After a PhD in computer science, Alain MERLE has been working for 20 years in the research laboratories of CEA-LETI in various areas such as Artificial Intelligence, Image processing and Wireless networks.
He is managing now an evaluation laboratory of the French Certification Scheme (CESTI-LETI) specialized in smartcards and hardware security systems. He actively participates to various European groups, with the objective of standardizing the evaluation of smartcards.
Dr. Albert Jeng is an Information Security Consultant to the Telecom Technology Center (TTC) in Taiwan. He has served as an information security consultant in USA and several other Asia Pacific countries, concentrating on the protection of their national information infrastructure (NII) for more than 25 years. He has extensive theoretical, practical, and teaching experience in trusted computer, cryptography, IT security evaluation, certification and accreditation, as well as network security areas.
He participated in the Trusted Network Interpretation of the TCSEC and other IT security standards and security product evaluation working groups, while he worked for The MITRE Corp from 1985 to 1996. Currently, he is a full professor with the department of Computer Science and Information Engineering (CSIE) at The JWIT, as well as an adjunct professor with the CSIE department at NTUST teaching and performing research in RFID and Wireless Communication Security, Common Criteria Evaluation and FIPS 140-2 Validation, PKI and Healthcare Applications, and Cryptology areas.
Since 1991 Alexander Piskarev has served as the Deputy Director, Scientific, Technical and Certification Center for Information Security (Atomzaschitainform) of the Russian Federal Agency for Atomic Energy (Rosatom). He is responsible for technical and legal aspects of information technology security and supervises information technology security projects within the Rosatom complex as well as for development of Russian regulatory documents in the Physical Protection Area.
As Director of the U.S. National Information Assurance Partnership (NIAP) and the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS), Audrey Dale manages the U.S. national program for the evaluation of information technology products for conformance to the International Common Criteria for Information Technology Security Evaluation. CCEVS approves the participation of nationally-accredited security testing laboratories in the U.S. scheme in accordance with established policies and procedures. During the course of the evaluations, the CCEVS Validation Body (i.e. U.S. Government oversight) provides technical guidance to the accredited commercial testing laboratories, validates the results of IT security evaluations for conformance to the Common Criteria, and serves as an interface to other nations for the recognition of such CC evaluations.
Ms. Dale has held numerous technical positions in the Information Assurance arena focusing on Information Systems Security Engineering and the evaluations of Information Assurance products such as firewalls and cross-domain devices. She also served 20 years in the United States Air Force as a Communications Computer Systems Officer in a variety of positions all over the world.
Ms. Dale is a Certified Information Systems Security Professional, holds a Masters Degree from Texas A&M University and is a graduate of the University of Maryland.
Bernd Kowalski obtained his university degree in electrical engineering at the Rheinisch Westfälische Technische Hochschule (RWTH) in Aachen. In 1982 he joined the Deutsche Bundespost and worked first in the area of data communication networks and applications in Darmstadt. Since 1985 he is involved in information security at the Deutsche Bundespost, has been active in various security projects and several standardisation groups like, for example, the ITU work on X.509 Authentication Framework (1985-1988).
After the Deutsche Bundespost changed to Deutsche Telekom in 1990 he took over the task to set up the Productcenter Telesec in Siegen that offers secure communications products and services, e.g. Certificate and Smartcard Services for public Digital Signature and corporate Solutions.
In 2002 he changed to the German Federal Office for Information Security (BSI) and took over a department that is responsible for Certification, Approval and Conformity Testing and New Technologies.
Head of the Formal Methods and Security group of Axalto Research division. Doctor in Computer Science, she hasuak been working in the smart cards arena since 1999 when she joined the advanced research group of Bull Smart Card & terminals as R&D engineer expert in formal methods. She mainly worked on the security analysis and the formal verification of the CSET protocol, the application of the formal methods to the certification of cryptographic protocol architecture and the evaluation of the security of several byte code downloading architectures.
Since 2001, she is in charge of the Formal methods and security group working on the application of formal methods to the security of the smart cards and to Common Criteria certifications at high levels (EAL5 to EAL7). She is also member of the Java Card Forum security group and the Global Platform security group.
Carolina Lavatelli joined Trusted Logic in April 2000. She is expert in methodology and security at the Trusted Labs department. Her activities include Common Criteria evaluations, semi-formal and formal modelization methodologies, security analysis and implementation guidelines of embedded applications and mobile devices, CC training, security target/protection profile writing.
