Publications

Refereed Journals

Iryna Yevseyeva, James Turland, Charles Morisset, Lynn Coventry, Thomas Groß, and Aad van Moorsel.
Addressing consumerisation of IT risks with nudging.
In International Journal of Information Systems and Project Management, 2015.
 
Jan Camenisch and Thomas Groß.
Efficient attributes for anonymous credentials.
In ACM Transactions on Information and System Security (TISSEC), 15(1), pages 4:1-4:30, ACM Press, 2012.
 
Jan Camenisch, Thomas Groß and Thomas S. Scott-Heydt Benjamin.
Rethinking accountable privacy supporting services.
In Identity in the Information Society (IDIS), 2009.
 
Abhilasha Bhargav-Spantzel, Jan Camenisch, Thomas Groß and Dieter Sommer.
User centricity: A taxonomy and open issues.
In Journal of Computer Security 15(5): pages 493-527, IOS Press, 2007.

[PDF]

Refereed Conferences and Workshops

Thomas Groß.

Signatures and Efficient Proofs on Committed Graphs and NP-Statements.

To appear at Financial Cryptography and Data Security (FC'15), 2015.

 

Thomas Groß.

Certification and efficient proofs of committed topology graphs.

In proceedings of the ACM CCS Cloud Security Workshop (CCSW'14).

 

Kovila Coopamootoo and Thomas Groß.

Cognitive Effort in Privacy Decision-Making vs. 3 x 4: Evaluation of a Pilot Experiment Design.

At WIPS of LASER'14, without proceedings.

 

Sören Bleikertz, Carsten Vogel, and Thomas Groß.

Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures.

To appear at ACSAC'14.

 

Kovila Coopamootoo and Thomas Groß.

Mental Models of Online Privacy: Structural Properties with Cognitive Maps.

To appear at BCS HCI 2014.

 

Charles Morisset, Iryna Yevseyeva, Thomas Groß, and Aad Van Moorsel.

A Formal Model for Soft Enforcement: Influencing the Decision-Maker.

To appear at STM'14.

 

Iryna Yevseyeva, Charles Morisset, Thomas Groß, and Aad van Moorsel.

A decision making model of influencing behavior in information security.

To appear at EPEW'14.

 

Iryna Yevseyeva, Charles Morisset, James Turland, Lynne Coventry, Thomas Groß, Christopher Laing, and Aad van Moorsel.

Consumerisation of IT: Mitigating risky user actions and improving productivity with nudging.

To appear at CENTERIS'14.

 

Kovila Coopamootoo and Thomas Groß.

Mental models: An approach to identify privacy concern and behavior.

In proceedings of the SOUPS Workshop on Privacy Personas and Segmentation (PPS) 2014.

 

Thomas Groß, Charles Morisset, Aad van Moorsel, Iryna Yevseyeva.

Nudging for Quantitative Access Control Mechanisms.

In proceedings of HCI International 2014 (invited paper).

 

Kovila Coopamootoo and Thomas Groß.

Mental Models for Usable Privacy.

In proceedings of HCI International 2014.

 

Sebastian Mödersheim, Thomas Groß, and Luca Viganò.

Defining privacy is supposed to be easy.

In proceedings of the 19th International Conference on Logic for Programming Artificial Intelligence and Reasoning (LPAR) 2013.

 

Sören Bleikertz, Thomas Groß, and Sebastian Mödersheim.

Security Analysis of Dynamic Infrastructure Clouds.

At the ESORICS Workshop for Trustworthy Clouds (without proceedings), London, UK, September 2013.

 

Francisco Rocha, Thomas Groß, Aad van Moorsel.

Defense-in-depth Against Malicious Insiders in the Cloud.

IEEE International Conference on Cloud Engineering (IC2E), San Francisco, USA, March 2013.

 
Sören Bleikertz, Thomas Groß, and Sebastian Mödersheim.
Automated Verification of Virtualized Infrastructures.
In Proceedings of the CCS Cloud Security Workshop (CCSW) 2011.
 
Sören Bleikertz, Thomas Groß, Matthias Schunter, and Konrad Eriksson.
Automated Information Flow Analysis of Virtualized Infrastructures.
In Proceedings of the European Symposium on Research in Computer Security (ESORICS) 2011.
 
Thomas Groß and Sebastian Mödersheim.
Vertical Protocol Composition.
In Proceedings of the IEEE Computer Security Foundations Symposium (CSF) 2011.
 
Sören Bleikertz and Thomas Groß.
A Virtualization Assurance Language for Isolation and Deployment.
In Proceedings of IEEE POLICY 2011.
 
