Biography

Summary

This is what I've been using so far for my talks and panels.

Leendert van Doorn is a senior fellow at AMD where he runs the software technology office. Before joining AMD he was a senior manager at IBM's T.J. Watson Research Center where he managed the secure systems and security analysis departments. He received his Ph.D. from the Vrije Universiteit in Amsterdam where he worked on the design and implementation of microkernels. Nowadays his interests are in managed runtime systems, accelerated computing (AMD's name for heterogenous and homogenous multicore computing) and virtualization. In his former job at IBM he worked on FIPS 140-2 level 4 physically secure coprocessors, trusted systems, and virtualization. He was also actively involved in IBM's virtualization strategy, created and lead IBM's secure hypervisor and trusted virtual data center initiatives, and he was on the board of directors for the Trusted Computing Group. Despite all these distractions, he continued to contribute code to the Xen open source hypervisor such as the integrated support code for AMDV and Intel VT-x. When conference calls and meetings are getting too much for him, he is known to find refuge at CMU.

Management Experience

January 2008 - Present

Sr. Director - Software Technology Office and System Management departments (AMD, Austin, TX)

  • In addition, I've taken on AMD's system management mission and I'm running the manageability development organization. Its primary mission is to promote and advance DMTF manageability standards and incorporate these into AMD products.

May 2007 - Present

Manager Software Technology Office (AMD, Austin, TX)

  • Defining and implementing AMD's software strategy for managed runtime systems, accelerated computing (AMD's name for heterogenous and homogenous multicore computing) and virtualization.

Sept 2004 - Dec 2006

Senior Manager - Secure Systems and Tools Departments (IBM T.J. Watson Research Center, Yorktown, NY)

  • Managed a world-famous industry research organization of about 20 top researchers (with 6 direct reports) who did research in building and breaking secure systems. This included building physically secure coprocessors, secure hypervisors, secure operating systems, TCG enablement, security usability, security policy authoring, as well as Linux EAL4 evaluations, ethical hacks on IBM products and evaluating security products that were deployed inside IBM.

  • Initiated and lead the Trusted Virtual Data Center initiative. The trusted virtual data center combines platform/network/storage virtualization and trusted computing group (TCG) technologies into a single system that maps multiple potentially competing virtual data centers onto a single shared infrastructure while still providing strong security guarantees.

  • Core member of the 5 person team that formulated and drove IBM's open virtualization strategy.

  • Coordinated IBM's vision and efforts around trusted computing.

  • Created strategic relationships and maintained customer relationships in the areas of security and virtualization.

  • Board member for IBM on the Trusted Computing Group (TCG).

  • Board member for IBM server group's security design council.

  • Member of IBM's Virtualization Steering Committee and server group's Security Platform Design Team.

Apr 2003 - Aug 2004

Manager Secure Systems Department (IBM T.J. Watson Research Center, Yorktown, NY)

  • Created and managed the Secure Systems Department. An 8 person organization of top researchers in the area of secure virtualization and secure operating systems.

  • Initiated and lead IBM's secure hypervisor project (sHype). The sHype architecture provides a secure platform foundation for servers. sHype technologies include mandatory access control and TCG building blocks. One of my teams has implemented sHype for Xen and this is currently shipping in Suse's SLES10 and planned for RedHat's RHEL5. sHype has also been implemented for PHYP (product PowerPC hypervisor) and its release is still undetermined. Today, sHype is the security architecture for Xen [2003-2006].

  • Initiated and managing the Software TPM project. The purpose of this project was to 1) develop an IBM proprietary 1.2 TPM implementation for embedding into products, and 2) to develop a test bed for validating TCG extensions such as virtualization. Brokered various agreements with 3rd party partners to license the implementation [2003-present].

Apr 2001 - Apr 2003

Team Lead (IBM T.J. Watson Research Center, Yorktown, NY)

  • Ran a 5 person research team that was responsible for the delivery of the system software infrastructure for the IBM 4764 FIPS 140-2 Level 4 certified PCI-X cryptographic coprocessor (PCIXCC). The early bring up environment and the rapid delivery of prototypes enabled the application software developers to complete on schedule without further delaying the z990 (tRex) release. PCIXCC was responsible for a significant number of mainframe sales within the first 3 months of its release [2001-2004].