Carsten Casper is a Senior Expert for Information Security Policies at ENISA. He covers security and anti-spam measures of electronic communication service providers, eletronic identity management, security certifications, and best practices for information security policies. Prior to working for ENISA, Mr. Casper worked as a Senior Research Analyst for Gartner and META Group. He holds a diploma in computer science from the Technical University of Berlin.
Mr Chris Walsh, the Chief Information Security Officer of Tenix Datagate and has been responsible for design development, production and evaluation of INFOSEC products conceived by the Australian Defence Force, Science and Technology Organisation (DSTO).
The products support a multi-level security capability evaluated in accordance with the Information Technology Security Evaluation Criteria (ITSEC) to E6 and subsequently the Common Criteria to EAL7 Augmented. Chris is currently supporting the products through Assurance Continuity processes.
Chris has a long history within the INFOSEC domain which started as a member of the Australian Defence Force over 25 years ago. He established and managed the first Australasian Information Security Evaluation Facility (AISEF) under the Australian Defence Signals Directorate (DSD) Evaluation programme for evaluating products and systems in acc.
After the completion of the first EAL7 evaluation in the world, Chris was awarded the inaugural Tenix Chairman's award under two categories, Tenacity and Teamwork.
As a registered INFOSEC professional under the DSD INFOSEC Registered Assessor Program (I-RAP) Chris can assess and accredit systems for the Australian Government.
Dr. David Brewer is a founder director of Gamma Secure Systems Limited. He has been involved in information security since he left university, and is an internationally recognised consultant in that subject.
He was part of the team who created the ITSEC and the original BS 7799 Part 2 standard, and has worked for a wide range of government departments and commercial organisations all over the world.
David Ochel is a Principal Consultant with atsec information security in Austin, TX. He holds a degree in Computer Science from the University of Applied Sciences Bonn-Rhein-Sieg in Germany. Originally specializing in technical consulting for Public Key Infrastructures, David has been working as an evaluator for numerous Common Criteria evaluation projects with atsec under the German and US Schemes and was atsec's lead evaluator for an EAL4 component evaluation leading to the accreditation of atsec's Austin-based Common Criteria Testing Laboratory for performing evaluations under NIAP's Common Criteria Evaluation and Validation Scheme. David is currently involved in various Common Criteria projects for atsec, either as a consultant, evaluator, or project manager.
Denise is the Technical Manager of the BT CLEF (an accredited ISO17025 testing laboratory), providing technical assurance on evaluations performed in the BT CLEF. She has over 10 years experience in information technology, all of which has been related to security aspects of the technology. Denise is also the Technical Manager of the BT candidate CCTL in the process of obtaining an accreditation by the NIST National Voluntary Laboratory Accreditation Program and demonstrating Common Criteria proficiency to NIAP CCEVS.
Denise is a UK representative on both the Common Criteria Maintenance Board and the Technical Working groups. These international boards of representatives from national evaluation schemes provide guidance on the implementation of the Common Criteria and the development of methodology and future criteria. Denise has also provided Common Criteria training to both evaluators and developers.
Denise is also a Certified Information Systems Security Professional (CISSP) member of (ISC)2.
Dirk-Jan Out (1965) is CEO of TNO-ITSEF, a Netherlands-based evaluation lab, specializing in smart cards, terminals and other payment-industry related applications and devices. His main focus in security is the specification of security functionality in Security Targets and Protection Profiles. For the past seven years he was a member of the CEM Editorial Board, the CC Implementation Management Board and the CC Maintenance Board and in these roles he was responsible for the CCv3.x versions of CC Part 1, and the APE/ASE sections in CC Part 3 and the CEM.
Elin received her Master of Science in electrical engineering at Lund Institute of Technology in Sweden, and has since then worked within the area of data communication and IT security. She joined Fondazione Ugo Bordoni in 2001, and is currently working for the Italian certification board OCSI as a certifier and as the representative for the Italian scheme in the CCDB and CCMB.
Eric Bidstrup is a Group Program Manager at Microsoft responsible for managing the Security Development Lifecycle companywide.
Erin Connor joined EWA-Canada, a company that specializes in IT Security Engineering Services, in 1994. His initial activities in the IT Security and Infrastructure Assurance field included working on the team fielding a large scale Public Key Infrastructure system, Year 2000 remediation and studies of wireless device vulnerabilities. Erin's initial involvement with the Common Criteria consisted of review and evaluation of portions of the standard as it was being developed.
