|
This is formatted in the style of this web page,
obviously. If you'd like a plain text version that looks
good when printed out, you can find it here. This resume is here simply
to provide information about the work I have done; I am
not seeking employment at this time.
|
|
Amy L. Herzog
|
The MITRE Corporation
202 Burlington Road
M/S S117
Bedford, MA 01730
781.271.5271
aherzog@mitre.org
|
|
Objective
|
An information security position with emphasis on
theoretical research. Interests include formal analysis of
cryptographic protocols and security system modeling.
|
|
Technical Skills
|
|
Security
|
Cryptography and cryptographic protocols, Mandatory
Access Control (TE and RBAC), SSH, Key Management,
IPsec, PKI, smart cards, PAM, UNIX system security,
Intrusion Detection, system logging, some firewall
experience.
|
|
OS
|
Solaris, Linux (Red Hat), IRIX, Windows 95/NT,
Security-Enhanced Linux
|
|
Languages
|
CAML and OCAML, scheme, perl and bash scripting
|
|
Other
|
AFS, NFS, TCP/IP, NIS, IMAP, DNS
|
|
|
Publications
|
"Authentication and
Confidentiality via IPsec" ESORICS 2000 Conference
Proceedings. [Joint work with Joshua Guttman and F. Javier
Thayer Fabrega.]
"Achieving Security Goals with
Security-Enhanced Linux." Extended abstract presented at
IEEE Symposium on Security and Privacy, 2002. [Joint work
with Joshua Guttman.]
"Eager Formal Methods for
Security Management" VERIFY 2002 Conference
Proceedings. [Joint work with Joshua Guttman.]
|
|
Work Experience
|
|
July 2001 - present: The MITRE Corporation
|
|
Senior INFOSEC Engineer
|
Security-Enhanced Linux Modeling. State
machine-based modeling of policy for NSA-designed
Security-Enhanced Linux (a Mandatory Access Control
operating system). Ongoing work to formalize achievable
security goals for SELinux, develop proof method using
model checking tools, and implement general policy
analysis tool.
Multicast Protocol Analysis. Ongoing work to
develop formal methods-based analysis techniques for
multicast security protocols. (We are using GSAKMP as a
motivating example.)
Advanced Protocol Analysis. Work to extend
and improve upon the Strand Space protocol analysis
method, particularly in the realm of expanded
penetrator ability.
Secure Distributed Computing. Ongoing work to
provide security solutions for distributed computing
bases. Currently providing prototypes for the Jini
distributed computing environment.
Software Protection Initiative. Ongoing work to
provide software protection solutions that are not
reliant upon export restrictions of any kind.
Associate Project Leader. August
2002-present. Responsible for project leadership of
$1.2-million project with approximately 5 staff-years
of staffing. Responsibilities include financial and
personnel time management, briefings and progress
reports to sponsor, task management oversight, and
maintenance of project documents.
|
|
August 2000 - June 2001: Akamai Technologies
|
|
Security Systems Engineer
|
Key Management Infrastructure. Designed global Key
Management Infrastructure for all keys used at Akamai
Presented design to Architecture Board for formal
design review; won approval for project. Oversaw
initial development of components.
Operating System Security Tightening. Was
responsible for analyzing and improving the security of
operating system (linux-based) deployed on worldwide
network. Analyzed holes and proposed hardened
solution. This task involved heavy use of several
hardening / security analysis tools (e.g. Bastille
Linux, COPS / Tiger, SAINT, Nessus)
Cryptographic Filesystem Evaluation. Performed
evaluation effort for feasibility of worldwide
cryptographic filesystem deployment. Examined CryptFS,
Loopback encryption, SFS, PPDD, CFS/TCFS, and
rubberhose. Made report and recommendation to Security
Architects.
|
|
January 1998 - August 2000: The MITRE
Corporation
|
|
INFOSEC Engineer
|
IPsec Management Tool. Analyzed problem of IPsec
management; developed mathematical model; published
results. Duties included briefing sponsor on progress
in both presentation and technical paper formats.
System administration of corporate research
computer network (a collection of several hundred UNIX
systems). Skills learned / used include AFS, NFS, NIS,
general UNIX administration, maintenance and upgrade of
Cyrus IMAP server.
Internal PKI Deployment. Worked closely with team
to deploy internal PKI. Duties included significant
end-user training on both one-on-one and group basis,
close work with vendors and management to ease
transition.
Smart Card Pilot. Working within current PKI
parameters, designed internal, phased smart card
pilot. Duties involved close work with vendors,
progress presentations to management, and all design
aspects of pilot. Won funding approval for
project.
Information Warfare Modeling. Duties included
writing funding proposal, theoretical work to define
mathematical model, categorization of types of attacks,
detailed study of common UNIX attacks to populate
vulnerabilities database.
|
|
|
Education
|
Pomona College, Claremont CA. BA in Mathematics, May 1997.
|
|
