Amy L. Herzog
The MITRE Corporation
202 Burlington Road
M/S S117
Bedford, MA 01730
781.271.5271
aherzog@mitre.org


Objective:
==========

  An information security position with emphasis on theoretical
  research. Interests include formal analysis of cryptographic
  protocols and security system modeling.


Technical Skills:
=================

  Security:   Cryptography and cryptographic protocols, Mandatory
	      Access Control (TE and RBAC), SSH, Key Management,
	      IPsec, PKI, smart cards, PAM, UNIX system security,
	      Intrusion Detection, system logging, some firewall
	      experience 

  OS:	      Solaris, Linux (Red Hat), IRIX, Windows 95/NT

  Languages:  CAML and OCAML, scheme, some Java, perl and bash
	      scripting  

  Other:      AFS, NFS, TCP/IP, NIS, IMAP, DNS


Publications:
=============

  "Authentication and Confidentiality via IPsec" ESORICS 2000
  Conference Proceedings. [Joint work with Joshua Guttman and
  F. Javier Thayer Fabrega.]

  "Achieving Security Goals with Security-Enhanced Linux" Extended
  abstract presented at IEEE Symposium on Security and Privacy,
  2002. [Joint work with Joshua Guttman.]

  "Eager Formal Methods for Security Management" VERIFY 2002
  Conference Proceedings. [Joint work with Joshua Guttman.]


Experience:
===========

  July 2001 - present: The MITRE Corporation

    Senior INFOSEC Engineer. Security projects include: 

       o  Security-Enhanced Linux Modeling. State machine-based
	  modeling of policy for NSA-designed Security-Enhanced Linux
	  (a Mandatory Access Control operating system). Ongoing
	  work to formalize achievable security goals for SELinux,
	  develop proof method using model checking tools, and
	  implement general policy analysis tool. 

       o  Multicast Protocol Analysis. Ongoing work to develop formal
	  methods-based analysis techniques for multicast security
	  protocols. (We are using GSAKMP as a motivating example.)

       o  Advanced Protocol Analysis. Ongoing work to extend and
	  improve upon the Strand Space protocol analysis method,
	  particularly in the realm of expanded penetrator ability. 

       o  Secure Distributed Computing. Ongoing work to provide
	  security solutions for distributed computing
	  bases. Currently providing prototypes for the Jini
	  distributed computing environment.

       o  Software Protection Initiative. Ongoing work to provide
          software protection solutions that are not reliant upon
          export restrictions of any kind. 


    Management projects include: 

       o  Associate Project Leader. August 2002-present. Responsible
          for project leadership of $1.2-million project with
          approximately 5 staff-years of staffing. Responsibilities
          include financial and personnel time management, briefings
          and progress reports to sponsor, task management oversight,
          and maintenance of project documents. 



  August 2000 - June 2001: Akamai Technologies

    Security Systems Engineer. Security projects included:

       o  Key Management Infrastructure. Designed global Key
          Management Infrastructure for all keys used at Akamai
	  Presented design to Architecture Board for formal design
	  review; won approval for project. Oversaw initial
	  development of components. 

       o  Operating System Security Tightening. Was responsible for
          analyzing and improving the security of operating system
          (linux-based) deployed on worldwide network. Analyzed holes
	  and proposed hardened solution. This task involved heavy use
	  of several hardening / security analysis tools
	  (e.g. Bastille Linux, COPS / Tiger, SAINT, Nessus)

       o  Cryptographic Filesystem Evaluation. Performed evaluation
          effort for feasibility of worldwide cryptographic filesystem 
	  deployment. Examined CryptFS, Loopback encryption, SFS,
	  PPDD, CFS/TCFS, and rubberhose. Made report and
	  recommendation to Security Architects.


  January 1998 - August 2000: The MITRE Corporation

    INFOSEC Engineer. Projects included:

       o  IPsec Management Tool. Analyzed problem of IPsec management; 
          developed mathematical model; published results. Duties
	  included briefing sponsor on progress in both presentation
	  and technical paper formats.  

       o  System administration of corporate research computer network
	  (a collection of several hundred UNIX systems). Skills
	  learned / used include AFS, NFS, NIS, general UNIX
	  administration, maintenance and upgrade of Cyrus IMAP
	  server. 

       o  Internal PKI Deployment. Worked closely with team to deploy
          internal PKI. Duties included significant end-user training
          on both one-on-one and group basis, close work with vendors
          and management to ease transition. 

       o  Smart Card Pilot. Working within current PKI parameters,
          designed internal, phased smart card pilot. Duties involved
          close work with vendors, progress presentations to
          management, and all design aspects of pilot. Won funding
          approval for project. 

       o  Information Warfare Modeling. Duties included writing
          funding proposal, theoretical work to define mathematical
          model, categorization of types of attacks, detailed study of
          common UNIX attacks to populate vulnerabilities database.


Education:
==========

   Pomona College, Claremont CA. BA in Mathematics, May 1997.