Roland Atoui Information Security Consultant
Roland Atoui Information Security Consultant
Roland Atoui Information Security Consultant
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Roland</strong> <strong>Atoui</strong><br />
PARIS /FRANCE<br />
Phone: 0033 06 64 73 93 92<br />
E-mail: roland_atoui@hotmail.com<br />
Professional Experiences<br />
TRUSTED LABS<br />
Since October 2007 <strong>Consultant</strong> & Project Manager<br />
Common Criteria (CC) Expert<br />
<strong>Information</strong> <strong>Security</strong><br />
<strong>Consultant</strong><br />
Drafting and updating of several Protection Profiles and <strong>Security</strong> Targets that have been certified.<br />
• Protection Profiles:<br />
Born May 12 th , 1983<br />
Single<br />
o Application for creation and verification module for electronic signature (PP-ASCE-CCv3.1 / PP-<br />
MVSE-CCv3.1) for the ANSSI (French certification body)<br />
o Time stamping System (PP-SH-CCv3.1) for the ANSSI,<br />
o Electronic Purse – Moneo (PP EP) and SAM for electronic money system- Moneo (PP SAM for EM<br />
system) for BMS,<br />
o Router with trusted embedded system (smart card) (ANSSI-CC-PP-2009/03), ESTER research project.<br />
o Java Card System (Open & Closed configurations), Sun Microsystems (ORACLE).<br />
o Java Card System 3.0 Connected Edition, Sun Microsystems (ORACLE).<br />
o (U)SIM Java Card Platform (Basic & SCWS configurations), SFR<br />
• <strong>Security</strong> Targets:<br />
• Certification:<br />
Tools Development<br />
o Application of Electronic Signature embedded on Java Card Open Platform (Composite Evaluation),<br />
SFR.<br />
o Guidance for <strong>Security</strong> Target writing of Mobile Payment Application (Payez Mobile), AEPM. (Project<br />
Manager)<br />
o <strong>Security</strong> IC Platform claiming conformance to BSI-CC-PP-0035-2007 Protection Profile, Chinese Smart<br />
Card Manufacturer<br />
o Documentation and Management of Chip Evaluation Project (White box IC evaluation: EAL 4+) (Point<br />
of Contact with ITSEF and ANSSI).<br />
o Support documentation for SIM/USIM applications certification on a Java Card Platform. (Chinese CC:<br />
GB/T 18336) (Project Manager)<br />
• Development and Maintenance of TL SET tool. (Project and Product Manager)<br />
• Development of a risk analysis simulation tool supporting EBIOS methodology.<br />
• Development of Plug-ins (Eclipse) supporting the generation of ADV documents (EDEN2 research project)<br />
Risk Analysis<br />
• Drafting of Risk analysis (EBIOS Methodology) on a router integrating a smart card (Research Project ESTER).
Cooperative Research Projects<br />
• ESTER (2007-2010), French R&D project from the RNTL program (National Network of Software<br />
Technology) of the ANR (National Research Agency): evolution of the security in telecommunications<br />
and network equipments. In partnership with Alcatel-Lucent, ENST, INT, Oppida and Trusted Logic.<br />
• EPOMI (2008-2009), "Modular & Incremental Evaluation of (U)SIM Open Platform". In partnership<br />
with SFR (Vodafone Group), Orange/France Telecom, Gemalto, Oberthur Technologies, Sagem Orga,<br />
Crédit Mutuel, RATP, GALITT, ANSSI and Serma Technology.<br />
TRUSTED LOGIC<br />
2007 (6 months) Internship graduation « Design and Development of a risk analysis mapping tool »<br />
(Java, Xml, UML, Jdom, SAX, DOM, SWING, MVC, IDE Eclipse, Risk Analysis, <strong>Security</strong> of<br />
<strong>Information</strong> Systems, Specification drafting, EBIOS tool usage), Trusted Logic, Versailles<br />
FORMATION<br />
2006 – 2007 Master 2 Professional (Computer Engineering covering Critical Systems (Details)<br />
Bordeaux 1 University (Ranked 1st in France in Computer Sciences)<br />
2005 – 2006 Master 1 (Computer Science)<br />
Bordeaux 1 University<br />
2004 – 2005 License (Computer Science)<br />
Bordeaux 1 University<br />
2002 – 2004 DEUG MIAS (Mathematics, Computer Science and Applications)<br />
Bordeaux 1 University<br />
COMPETENCES GÉNÉRALES<br />
Project Management PSNext, MS Project (Writing specifications, team building, negotiation, risk management, progress<br />
monitoring, etc.)<br />
Risk Analysis EBIOS – (Expression des Besoins et Identification des Objectifs de Sécurité)<br />
Common Criteria TL SET – <strong>Security</strong> Targets and Protection Profiles Editor<br />
Programming Current usage : Java J2SE 5.0 (Eclipse)<br />
Basic Knowledge : C++, Assembler, Common Lisp, JavaScript, ActionScript, Python, Shell<br />
Design UML Method (plug-in Omondo of Eclipse)<br />
Software Engineering B Language, B Method – formal methods for software development<br />
(Tool: Atelier B – Software correct implementation by construction)<br />
AltaRica – Formal Language<br />
(Tool: Mec 5.0 – Evaluation of dependability of Software Architecture)<br />
Promela – Specification Language for Asynchronous Systems<br />
(Tool: SPIN – Simulation and Verification of LTL properties)<br />
UPPAAL – A tool for modeling, validation and verification of real-time systems by automatic<br />
PVS – language specification and management of formal proofs<br />
(Tool: PVS 4.0)<br />
Dependability Aralia WorkShop – Tool for design and risks assessment in the form of fault tree<br />
Data Bases MySQL, Access<br />
Operation Systems Usage: Windows XP, MS-DOS, LINUX<br />
Programming system: LINUX<br />
Interactive Software Flash MX, Dreamweaver, FrontPage, PowerPoint
Graphics Software Adobe Illustrator, Photoshop, ImageReady, GIMP, Fireworks<br />
MISCELLANEOUS<br />
Languages French, English, Arabic<br />
Entertainment Football, Basketball, Music, Reading and Movies<br />
Others Driver’s License (class. B) obtained in May 2001.
Change language