Patrik Bichsel, Jan Camenisch, Thomas Groß, and Victor Shoup.
Anonymous Credentials on Java Card.
In Proceedings of 21st Fraunhofer SIT-Smartcard Workshop 2011, pages 193--200. Fraunhofer Verlag, February 2011.
 
Jan Camenisch, Thomas Groß, Peter Hladky and Christian Hörtnagl.
Privacy-friendly Incentives and their Application to Wikipedia.
In 2nd IFIP WG 11.6 Working Conference on Policies and Research in Identity Management (IDMAN), 2010.
 
 Jan Camenisch, Nathalie Casati, Thomas Groß and Victor Shoup.
Credential Authenticated Identification and Key Exchange.
In Advances in Cryptology - CRYPTO 2010, pages 255-276. LNCS 6223. Springer, August 2010.
[Extended PDF]    [Slides]    [Wordle]   
 
Jan Camenisch, Thomas Groß and Thomas S. Scott-Heydt Benjamin.
Preliminary Thoughts on Privacy Supporting Binding of Biometrics to Credentials.
In HotPETS, June 2010.
 
 Patrik Bichsel, Jan Camenisch, Thomas Groß and Victor Shoup.
Anonymous Credentials on a Standard Java Card.
In ACM Computer and Communications Security (CCS), 2009, pages 600-610. ACM Press, November 2009.
[PDF]    [Slides]    ©ACM
 
Jan Camenisch and Thomas Groß.
Efficient attributes for anonymous credentials.
In ACM Computer and Communications Security (CCS), 2008, pages 345-356. ACM Press, November 2008.
[PDF]    [Slides]    ©ACM
 
Jan Camenisch, Thomas Groß and Thomas S. Scott-Heydt Benjamin.
Rethinking accountable privacy supporting services
In ACM Digital Identity Management (DIM), 2008, pages 1-8. ACM Press, November 2008.
[PDF]    ©ACM
 
Abhilasha Bhargav-Spantzel, Jan Camenisch, Thomas Groß and Dieter Sommer
User centricity: a taxonomy and open issues.
In ACM Digital Identity Management (DIM) 2006, pages 1-10. ACM Press, November 2006.
[PDF]    ©ACM
 
Jan Camenisch, Thomas Groß and Dieter Sommer
Enhancing privacy of federated identity management protocols.
In Workshop on Privacy in the Electronic Society (WPES) 2006, pages 67-72. ACM Press, November 2006. Earlier version at WSSS 2006.
[PDF]    ©ACM
 
Jan Camenisch, Thomas Groß and Dieter Sommer
Enhancing Privacy in Identity Federation -- Anonymous Credentials Ensure Unlinkability in WS-Security.
In IEEE Workshop on Web Services Security (WSSS) 2006, pages 34-50. Berkeley, May 2006.
[PDF]    ©IEEE
 
Thomas Groß and Birgit Pfitzmann
SAML artifact information flow revisited.
In IEEE Workshop on Web Services Security (WSSS) 2006, pages 82-100, Berkeley, May 2006.
[PDF]    ©IEEE
 
Michael Backes and Thomas Groß
Tailoring the Dolev-Yao Abstraction to Web Service Realities.
In ACM Secure Web Services Workshop (SWS) 2005, pages 65-74. ACM Press, November 2005.
[PDF]    ©ACM
 
Thomas Groß, Birgit Pfitzmann and Ahmad-Reza Sadeghi.
Proving a WS-Federation Passive Requestor Profile with a browser model.
In ACM Secure Web Services Workshop (SWS) 2005, pages 54-64. ACM Press, November 2005.
[PDF]    ©ACM
 
Thomas Groß, Birgit Pfitzmann and Ahmad-Reza Sadeghi.
Browser Model for Security Analysis of Browser-Based Protocols.
In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS), volume 3679 of Lecture Notes in Computer Science, pages 489-508. Springer-Verlag, Berlin Germany, September 2005.
[PDF]    ©Springer-Verlag
 
Thomas Groß and Birgit Pfitzmann.
Proving a WS-Federation Passive Requestor Profile.
In 1st ACM Workshop on Secure Web Services (SWS), ACM Press, October 2004. Preproceedings pp. 1-10. copyright ACM, 2004.
[PDF]    ©ACM
 
Thomas Groß and Anthony Moran.
Trends in access control - where access control systems may go.
In 10th ACM Conference on Computer and Communications Security, October 2003. Industry Track.
[PDF]    ©ACM
 