Since 2000, Erin has been working on evaluations of a wide variety of products including hardware security modules, telecommunications management products, firewalls, as well as system and network vulnerability management products. He was also the only representative of an evaluation lab in the Biometric Evaluation Methodology Working Group, which developed a proposed methodology for the evaluation of biometric technologies under the Common Criteria.
Erin is a Director at EWA-Canada with responsibility for EWA-Canada's Information Technology Security Evaluation & Testing Facility, which includes a Common Criteria Test Lab and a Cryptographic Module Test Lab that carries out conformance testing of cryptographic products to FIPS 140-2 (Security Requirements for Cryptographic Modules).
Erin previously enjoyed a successful 20-year career as an engineer in the Canadian Navy.
Francois Guérin is CISSP and graduated of school of engineer ESME-SUDRIA.
He is working for Gemalto (merge from Gemplus and Axalto, formerly Schlumberger) for 15 years.
He spent 5 years in Recording division for space and military activities.
He joined the Cards division for 10 years.
As evaluation coordinator, he has been involved in several ITSEC and Common Criteria evaluations of smart cards.
Now as security program manager, he is still working on Common Criteria evaluations but also follows FIPS140, FIPS201 validations and evaluations performed under different private schemes.
As Gemalto representative, he participates to EUROSMART, ICSI and ISO/SC27 WG3 working groups.
Engineer with a Master in Information Technology and Artificial Intelligence, starts its career in semiconductors industry before moving to IT Software Quality & Security management.
Joined Gemplus in 2000 as Common Criteria evaluation project manager.
Collaborates to several CC workshops for Eurosmart and Global Platform.
Chairs Information Security Certification Initiative (ISCI) Working Group 1: Methodology and Evaluation Criteria. Is also the convenor of Eurosmart Product and System Security Working Group (PSSWG).
Frank Sonnenberg received his master degree and PhD (as a scholarship holder) in physics from the University of Wuppertal and the Research Center Jülich, Germany respecively. Frank focused his dissertation and postdoctoral research on the development, evaluation and validation of Monte Carlo simulated (randomising methods) systems for quantum physics and nuclear medicine (tomography). In the following Frank qualified as a CLEF Evaluator and IT-Security Consultant, under the BSI Scheme.
As a project manager he led product evaluations against the Common Criteria (up to EAL5+) and the ITSEC (up to E4).Frank currently works with the BSI, where he is a member of the IT Security Criteria Section. He is the scheme representative to the Common Criteria Maintenance Board and the ISO working group SC-27 WG3.
Gerald Krummeck of atsec information security started his professional career on IT security in the mid 1980s as a systems engineer working on UNIX security issues. As the chairman of the X/Open security working group, he got involved in IT security standardization before he became an IT security consultant and, since the mid 1990s, an evalutor performing ITSEC and CC evaluations. He is now the head of atsec's German ITSEF and has recently been working on BSI's site certification project, to which his presentation refers.
Was born in Corrientes, Argentina in July 3, 1973. When he was 9 years old, began to study computers programming and English. He completed the junior and senior high school at E.N.E.T (National School of Technical Education). At high school, he also studies German languages.
In 1991, he joined to Romano Schejter`s Company, to support and create computers system for little and middle companies. Since 1996, he also teaches Programming, Math, and Logic at senior high schools.
In 1998, he starts to work at Security Department of the Ministry of International Trade and Industry, Argentina. He also received the B.E. degree in International trade at Nordeste University in 1999. He also studies French and Portuguese languages at University.
In 2000, he came to Japan to studies Japanese languages at Soka University. In 2001, he entered Graduate School of Engineering, Information Systems Science at Soka University. He received the M.S degree in September 2003, from Soka University. He is currently a PhD candidate of Graduate School of Engineering, Soka University. His research interests are information security, IT Security evaluation and, human networks.
Helmut Kurth has been working in the area of information security for more than 25 years. His professional experience includes the development of the German IT Security Evaluation Criteria in 1989, participation in the development of the European criteria (ITSEC/ITSEM), and contributions to the development of the US Federal Criteria and the Common Criteria. Helmut Kurth has been involved in security evaluations of IT products since 1988 and has evaluation experience ranging from smart cards to mainframe operating systems. He is working as the chief scientist and Common Criteria lab director of atsec information security in Austin, Texas, USA.
