Refereed Journals

Thomas Groß. Validity and Reliability of the Scale Internet Users’ Information Privacy Concern (IUIPC). To appear in Proceedings of the Privacy Enhancing Technology Symposium (PoPETS 2021.2), 2021(2), Sciendo, De Gruyter, 2021.

Kovila Coopamootoo and Thomas Groß. Why Privacy Is All But Forgotten – An Empirical Study of Privacy & Sharing Attitude. In proceedings of the Privacy Enhancing Technology Symposium (PoPETS 2017), 2017.

Iryna Yevseyeva, James Turland, Charles Morisset, Lynn Coventry, Thomas Groß, and Aad van Moorsel. Addressing consumerisation of IT risks with nudging. International Journal of Information Systems and Project Management 2015.

Budi Arief, Mohammed A Bin Adzmi, and Thomas Groß. Understanding Cybercrime from Its Stakeholders’ Perspectives: Part 1–Attackers. IEEE Security & Privacy 2015, 13(1), 71–76, 2015.

Yevseyeva, Iryna, Charles Morisset, James Turland, Lynne Coventry, Thomas Groß, Christopher Laing, and Aad van Moorsel. Consumerisation of IT: Mitigating risky user actions and improving productivity with nudging. Procedia Technology 16 (2014): 508-517.

Jan Camenisch and Thomas Groß. Efficient attributes for anonymous credentials. In ACM Transactions on Information and System Security (TISSEC) 15(1), 2012, special issue on ACM CCS 2008, pages 4:1–4:30, New York, NY, USA, ACM Press, 2012.

Jan Camenisch, Thomas Groß and Thomas S. Scott-Heydt Benjamin. Rethinking account- able privacy supporting services. In Identity in the Information Society (IDIS), 2009.

Abhilasha Bhargav-Spantzel, Jan Camenisch, Thomas Groß, and Dieter Sommer. User centricity—A taxonomy and open issues. In Journal of Computer Security 15(5), pages 493– 527, IOS Press, 2007.

Refereed Conferences and Workshops

Syh-Yuan Tan and Thomas Groß. MoniPoly—An expressive q-SDH-based anonymous attribute-based credential system. To appear in proceedings of ASIACRYPT’2020, LNCS 12493, Springer Verlag, 2020.

Thomas Groß. Statistical Reliability of 10 Years of Cyber Security User Studies. To appear in Proceedings of the 10th International Workshop on Socio-Technical Aspects in Security (STAST’2020). LNCS 11739, Springer, 2021.

Thomas Groß. Fidelity of Statistical Reporting in 10 Years of Cyber Security User Studies. To appear in proceedings of the 9th International Workshop on Socio-Technical Aspects in Security (STAST’2019). LNCS 11739, Springer Verlag, 2020.

Uchechi Phyllis Nwadike and Thomas Groß. Investigating the Effect of Incidental Affect States on Privacy Behavioral Intention. To appear in proceedings of the 9th International Workshop on Socio-Technical Aspects in Security (STAST’2019). LNCS 11739, Springer Verlag, 2020.

Mohammed Aamir Ali, Thomas Groß, and Aad van Moorsel. Investigation of 3-D Secure’s Model for Fraud Detection. In proceedings of the 8th International Workshop on Socio-Technical Aspects in Security (STAST’2018). Best Paper Award. ACM, 2019.

Peter Carmichael, Thomas Groß and Charles Morisset. Interventions over Smart Card Swiping Behaviour. In proceedings of the 8th International Workshop on Socio-Technical Aspects in Security (STAST’2018). ACM, 2019.

Peter Carmichael, Charles Morisset, and Thomas Groß. SHRUBS: Simulating Influencing Human Behaviour in Security. In proceedings of the 8th International Workshop on Socio-Technical Aspects in Security (STAST’2018). ACM, 2019.