Technical Experience

Jan 2007 - Present

Senior Fellow (AMD, Austin, TX)

  • Setting AMD's software strategy.

Apr 1998 - Dec 2006

Research Staff Member (IBM T.J. Watson Research Center, Yorktown, NY)

  • Highly ranked Research Staff Member (equivalent to an IBM Distinguished Engineer).

  • In collaboration with AMD and Intel, designed and implemented the HVM layer that transparently integrates Intel VT-x and AMD SVM into Xen 3.0.2. This version is shipped by SuSe and RedHat [2006].

  • In collaboration with Intel, designed and implemented the full virtualization support for Xen using VT-x such that it ran unmodified operating systems such as Windows XP [2005].

  • Architect in IBM's Linux Technology Center leading IBM's full virtualization for Xen effort [2005-2006].

  • Designed and implemented the x86 version of IBM's Research hypervisor [2004].

  • Key contributions to the IBM 4764 PCI-X cryptographic coprocessor (PCIXCC), shipped in half of today's mainframes. These contributions include: the core design, an early bring up environment that accelerated the entire project by at least 6 months, and it produced the smallest version of an embedded PPC Linux environment [2003].

  • Designed and implemented the RSA 2004 integrity demo, whereby we showed two AMD based xSeries servers with TPMs exchange attestation information and automatically detect rootkit compromises. This was the first example of TCG technology in servers and open source software [2004].

  • Assisted IBM's PC division with the development of TCPA on their platform and developed the TPM Linux device drivers [1999-2002].

  • Designed and implemented world's first wireless (802.11) security auditing tool (WSA), which was later expanded into a distributed wireless security management tool [2000-2002].

  • Designed a PCCARD form factor physically secure coprocessor and closely worked with a startup (CryptoApps) to bring this to market [2000-2001].

  • Ported Linux to the 4758 physically secure coprocessor and developed a new PCI-based communication protocol that achieved the performance goals of the successor product. This was the precursor for the PCIXCC [1999].

  • Many ethical hacking projects from breaking crypto systems to wireless security [1998-2001].

Jun 1995 - Sept 1995

Consultant (AT&T Bell Labs, dept 11271, Murray Hill, NJ)

  • Designed and implemented video display/capturing capabilities for Inferno. Inferno was an OS designed for set-on-top boxes.

Jun 1994 - Sept 1995

Research Intern (Digital System.s Research Center, Palo Alto, CA)

  • Designed and implemented Secure Network Objects for Modula 3.

Sep 1993 - Apr 1998

Researcher in training/AiO (Vrije Universiteit Amsterdam, The Netherlands)

  • Designed and implemented the Paramecium, an extensible nano-kernel, operating system that ran on large collection of Sun SPARCs.

  • Implemented a thread package, a Unix compatibility library and a TCP/IP stack for Paramecium.

  • Designed and Implemented a Java Virtual Machine monitor for Paramecium that used hardware fault isolation to separate Java classes instead of software fault isolation techniques.

  • Implemented a MicroSPARC system and Openboot emulator for debugging the Paramecium kernel. The emulator was good enough to run SunOS.

  • Taught and created the class projects for the compiler construction, networking and operating system courses.

Jun 1993 - Sept 1993

Research Intern (Digital System.s Research Center, Palo Alto, CA)

  • Designed and implemented a model checker for fault analysis in distributed systems.

Oct 1990 - Apr 1993

Programmer (Vrije Universiteit Amsterdam, The Netherlands)

Jan 1990 - Jun 1990

Research Intern (CWI, Amsterdam, The Netherlands)

  • Designed and implemented an authentication architecture for Amoeba.

Before 1990

Free lance programmer (Various, The Netherlands)

  • Implemented 8086 assembler, linker loader, ANSI C compiler and Unix Basic interpreter.