Thomas Groß.
Security analysis of the SAML single sign-on browser/artifact profile.
In 19th Annual Computer Security Applications Conference (ACSAC 2003). IEEE Computer Society Press, 2003. copyright IEEE, 2003. Earlier version IBM Research Report RZ 3501 (#99427)
[PDF]    ©IEEE

Patents

I have filed more than 20 patent patent applications. The following ones are already published at the US Patent & Trademark Office, the European Patent Office or the Free Patents Online Database.
[PDF]

Jan Camenisch and Thomas Groß
System and method for verifying an electronic document.
Patent Application US20090063986A1, filed: 09/04/2008. IBM.
[Patent Application]
 
Anthony Bussani, Jan Camenisch, Thomas Groß, Dirk Husemann, Ansgar Schmidt and Dieter Sommer
Method, system and computer program product for virtual world access control management
Patent Application US20090254968A1, filed: 04/03/2008. IBM.
[Patent Application]
 
Jan Camenisch, Thomas Groß, and Dieter Sommer
Message Assertion Signature.
Patent Application EP2030364, filed: 04/27/2007, IBM.
 
Michael Backes, Thomas Groß, and Günter Karjoth
Tag Identification System.
Patent Application US20080204243A1, filed: 12/17/2007; Patent Application EP0612346.3, filed: 12/18/2006, IBM.
[Patent Application]
 
Thomas Groß and Birgit Pfitzmann
Secure Identity Management.
Patent Application EP1964021, filed: 12/23/2005. IBM.
 
Michael Backes, Thomas Groß, Günter Karjoth, and Luke O'Connor
Verification Method and System.
Patent Application US20080136586A1, filed: 10/26/2007; Patent Application EP06123078.5, filed: 10/27/2006. IBM.
[Patent Application]
 
Thomas Groß, Günter Karjoth, and Matthias Schunter
Conditionalized Access Control Based on Dynamic Content Analysis.
Patent Application US20050086228A1, filed: 10/20/2004; Patent Application EP03405756.2, filed: 10/20/2003. IBM.
[Patent Application]
 
Thomas Groß, Brook M. Lovatt, Anthony S. Moran, and Matthias Schunter
Dynamic Access Decision Information Module.
Patent Application US20050004913A1, filed: 07/02/2003. IBM.
[Patent Application]

Theses

Thomas Groß.
Browser-based Identity Federation.
PhD Thesis. Ruhr-University Bochum, Germany, August 2010.
[Defense Talk]    [Summary PDF]    [e-Publication]
 
Thomas Groß.
Self-Competence by Mindfulness.
Transactional Analysis Thesis. Erich-Berne Institute Zurich, Switzerland, November 2009.
 
Thomas Groß.
Context-based Access Control.
Master Thesis. Saarland University, Germany, March 2003.
[PDF]

Research Reports

Sören Bleikertz, Thomas Groß and Sebastian Mödersheim.
Modeling and Analysis of Dynamic Infrastructure Clouds.
IBM Research Report RZ 3859, IBM Research Division, Zurich, January 2014.
 
Sebastian Mödersheim, Thomas Groß, L. Viganò.
Defining Privacy is Supposed to be Easy (Extended Version).
DTU Compute Technical Report 2013-21, DTU, Denmark, 2013.
 
Sebastian Mödersheim and Thomas Groß.
Vertical Protocol Composition (Extended Version).
IBM Research Report RZ3803, IBM Research Division, Zurich, July 2011.
 
Jan Camenisch and Thomas Groß.
Efficient attributes for anonymous credentials (Extended Version).
IACR Cryptology ePrint Archive: Report 2010/496. September 2010.
 
Sören Bleikertz, Thomas Groß, Matthias Schunter, and Konrad Ericksson.
Automating Security Audits of Heterogeneous Virtual Infrastructures.
IBM Research Report RZ3786, IBM Research Division, Zurich, August 2010.
 
Jan Camenisch, Thomas Groß, Peter Hladky and Christian Hoertnagl.
Privacy-friendly Incentives and their Application to Wikipedia (Extended Version).
IACR Cryptology ePrint Archive: Report 2010/401. July 2010.
 
Jan Camenisch, Nathalie Casati, Thomas Groß and Victor Shoup.
Credential-Authenticated Identification and Key Exchange (Extended Version).
IACR Cryptology ePrint Archive: Report 2010/055. February 2010.
 
Patrik Bichsel, Jan Camenisch and Thomas Groß.
Anonymous Credentials on a Standard Javacard.
IBM Research Report RZ3744 07/10/09, IBM Research, July 2009.
 