Ioannis Sfyrakis and Thomas Groß. UniGuard: Protecting Unikernels using Intel SGX. In proceedings of the IEEE International Conference on Cloud Engineering (IC2E), 2018.

Kovila Coopamootoo and Thomas Groß. Cyber Security & Privacy Experiments: A Design & Reporting Toolkit. In proceedings of the 12th International IFIP Summer School on Privacy and Identity Management, 2018.

Pasquale Chiaro, Simone Fischer-Hübner, Thomas Groß, Stephan Krenn, Thomas Lorünser, Ana Isabel Martinez Garcia, Andrea Migliavacca, Kai Rannenberg, Daniel Slamanig, Christoph Striecks and Alberto Zanini. Secure and Privacy-Friendly Storage and Data Processing in the Cloud. In proceedings of the 12th International IFIP Summer School on Privacy and Identity Management, 2018.

Tom Fordyce, Sam Green, and Thomas Groß. Investigation of the Effect of Fear and Stress on Password Choice. In proceedings of STAST’2017, 2017.

Kovila Coopamootoo, Thomas Groß, and Muhammad F. R. Pratama. An Empirical Investigation of Security Fatigue: The Case of Password Choice after Solving a CAPTCHA. In proceedings of the LASER Workshop, 2017.

Ioannis Sfyrakis and Thomas Groß. VirtusCap: Capability-based Access Control for Unikernels. In proceedings of the IEEE International Conference on Cloud Engineering (IC2E 2017), 2017.

Kovila Coopamootoo and Thomas Groß. Evidence-based Methods for Privacy and Identity Management. In proceedings of the 11th International IFIP Summer School on Privacy and Identity Management, 2017.

Sean Simpson and Thomas Groß. A Survey of Security Analysis in Federated Identity Management. In proceedings of the 11th International IFIP Summer School on Privacy and Identity Management, 2017.

Uchechi Nwadike, Thomas Groß, and Kovila Coopamootoo. Evaluating Users’ Affect States: Towards a Study on Privacy Concerns. In proceedings of the 11th International IFIP Summer School on Privacy and Identity Management, 2017.

Peter Carmichael, Charles Morisset, Thomas Groß. Influence Tokens: Analysing Adversarial Behaviour Change in Coloured Petri Nets. In proceedings of the ACSAC Socio- Technical Aspects in Security and Trust Workshop (STAST), 2016.

Thomas Groß, Kovila Coopamootoo, and Amina Al-Jabri. Effect of Cognitive Depletion on Password Choice. SOUPS workshop Who Are You?! Adventures in Authentication (WAY), 2016.

Thomas Groß, Kovila Coopamootoo, Amina Al-Jabri. Effect of Cognitive Depletion on Password Choice. Learning from Authoritative Security Experiment Results (LASER), 2016.

Sören Bleikertz, Thomas Groß, Sebastian Mödersheim, and Carsten Vogel. Proactive Security Analysis of Changes in Virtualized Infrastructures. In proceedings of ACSAC, 2015.

Thomas Lorünser, CB Rodriguez, Denise Demirel, Simone Fischer-Hübner, Thomas Groß, Thomas Länger, M des Noes, HC Pöhls, B Rozenberg, Daniel Slamanig. Towards a New Paradigm for Privacy and Security in Cloud Services. In proceedings of the 4th Cyber Security and Privacy Innovation Forum, 2015.

[28] Thomas Groß. Signatures and Efficient Proofs on Committed Graphs and NP-Statements. In proceedings of Financial Cryptography and Data Security (FC’15), 2015.

Thomas Groß. Efficient Certification and Zero-Knowledge Proofs of Knowledge on Infrastructure Topology Graphs. In proceedings of the ACM CCS Cloud Security Workshop (CCSW’14), 2014.

Kovila Coopamootoo and Thomas Groß. Cognitive Effort in Privacy Decision-Making vs. 3 x 4: Evaluation of a Pilot Experiment Design. WIPS at Learning from Authoritative Security Experiment Results (LASER’14). 2014, Arlington, Virginia, USA: LASER, without proceedings.