Igor Furgel received his diploma in physics with the focal point theoretical physic at the University of Odessa in 1985. He was awarded to a doctorate (PhD) in the field theoretical physic and mathematics at the University Tomsk, USSR, in 1988. Afterwards he worked as scientific manager and professor for the Academy of Low-Temperature in Odessa. Since 1999 he is Managing Security Expert and Security Evaluator at the T-Systems ICT Security, Bonn with the following focus:
Irmela Ruhrmann, German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik - BSI) Irmela Ruhrmann holds a degree in mathematics from the University of Stuttgart, Germany. After having occupied various positions in industry and in the Canadian university environment, she joined the Certification Body of BSI in 1993.
Since then she has been involved with increasing responsibilities in the management of certification projects, in the international harmonization of certification, in the introduction of Common Criteria in the certification scheme and in the negotiation of mutual recognition agreements.
In 1998, Mrs. Ruhrmann was appointed head of BSI Certification section, in June 2006 she was tasked with leading the division Certification, Approval and Conformity Testing. With BSI signature of the Common Criteria Recognition Arrangement (CCRA), she became the BSI representative in the Executive Subcommittee of the CCRA, taking on the responsibilities of the Chair in April 2006.
James Arnold is currently the Technical Director for the SAIC Common Criteria Testing Laboratory operating in the U.S. Common Criteria Evaluation and Validation Scheme (CCEVS). He became a commercial product evaluator over 20 years ago in the U.S. Trusted Product Evaluation Program (TPEP) where he served as Chief Evaluator and was a direct author of version 1.0 of the Common Criteria. Since joining SAIC, he has continued to perform commercial product evaluations in the U.S. Trust Technology Assessment Program (TTAP) and by providing consulting services and performing evaluations using the Common Criteria in the context of the CCEVS.
Jane Medefesser has been with Sun Microsystems since 1993 and is the Sr. Manager of Solaris and Trusted Solaris Security Evaluations, a position she has held for 5 years. She is responsible for all aspects of Solaris Common Criteria Certification planning and support as well as providing mentorship for other product groups within Sun. Prior to joining the Solaris Security Engineering Group, Jane has worked with a number of Sun Product Engineering Groups, including Sun Clustering and Developer products.
A Silicon Valley native, Jane has been a member of the Unix community since 1980, working for companies such as Western Electric (The former ?Bell System?), Four-Phase Systems, Stratus Computers and Sterling Software. Jane and her family now live in the Pacific Northwest United States.
Jean-Pierre Krimm studied Computer Science at the university of Grenoble, where he awarded a Ph.D in Computer Science on formal verification of distributed systems in 2000.
Jeremy Epstein is Senior Director of Product Security at webMethods, where he manages all aspects of security for webMethods products, including Common Criteria certification.
Jordi Íñigo Griera is Telecomunication Engineer (Polithenic University of Catalonia, 1990), Software Development Manager of Safelayer Secure Communications since its foundation at 1999, and part time Lecturer at several universities since 1993 (currently teaches at the Polithenic University of Catalonia).
José Ángel Álvarez Pérez is a Security Evaluator at the Spanish ITSEF INTA/CESTI. He has five years of experience in security evaluations (ITSEC and Common Criteria) and is leading the biometric security activities of the Spanish ID Smartcard evaluation. In addition, he has participated in smartcards and PKIs evaluations. In other fields of the information technologies he has experience in software development.
Julian Straw more than 15 years experience in the evaluation field. He was a founder member of the BT Evaluation facility, formed in 1989 and has carried out many evaluations against ITSEC and Common Criteria. From 1996 to 2001 he was the UK representative on the group that prepared version 2.0 and 2.1 of the CC, and was also a member of the ISO working group that prepared ISO/IEC 15408. He has provided CC training to a number of governments seeking to establish evaluation schemes, and provides advice to commercial organisations on evaluation policy. He is a former Technical Manager of the BT CLEF under the UK Scheme, Director of the BT CCTL under the US CCEVS, and is also Director of the BT FIPS 140 laboratory.
June-Ho Lee is a researcher of IT Security Evaluation Division in KISA.