Thomas Groß and Birgit Pfitzmann.
Test Cases for a WS-Federation Passive Requestor Profile.
IBM Research Report RZ3732 05/06/09, IBM Research, May 2009.
 
IBM. Patrik Bichsel, Carl Binding, Jan Camenisch, Thomas Groß, Tom Heydt-Benjamin, Dieter Sommer, and Greg Zaverucha (Contributors).
Cryptographic Protocols of the Identity Mixer Library, v. 1.0.
IBM Research Report RZ3730 03/19/09, IBM Research, March 2009.
 
Thomas Groß and Birgit Pfitzmann.
SAML artifact information flow revisited.
IBM Research Report RZ3643 (#99653), IBM Research, January 2006.
 
Thomas Groß, Birgit Pfitzmann and Ahmad-Reza Sadeghi.
Browser Model for Security Analysis of Browser-Based Protocols.
IBM Research Report RZ 3600 (#99610) 04/18/05, IBM Research Division, Zurich, April 2005. Also as Cryptology ePrint Archive Report 2005/127.
[IBM RZ]
 
Christian Cachin, Thomas Groß, Guiseppe Persiano (ed.), Ahmad-Reza Sadeghi, Berry Schoenmakers, Julien Stern, and Ivan Visconti.
First Summary Report on Two-Party Protocols.
ECRYPT Deliverable D.PROVI.1, European Network of Excellence in Cryptography ( ECRYPT), January 2005.
 
Thomas Groß and Anthony Moran.
Trends in Access Control.
IBM Research Report RZ 3529 (#99473) 01/19/04, IBM Research Division, Zurich, January 2004.
[IBM RZ]
 
Thomas Groß.
Security analysis of the SAML single sign-on browser/artifact profile.
IBM Research Report RZ 3501 (#99427) 06/30/03, IBM Research Division, Zurich, June 2003.
[IBM RZ]

Selected Talks Computer Science

Thomas Groß.
Privacy
Next Generation of Identity Management and Privacy in Public Sector, Living Tomorrow, Vilvoorde, Belgium, June 2010.
[Slides]
 
Thomas Groß.
Online Identity and Privacy
ESOMAR Roundtable on Online Privacy: A Lifetime on the Internet, Munich, Germany, November 2008.
 
Thomas Groß.
Privacy and Identity Management in Europe (PRIME)
OECD Workshop on Digital Identity Management (IDM), Trondheim, Norway, May 2007.
 
Thomas Groß, Birgit Pfitzmann, and Ahmad-Reza Sadeghi.
Web Services and Federated Identity Management
DIMACS Workshop on Security of Web Services and E-Commerce, Rutgers University, May 2005.
[PDF]
 
Thomas Groß, Birgit Pfitzmann, and Ahmad-Reza Sadeghi.
Models for Analysis of Browser-based Protocols
ECRYPT PROVILAB Workshop on Formal Methods, IBM Zurich Research Lab, April 2005.
 
Thomas Groß and Birgit Pfitzmann.
Web Services Security and Federated Identity Management.
Construction and Analysis of Safe, Secure and Interoperable Smart devices (CASSIS) Workshop, INRIA, March 2005.
[PDF]
 
Thomas Groß.
Emerging Protocols in Federated Identity Management.
HGI Seminar (Horst Görtz Institute), Ruhr-University Bochum, February 2004.

Selected Talks Psychology

Peter Bachmann, Thomas Groß and Beat Schär.
The Script Notion of Berne, Steiner and English
TA 25, Colloquium, Erich-Berne Institute, Zurich, Switzerland, October 2009.
 
Thomas Groß and Sonja Zanini-Bulati.
On the road to oneself - Transactional Analysis and (Self-) Hypnosis in Relation.
Blick über den Gartenzaun, Colloquium, Erich-Berne Institute, Zurich, Switzerland, January 2009.

Miscellaneous

Thomas Groß.
The Day Gyro Gearloose Discovered Well-being - Ego Depletion and Stress in Relation to HCI for Well-being and Research.
To appear at DIS 2012 Workshop Designing Well-being, June 11-12, 2012, Newcastle, UK.
 
Thomas Groß.
Prinzipielle Schwierigkeiten von Intrusion Detection Systemen.
Seminar Internetsicherheit. Saarland University, March 2002.
 
Thomas Groß and Ahmad-Reza Sadeghi.
Empfehlungssysteme.
Seminar Quality of Service in E-Commerce. Saarland University, March 2001.
 
Thomas Groß.
Distributed Logging System.
Advanced Practical Course. Saarland University, March 2001.