Sören Bleikertz, Carsten Vogel, and Thomas Groß. Cloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized Infrastructures. In proceedings of AC- SAC’14.

Kovila Coopamootoo and Thomas Groß. Mental Models of Online Privacy: Structural Properties with Cognitive Maps. In proceedings of BCS HCI WIPS, 2014.

Charles Morisset, Iryna Yevseyeva, Thomas Groß, and Aad Van Moorsel. A Formal Model for Soft Enforcement: Influencing the Decision-Maker. 10th International Workshop on Security and Trust Management (STM’14), pp. 113–128, 2014.

Iryna Yevseyeva, Charles Morisset, Thomas Groß, and Aad van Moorsel. A decision making model of influencing behavior in information security. 11th European Workshop on Performance Evaluation, EPEW 2014. 2014, Florence, Italy: Springer.

Iryna Yevseyeva, Charles Morisset, James Turland, Lynne Coventry, Thomas Groß, Christopher Laing, and Aad van Moorsel. Consumerisation of IT: Mitigating risky user actions and improving productivity with nudging. In 6th Conference on ENTERprise Information Systems (CENTERIS’14). 2014, Troia, Portugal: Springer.

Kovila Coopamootoo and Thomas Groß. Mental models: An approach to identify privacy concern and behavior. In proceedings of the SOUPS Workshop on Privacy Personas and Segmentation (PPS) 2014.

Thomas Groß, Charles Morisset, Aad van Moorsel, Iryna Yevseyeva. Nudging for Quantitative Access Control Mechanisms. In proceedings of the 16th International Conference on Human-Computer Interaction (HCI International 2014) (Invited Paper), Heraklion, Crete, Greece, June 2014.

Kovila Coopamootoo and Thomas Groß. Mental Models for Usable Privacy. In proceedings of the 16th International Conference on Human-Computer Interaction (HCI International 2014), Heraklion, Crete, Greece, June 2014

Sebastian Mödersheim, Thomas Groß, and Luca Viganò. Defining privacy is supposed to be easy. In proceedings of the 19th International Conference on Logic for Programming Artificial Intelligence and Reasoning (LPAR) 2013.

Sören Bleikertz, Thomas Groß, and Sebastian Mödersheim. Security Analysis of Dynamic Infrastructure Clouds. At the ESORICS Workshop for Trustworthy Clouds (without proceedings), London, UK, September 2013.

Francisco Rocha, Thomas Groß, and Aad van Moorsel. Defense-in-depth Against Malicious Insiders in the Cloud. IEEE International Conference on Cloud Engineering (IC2E), San Francisco, USA, March 2013.

Heiko Roßnagel, Jan Camenisch, Lothar Fritsch, Thomas Groß, Detlef Houdeau, Detlef Hühnlein, Anja Lehmann and Jon Shamah. FutureID – Shaping the Future of Electronic Identity. Annual Privacy Forum 2012, October, 2012.

Sören Bleikertz, Thomas Groß, and Sebastian Mödersheim. Automated verification of virtualized infrastructures. In proceedings of the 3rd ACM workshop on Cloud computing security (CCSW ’11 ). 2011.

Sören Bleikertz, Thomas Groß, Matthias Schunter, and Konrad Eriksson. Automated Information Flow Analysis of Virtualized Infrastructures. In proceedings of the European Symposium on Research in Computer Security (ESORICS) 2011.

Thomas Groß and Sebastian Mödersheim. Vertical Protocol Composition. In proceedings of the IEEE Computer Security Foundations Symposium (CSF) 2011.

Sören Bleikertz and Thomas Groß. A Virtualization Assurance Language for Isolation and Deployment. In proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), pp. 33–40, 2011.