KAI NARUKI is currently a certifier of Japanese Certification Body at IPA (Information-Technology Promotion Agency, Japan). Before joining IPA in 2006, he worked as an evaluator at ECSEC(Electronic Commerce Security Technology Laboratory Inc.) and was involved in several CC evaluation projects, after more than ten years spent in IT system developments in financial industry at IBM Japan.
Mr. Jiménez is the Deputy Subdirector of the National Cryptologic Centre, and Head of the Spanish Certification Body.
He is responsible for the setting up of the Spanish Certification Scheme and its international recognition by the CCRA.
Magnus Ahlbin is Head of the ITSEF at Combitech AB.
He has been working with Common Criteria and ITSEC since 1997. He has performed and led evaluation teams for a number of product and system evaluations. He has also provided consultancy and training in Common Criteria to several product vendors and sponsors. Smart cards, encryption modules and cryptography applications interfaces are other areas where Magnus Ahlbin has specialist experience. Magnus Ahlbin has a degree from the University of Växjö.
Malcolm graduated from the Polytechnic of Central London with a B/TEC HND in Computers in 1984. He worked in various roles in Quality Assurance, primarily at Digital Equipment Co (10 years) and Check Point (7 years). Since January 2004 he assumed the role of Certification Manager where he is responsible for achieving industry recognized certifications for Check Point products. Major projects to date have been in Common Criteria, FIPS and ICSA certifications.
Technical Management of the Spanish Evaluation and Certification Body of Communications and Information Security. Certification Scheme supporting Common Criteria (ISO-IEC 15408) / Common Evaluation Methodology (ISO-IEC 18045) and ITSEC / ITSEM standards. Technical Management of IT Security innovation projects related to cryptographic smartcards, biometric devices, cipher devices, PKI systems, SSCD, web security, or e-government. National Cryptologic Centre (CCN)
Previous: IBM IT Architect. Technical Management of development projects related to e-business and system integration, security architectures and methodologies, web security, internet portals, architecture consulting. Biometric security technical leader. IBM Global Services Spain.
Education: Ph.D. on Computer Engineering.
Mark Fallon is a Release Manager at Oracle. He drives the secure development initiatives within the Server Technologies division of Oracle. He has been with Oracle for six years, starting with the porting and release managing of the database ports before moving to his current position. He has a Bachelor of Arts, Moderatorship and Master of Science in Computer Science from Trinity College, Dublin.
Mark Gauvreau joined EWA-Canada, a company that specializes in IT Security Engineering Services, in 1990. His initial activities in the IT Security and Infrastructure Assurance field included working on the team fielding a large scale Public Key Infrastructure system. Since 2000, Mark has been working on evaluations of a wide variety of IT security products including firewalls, intrusion detection/protection products, telecommunications management products, as well as system and network vulnerability management products.
Mark is the Manager of the Common Criteria Test Lab in EWA-Canada's Information Technology Security Evaluation & Testing Facility.
Mark previously enjoyed a successful 20-year career as an aerospace engineer in the Canadian Air Force.
Martin Croxford is Business Manager for security with Praxis High Integrity Systems Limited, a UK-based systems engineering company specializing in mission-critical software-intensive systems. Martin is a Chartered Engineer with 18 years experience in the software industry. Martin has worked on software development projects in a range of organizations, and as a software development manager has successfully delivered a multi-million dollar security-critical system. Martin holds a Masters degree in Computer Science and an Honours degree in Physics.
As the Common Criteria Business Manager at Corsec, Matthew Keller manages all facets of Corsec's Common Criteria consulting. With a background in the U.S. and Canadian Cryptographic Module Validation Program, Mr. Keller leverages his experience to lead companies through every step in the Common Criteria evaluation process. Mr. Keller has a degree in Integrated Science and Technology from James Madison University, and has worked for the last ten years in security and decisioning systems for the government and financial industry.
Mr. Nir Naaman holds a B.Sc. in Computer Science from the Technion in Haifa, Israel. With over two decades of IT experience, he has been active in Information Security since 1991, holding various posts in the defence and telecommunications sectors. His IT security experience spans R&D, product management, systems integration, consulting, business development, and product marketing. With Mr. Naaman's leadership, Metatron's IT Security Services group has established itself as the leading Common Criteria services organization in Israel.
