers Volume 93. Academic Press (Elsevier). p. 113. ISBN 978-0-12-800162-2. <a href="978-0-12-800162-2" target="_blank">978-0-12-800162-2</a> <a href="#fnref:11" class="footnote-back-ref">↩</a></p></li> <li id="fn:12"><p>"The newsletter of LTN's Information & Communications Technologies Special Interest Group 2008, p.4 (PDF hosted by ObjectSecurity, LTN is not operating anymore )" (PDF). <a href="http://objectsecurity.com/doc/LTnetwork-ICT-SIG-newsletter-April-2008-cached.pdf" target="_blank">http://objectsecurity.com/doc/LTnetwork-ICT-SIG-newsletter-April-2008-cached.pdf</a> <a href="#fnref:12" class="footnote-back-ref">↩</a></p></li> <li id="fn:13"><p>"The newsletter of LTN's Information & Communications Technologies Special Interest Group 2008, p.4 (PDF hosted by ObjectSecurity, LTN is not operating anymore )" (PDF). <a href="http://objectsecurity.com/doc/LTnetwork-ICT-SIG-newsletter-April-2008-cached.pdf" target="_blank">http://objectsecurity.com/doc/LTnetwork-ICT-SIG-newsletter-April-2008-cached.pdf</a> <a href="#fnref:13" class="footnote-back-ref">↩</a></p></li> <li id="fn:14"><p>"ObjectSecurity Publications Website". <a href="http://www.objectsecurity.com/en-home-resources.html" target="_blank">http://www.objectsecurity.com/en-home-resources.html</a> <a href="#fnref:14" class="footnote-back-ref">↩</a></p></li> <li id="fn:15"><p>"TeleTrusT Awards" (PDF). <a href="http://www.objectsecurity.com/doc/ISSE%202009-10-07_TeleTrusT%20Innovation%20Award_090930-EN.pdf" target="_blank">http://www.objectsecurity.com/doc/ISSE%202009-10-07_TeleTrusT%20Innovation%20Award_090930-EN.pdf</a> <a href="#fnref:15" class="footnote-back-ref">↩</a></p></li> <li id="fn:16"><p>"University of Cambridge Computer Lab Ring Awards". 23 January 2018. <a href="https://www.cl.cam.ac.uk/ring/awards.html" target="_blank">https://www.cl.cam.ac.uk/ring/awards.html</a> <a href="#fnref:16" class="footnote-back-ref">↩</a></p></li> <li id="fn:17"><p>"Best of Open Source Software Awards 2009 (mentions the OpenPMF 2.0 integration into the open source Intalio BPMS". 31 August 2009. <a href="http://www.infoworld.com/article/2631386/open-source-software/open-source-software-best-of-open-source-software-awards-2009.html?page=2" target="_blank">http://www.infoworld.com/article/2631386/open-source-software/open-source-software-best-of-open-source-software-awards-2009.html?page=2</a> <a href="#fnref:17" class="footnote-back-ref">↩</a></p></li> <li id="fn:18"><p>"ObjectSecurity OpenPMF v3 Release" (PDF). <a href="http://www.objectsecurity.com/doc/20100222_openpmf30.pdf" target="_blank">http://www.objectsecurity.com/doc/20100222_openpmf30.pdf</a> <a href="#fnref:18" class="footnote-back-ref">↩</a></p></li> <li id="fn:19"><p>"Rudolf Schreiner and Ulrich Lang, "Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes", WISG Conference Proceedings 2009". <a href="http://csis.gmu.edu/wisg2009/" target="_blank">http://csis.gmu.edu/wisg2009/</a> <a href="#fnref:19" class="footnote-back-ref">↩</a></p></li> <li id="fn:20"><p>"ObjectSecurity in Palo Alto aims to make security automatic, Silicon Valley Business Journal, 2009". <a href="http://www.bizjournals.com/sanjose/stories/2009/07/20/smallb3.html?page=all/" target="_blank">http://www.bizjournals.com/sanjose/stories/2009/07/20/smallb3.html?page=all/</a> <a href="#fnref:20" class="footnote-back-ref">↩</a></p></li> <li id="fn:21"><p>"Beta Release Of Access Control Policy Tool, retrieved 2018". 24 May 2016. <a href="https://csrc.nist.gov/Projects/Access-Control-Policy-Tool/Beta-Release-Of-Access-Control-Policy-Tool" target="_blank">https://csrc.nist.gov/Projects/Access-Control-Policy-Tool/Beta-Release-Of-Access-Control-Policy-Tool</a> <a href="#fnref:21" class="footnote-back-ref">↩</a></p></li> <li id="fn:22"><p>"Proximity Based Access Control SBIR Award Notice, 2013". <a href="https://www.sbir.gov/sbirsearch/detail/415285" target="_blank">https://www.sbir.gov/sbirsearch/detail/415285</a> <a href="#fnref:22" class="footnote-back-ref">↩</a></p></li> <li id="fn:23"><p>"Launch OpenPMF 4.0 Security Policy Automation and Management Platform". ObjectSecurity. Retrieved 2023-08-25. <a href="https://objectsecurity.com/blog/2017/02/13/news-release/" target="_blank">https://objectsecurity.com/blog/2017/02/13/news-release/</a> <a href="#fnref:23" class="footnote-back-ref">↩</a></p></li> <li id="fn:24"><p>"Direct to Phase II – Supply Chain Risk Analysis Management Solution (SCRAMS), 2016". <a href="https://www.sbir.gov/sbirsearch/detail/1188723" target="_blank">https://www.sbir.gov/sbirsearch/detail/1188723</a> <a href="#fnref:24" class="footnote-back-ref">↩</a></p></li> <li id="fn:25"><p>"Supply Chain Risk Analysis Management Solution (SCRAMS) website, 2019". <a href="https://objectsecurity.com/scrams" target="_blank">https://objectsecurity.com/scrams</a> <a href="#fnref:25" class="footnote-back-ref">↩</a></p></li> <li id="fn:26"><p>"Red Team in a Box for Embedded and Non-IP Devices, 2018". <a href="https://www.navysbir.com/n18_2/N182-131.htm" target="_blank">https://www.navysbir.com/n18_2/N182-131.htm</a> <a href="#fnref:26" class="footnote-back-ref">↩</a></p></li> <li id="fn:27"><p>"WhizRT - VAPTBOX website, 2019". <a href="https://objectsecurity.com/vaptbox" target="_blank">https://objectsecurity.com/vaptbox</a> <a href="#fnref:27" class="footnote-back-ref">↩</a></p></li> <li id="fn:28"><p>"ObjectSecurity BitLens, 2024". <a href="https://objectsecurity.com/otai/" target="_blank">https://objectsecurity.com/otai/</a> <a href="#fnref:28" class="footnote-back-ref">↩</a></p></li> <li id="fn:29"><p>"ObjectSecurity Releases BinLens 3.0 for Advanced Binary Vulnerability Analysis, 2024". 15 November 2024. <a href="https://objectsecurity.com/otai/binlens-3-0-release/" target="_blank">https://objectsecurity.com/otai/binlens-3-0-release/</a> <a href="#fnref:29" class="footnote-back-ref">↩</a></p></li> </ol>