Patrik Bichsel, Jan Camenisch, Thomas Groß, and Victor Shoup. Anonymous Credentials on Java Card. In Proceedings of 21st Fraunhofer SIT-Smartcard Workshop 2011, pages 193– 200. Fraunhofer Verlag, February 2011.

Jan Camenisch, Thomas Groß, Peter Hladky and Christian Hörtnagl. Privacy-friendly Incentives and their Application to Wikipedia. In 2nd IFIP WG 11.6 Working Conference on Policies and Research in Identity Management (IDMAN), 2010.

Jan Camenisch, Nathalie Casati, Thomas Groß, and Victor Shoup. Credential Authenti- cated Identification and Key Exchange. In Advances in Cryptology – CRYPTO 2010, pages 255–276. LNCS 6223. Springer, August 2010.

Jan Camenisch, Thomas Groß, Thomas S. Scott-Heydt Benjamin. Preliminary Thoughts on Privacy Supporting Binding of Biometrics to Credentials. In HotPETS, July 2010.

[51] Patrik Bichsel, Jan Camenisch, Thomas Groß, and Victor Shoup. Anonymous Credentials on a Standard Java Card. In ACM Computer and Communications Security (CCS), 2009, pages 600–610. ACM Press, November 2009.

Jan Camenisch and Thomas Groß. Efficient attributes for anonymous credentials. In ACM Computer and Communications Security (CCS), 2008, pages 345–356. ACM Press, November 2008.

Jan Camenisch, Thomas Groß and Thomas S. Scott-Heydt Benjamin. Rethinking accountable privacy supporting services. In ACM Digital Identity Management (DIM), 2008, pages 1–8. ACM Press, November 2008.

Abhilasha Bhargav-Spantzel, Jan Camenisch, Thomas Groß, and Dieter Sommer. User centricity—a taxonomy and open issues. In ACM Digital Identity Management (DIM) 2006, pages 1–10. ACM Press, November 2006.

Jan Camenisch, Thomas Groß, and Dieter Sommer. Enhancing privacy of federated identity management protocols. In Workshop on Privacy in the Electronic Society (WPES) 2006, pages 67–72. ACM Press, November 2006. Earlier version at WSSS 2006.

Jan Camenisch, Thomas Groß, and Dieter Sommer. Enhancing privacy in identity federation—Anonymous credentials ensure unlinkability in WS-Security. In IEEE Workshop on Web Services Security (WSSS) 2006, pages 34–50. Berkeley, May 2006.

Thomas Groß and Birgit Pfitzmann. SAML artifact information flow revisited. In IEEE Workshop on Web Services Security (WSSS) 2006, pages 82–100, Berkeley, May 2006.

Michael Backes and Thomas Groß. Tailoring the Dolev-Yao abstraction to web services realities. In 2005 ACM Workshop on Secure Web Services (SWS), ACM Press, 65–74, November 2005.

Thomas Groß, Birgit Pfitzmann, and Ahmad-Reza Sadeghi. Proving a WS-Federation Passive Requestor Profile with a browser model. In 2005 ACM Workshop on Secure Web Services (SWS), ACM Press, 54–64, November 2005.

Thomas Groß, Birgit Pfitzmann, and Ahmad-Reza Sadeghi. Browser model for security analysis of browser-based protocols. In 10th European Symposium on Research in Computer Security (ESORICS), Lecture Notes on Computer Science, 3679, Springer Verlag, 489–508, September 2005. Earlier version IBM Research Report RZ 3600 (#99610).

Thomas Groß and Birgit Pfitzmann. Proving a WS-Federation Passive Requestor Profile. In 2004 ACM Workshop on Secure Web Services (SWS), ACM Press, 25–34, October 2004.

Thomas Groß. Security analysis of the SAML single sign-on browser/artifact profile. In 19th Annual Computer Security Applications Conference (ACSAC 2003). IEEE Computer Society Press, 2003. Earlier version IBM Research Report RZ 3501 (#99427)