Ms. Rachamadugu is the Director for the Common Criteria Testing Laboratory at Cygnacom Solutions. Ms. Rachamadugu is an experienced system developer as well as an evaluator in both the Common Criteria and the FIPS 140-2 evaluation laboratories of CygnaCom Solutions. She has served as the team leader for EAL2, EAL3 and EAL4 Common Criteria evaluations and authored Security Targets, including one at EAL4. She has performed evaluations of cryptographic modules at various security levels. Ms.Rachamadugu has presented the FIPS 140-2 standards at ICCC5 and ICCC6.
Ms. Rachamadugu has a M.Sc. in Mathematics from the Indian Institute of Technology, Delhi and a B.A. in Mathematics from the University of Delhi, India.
Peter Bayer works as an information security expert within the area of software security at Combitech AB (a Saab company in Sweden). The past five years, he has performed independent software security reviews in purpose to help suppliers to attain an authorization of their products for use in classified networks. Peter has summarized experiences, common mistakes, checklists and a lot of good advice in a methodology especially directed to software engineers and technical project leaders.
Peter has a M.Sc. in Software Engineering from Blekinge Institute ofTechnology, Sweden.
Peter Plested has over 25 years experience in engineering and technical roles, from electrical hardware through software and into IT integration.
The last 18 years have been spent in and around the pre-press and document printing industries, starting with a spell at Pre-press house Crosfield Electronics, (later becoming Fuji-film Electronic Imaging), then at copier manufacturer Canon.
The most recent 6 years have been spent at Japanese manufacturer Sharp, focussing on printers and Networked copier devices.
Mr. Plested is responsible for supporting and expanding the IT solutions focussed Business of the Sharp Subsidiary sales companies across Europe, majoring on the Sharp Security solutions.
Mr. French manages the Common Criteria evaluations, FIPS 140 compliance, and privacy initiatives for Microsoft SQL Servers. Before coming to Microsoft, he was an independent consultant working on IT Security for NSA and NIST. And before that he spent sixteen of his twenty-two years with DEC/Compaq involved IT Security evaluations. He managed an "Orange Book" B1 evaluation and represented the US on the ISO committees that developed IS 15408. Mr. French holds a BS in Mathematics and an MBA from the University of Massachusetts.
The author is a computer scientist. He worked at Kaiserslautern University before changing to the German Research Center for Artificial Intelligence (Deutsches Forschungszentrum für Künstliche Intelligenz - DFKI) in 1996. Today, he is conducting the IT Security Laboratory at DFKI.
Ron is a chief validator of the US Common Criteria Evaluation and Validation Scheme. He has been involved with information technology security since 1987, when he began working as a US government evaluator under NSA?s Trusted Products Evaluation Program. He served on evaluation teams for high-assurance (B2 ? A1) products, primarily network components and distributed operating systems. He was an early reviewer of the Common Criteria, and the US scheme representative to the Common Evaluation Methodology Editorial Board, where he was a co-author of the CEM v1.0. He has also served as a member of the NATO CC working group. He is the US scheme representative to the Common Criteria Interpretations Management Board, where he co-authored the CC/CEM version 3.
He has written papers and presented at the US National Information System Security Conference, the Canadian Computer Security Symposium, the Annual Computer Security Applications Conference, and the International Common Criteria Conferences.
Mr. Pulugurtha holds a Masters degree in Computer Science. He is currently working as a Senior Security Engineer and Common Criteria Evaluator at CygnaCom Solutions Security Evaluations Laboratory.
Prior to working at CygnaCom Solutions, Mr. Pulugurtha was a security engineer at a security certification consulting company, where he helped various vendors in the design of secure products to meet Common Criteria requirements. His other areas of experience include Telecommunications and Wireless Networks.
Simon Milford is currently the CLEF Controller for the LogicaCMG UK evaluation facility, based in the UK. Simon has over 10 years experience in the computer security market sector, including several years as a consultant before taking over the commercial management of the evaluation facility. The LogicaCMG evaluation facility has clients from al over the world, and from all market sectors, and provides a variety of evaluation services in addition to CC evaluations, such as Health Check testing, Fast Track Assessments and System evaluations.
Simon was the driving force behind LogicaCMG's successful application to become the first FIPS 140 testing laboratory outside North America.
After his studies of Computer Science at the University of Koblenz Thomas worked as a Common Criteria consultant and evaluator in two laboratories under the German CC scheme for four years.