IBM Awards

Name

Award Type

Year

Secure Hypervisor Contributions

OTAA

12/2005

Full Virtualization Support for Xen

OTAA

12/2005

PCIX Cryptographic Coprocessor

OTAA

12/2004

Trusted Platform Module Research

OTAA

12/2003

Wireless Security Auditor

RDA

12/2003

From the IBM award web page: Outstanding Technical Achievement Awards (OTAA) are granted to recognize outstanding achievements involving exceptional technical skill and insight. These accomplishments typically include a pioneer application of one or more principles to form a unique product or sub-product, tool, process and/or procedure; or a major contribution to a technology.

Education

Degree

Field

Institution

Year

Ph.D.

CS

Vrije Universiteit, Amsterdam

2001

M.Sc.

CS

Vrije Universiteit, Amsterdam

1993

B.Sc.

EE/CS

HTS/HIO, The Hague

1990

Program Committees

  1. The 2009 AM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE 2009)

  2. First Workshop on I/O Virtualization (WIOV'08)

  3. The First ACM Workshop on Virtual Machine Security (VMSec'08)

  4. The Third ACM Workshop on Scalable Trusted Computing (STC'08)

  5. Usenix Operating Systems and Design Symposium (OSDI 2008)

  6. Usenix Security Symposium (2008)

  7. Trust 2008

  8. The Third European System Conference, (EuroSys, 2008)

  9. ACM 2008 European Workshop on System Security (EUROSEC'08)

  10. The Haifa Systems and Storage Conference, Virtualization Workshop, (SYSTOR '07)

  11. The Second USENIX Workshop on Hot Topics in Security (HotSec'07)

  12. The Second ACM Workshop on Scalable Trusted Computing (STC'07)

  13. The 8th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile 2007)

  14. The Second Workshop on Advances in Trusted Computing (WATC 2006)

  15. The First ACM Workshop on Scalable Trusted Computing (STC'06)

  16. The First European System Conference, (EuroSys, 2006)

  17. The Third International Conference on Mobile Systems, Applications, and Services (MobiSys 2005)

  18. The 12th Annual Network and Distributed System Security Symposium (NDSS 2005)

  19. ACM Workshop on Wireless Security (WiSe 2004)

  20. Usenix Security Symposium (2004)

  21. The Second International Conference on Mobile Systems, Applications, and Services (MobiSys 2004)

  22. Industry experience track program committee, eleventh ACM Conference on Computer and Communications Security (2004)

  23. Ninth ACM Symposium on Access Control Models and Technologies (2004)

  24. The 11th Annual Network and Distributed System Security Symposium (NDSS 2004)

  25. ACM Workshop on Wireless Security (WiSe 2003)

  26. Industry experience track program committee, tenth ACM Conference on Computer and Communications Security (2003)

  27. Eight ACM Symposium on Access Control Models and Technologies (2003)

  28. IEEE Security and Privacy Symposium (2002).

  29. Usenix Security Symposium (2002)

  30. Seventh ACM Symposium on Access Control Models and Technologies (2002)

  31. Sixth ACM Symposium on Access Control Models and Technologies (2001).

  32. IEEE workshop on security issues for mobile and distributed objects(1998)

Thesis Committees

  1. Jon McCune , Gotthard: An End-to-End Architecture for Secure Applications on Commodity Systems, Carnegie Mellon University, Pittsburgh, PA, 2009 (expected).

  2. Adam Pennington , Heterogeneous Intrusion Detection Fusion, Carnegie Mellon University, Pittsburgh, PA, 2008 (expected).

  3. Arvind Seshadri , Carnegie Mellon University, Pittsburgh, PA, 2007 (expected).

  4. John Marchesini, SHEMP: Secure Hardware Enhanced MyProxy, Dartmouth College, Hannover, NH, 2005.

  5. John Linwood Griffin , Timing-Accurate Storage Emulation: Evaluating Hypothetical Storage Components in Real Computer Systems, Carnegie Mellon University, Pittsburgh, PA, 2004.

  6. Tage Stabell-Kulø, Private Digital Assistant, Technische Universiteit Twente, Enschede, The Netherlands, 2002.

  7. Philip Homburg, The Architecture of a Worldwide Distributed Systems, Vrije Universiteit, Amsterdam, The Netherlands, 2001.

Miscelaneous