He joined the BSI in 2002 and works there as a certifier. During his work with the evaluation labs he was specialised in supporting vendors writing CC documentation and doing evaluations in the smart card area.
His field of work within the certification body of the BSI are criteria development and certifications of operating systems as well as server application software.
Thomas Schröder studied communications engineering. From 1990 to 1996 he worked in the field of specification and evaluation of crypto devices and design of key management systems. Since 1996 he is working for T-Systems GEI GmbH, Bonn with main focus on:
Thuy D. Nguyen is a Research Associate of the Department of Computer Science at the Naval Postgraduate School. She has over 20 years of engineering and technical management experience in high assurance multilevel secure (MLS) operating systems, secure client-server applications development, and network security research.
She is currently a technical lead for multiple research projects involving Common Criteria evaluation and is a key contributor to a high robustness protection profile. She also performs research on trusted platform and OS, dynamic security services and web security technologies, serves as advisors to graduate students, and teaches advanced topics in computer security and information assurance.
In prior positions she developed network security products and was intimately involved with the development and evaluation of a TCSEC Class A1 security kernel.
Volker Schenk received his diploma in computer sciences with the focal point Fast Fourier Transforms at the University of Bonn in 1995. He started working as Junior Consultant at Sievers Consulting near Stuttgart. In 1998 he joined T-Systems ICT Security (formerly debis Systemhaus Information Security Services GmbH) in Bonn as Consultant, where he first accompanied testing of a single sign-on solution for a large banking service provider for 10 months. Since 1999 he has been working for the commercially licensed evaluation facility of T Systems as Security Evaluator and Managing Consultant for Common Criteria and ITSEC. His project experience in the Lab includes:
Wes Higaki is the director of product certifications at Symantec Corporation, where he coordinates all of Symantec's product certification efforts including Common Criteria and FIPS-140. Wes led the effort to create the Common Criteria Users' Forums in 2004 and 2005.
Dr. Simpson has been at the Institute for Defense Analyses (IDA) for thirteen years where he has participated in a number reaearch projects. Most recnetly (last seven years) he has participated in a number of computer security projects from evaluation to certification and cyber forensics and is currently a validator under the US Scheme for Common Criteria. He has held a number of positions in both government and industry and taught several university courses. He will speak today on the issues associated with Common Criteria as applied to service oriented distributed systems.
Wolfgang Killmann received his diploma in mathematics at Yerevan State University in 1975. Afterwards worked in mathematical and technical cryptanalysis, development and validation of crypto-modules. He joined debis Systemhaus as evaluator for ITSEC and Common Criteria in 1995 and was appointed as manager of the T-Systems ITSEF in 2001. He is specialised in evaluation of smart cards, random number generators and signature components. He take part of the development of several projects related to the evaluation methodology on behalf of the German certification body BSI.
Wolfgang Peter is the Director of the Evaluation Facility at TÜViT (Evaluation Body for IT Security) since 1997 and hence in charge of all CC and ITSEC evaluations performed in this laboratory under the German scheme. Wolfgang holds a degree in mathematics and is working in the field of IT security since 1992. As a project manager he has been involved in numerous high assurance security evaluations, involving cryptography, smart card technologies, firewalls, and PKI.
1958: born in Darmstadt, Germany
1985: received Diploma degree in Mathematics
1989: received PhD degree in Mathematics (Logic and Combinatorics)
1992: Member of DVMLG (German Association for Mathematical Logic and Foundations of Exact Sciences)
1990-2000 : Scientific research (Cryptology, Logic, Combinatorics) and Scientific Assistant at the University of Bielefeld, Germany.
since 2001: Security Analyst and evaluator at T-Systems GEI GmbH(Cryptology, Protocols and Formal Methods)
Wouter Slegers is one of the senior consultants of TNO ITSEF B.V.. He is active in many complex smartcard evaluation processes, alternating on the support and the evaluation side. Besides these activities he is a frequent speaker in workshops and conferences.
Mr. Yao-Chang Yu is currently the Common Criteria Testing Lab Director in Telecom Technology Center (TTC) in Taiwan. Although he is new in the field of IT Security Evaluation, he has strong back ground in cryptography and network security. Now he dedicates his time on the research of IC Chip security and RFID security, including the hardware and application.
Young-Tae Kim is a senior researcher of IT Security Evaluation Division in KISA. He has over 6-year in the IT security field. His interest is network security, digital home and network security, etc.