Curriculum Vitae

Short Bio

Thomas GrossThomas Groß is a tenured reader (associate professor) in System Security at the School of Computing Science at the University of Newcastle upon Tyne. He is the director of the Centre for Cybercrime and Computer Security (CCCS), a UK Academic Centre of Excellence in Cyber Security Research (ACE-CSR). He is the Principal Investigator of the European Research Council (ERC) Starting Grant CASCAde (Confidentiality-Preserving Security Assurance). His research interests are in security and privacy as well as applied cryptography and formal methods. Before he joined Newcastle in 2011, he was a tenured research scientist in the Security and Cryptography group of IBM Research - Zurich before that and IBM's Research Relationship Manager for privacy research. Thomas received his M.Sc. (Dipl. Inf.) in Computer Science at the Saarland University, Germany, in 2004. He received his Ph.D. (Dr.-Ing.) from the Ruhr-University Bochum, Germany, in 2009. His thesis was on the security analysis of standardized identity federation. Thomas is a member of the GI, ACM, IEEE, IACR and EATA, as well as Alumnus of the German National Academic Foundation.

Work Experience

  • Since 2016 Tenured Reader (Associate Professor) System Security at Newcastle University.
  • Since 2015 Director of the Northern Cloud Crime Centre (NCCC).
  • Since 2013 Director of the Centre for Cybercrime and Computer Security (CCCS) at Newcastle University.
  • Since 2013 Director of the Academic Centre of Excellence in Cyber Security Research (ACE-CSR) at Newcastle University.
  • Since 2011 Tenured Lecturer (Assist. Prof.) Security Privacy and Trust
    at Newcastle University.
  • 2008-2011 Research Relationship Manager Privacy Research
    at IBM and Director of the IBM Privacy Research Institute (PRI).
  • 2006-2011 Tenured Research Scientist (RSM)
    at the IBM Research - Zurich.
  • 2003-2006 Predoctoral Researcher
    at the IBM Research - Zurich.
  • 2002 Master Student/Intern
    at the IBM Research - Zurich.

 

Funding

  • 2017-22 CASCAde (ERC Starting Grant). Principal investigator. Confidentiality-Preserving Security Assurance.
  • 2017-16 Academic Centre of Excellence in Cyber Security Research (ACE-CSR). Principal investigator, director.
  • 2016-17 Evidence-based methods for cyber security (EPSRC RISCS II). Principal investigator. Systematic evaluation of state of play of evidence-based user studies in security and privacy.
  • 2015-20 CRITiCaL Combatting Criminal Acticity in the Cloud (EPSRC Contrails). Principal investigator, director.
  • 2015-18 PRISMACLOUDS (EU H2020). Newcastle principal investigator. Privacy and integrity methods for clouds.
  • 2015 International Research Collaboration Award. Principal Investigator. Experimentation in the Science of Cyber Security, with CMU.
  • 2015-18 ACE-CSR PhD. Co-investigator. Modelling for Defending against Influencing Attackers.
  • 2014-18 Doctoral Training Centre Cloud Computing for Big Data (EPSRC). Supervisor. PhD programme incl. security and privacy.
  • 2014-18 Doctoral Training Centre Digital Civics (EPSRC). Supervisor, lead security and privacy. PhD programme incl. security and privacy for digital interaction.
  • 2014 Equipment Grant. Principal investigator. Cyber Security Incident Simulation Room.
  • 2014 Equipment Grant. Principal investigator. Physical artifacts for teaching security and cryptography.
  • 2014-17 ACE-CSR PhD. Principal investigator. Attack Scalability in Identity Federation.
  • 2013-16 Academic Centre of Excellence in Cyber Security Research (ACE-CSR). Co-investigator, director.
  • 2012-15 FutureID (EU FP7, Call 6). Newcastle principal investigator, security and privacy model checking, compositional reasoning, usable privacy.
  • 2012-2014 PRISTINE (SiDE-funded). Principal investigator, usable and experience-centric privacy for social inclusion.
  • 2012 EPSRC Equipment Grants. Cloud security assurance and cyber security.
  • 2012-15 Research Institute in the Science of Cyber Security (EPSRC RISCS). Co-investigator. Choice architecture for information security (ChAISe).
  • 2012 EPSRC Cyber Security Research Network.
  • 2010-11 TCLOUDS (EU FP7, Call 5) Ccloud security validation.
  • 2010-11 Cloud Security Assurance (IBM STG Joint Program) Co-investigator, information flow analysis and verification of virtualized infrastructures.
  • 2008-10 PrimeLife (EU FP7, Call 4), efficiency of anonymous credentials and realization of the first anonymous credential system on Java Card.
  • 2007 Identity 2.0 (IBM Tivoli Joint Program/CIO Technology Program) Principal investigator.
  • 2003-06 Federated Identity Management (IBM Tivoli Joint Program), security analysis of federated identity management (SAML 1.1/2.0, WS-Federation) and development of IBM Tivoli Federated Identity Manager (TFIM).

Professional Service

Associate Editor

  • 2013 EURASIP Journal of Information Security (JIS)

Program (Co-)Chair

  • 2009-11 ACM Workshop on Digital Identity Management (DIM)
  • 2010 Identity in the Information Society (IDIS), Journal, Special Issue on Digital Identity Management
  • 2008-10 IBM Professional Interest Community (PIC) for Security & Privacy Research

Publication Chair

  • 2013 ACM Computer and Communications Security Conference (CCS)

Program Committees

  • 2013 IFIP Summer School on Privacy and Identity Management for Emerging Services and Technologies
  • 2013 IFIP Policies & Research in Identity Management (IDMAN)
  • 2009-10 IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT)
  • 2009-10 IBM Academy of Technology, Security and Privacy Symposium
  • 2006-08 ACM Workshop on Digital Identity Management (DIM)
  • 2008-09 IBM Pat Goldberg Award Committee, Security and Privacy
  • 2007-2009 IBM Faculty Award Committee, Security and Privacy
  • 2005-06 ACM Workshop on Secure Web Services (SWS)
  • 2006 IEEE Workshop on Web Services Security (WSSS)

Reviewer

  • 2011-12 ACM Conference on Computer and Communications Security (CCS)
  • 2011 Advances in Cryptology (CRYPTO)
  • 2011 International Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM)
  • 2010 Public Key Cryptography (PKC)
  • 2009-10 IEEE Transactions on Dependable and Secure Computing (TDSC)
  • 2008-09 Identity in the Information Society (IDIS), Journal
  • 2006 ESORICS
  • 2006 IEEE Internet Computing
  • 2005-06 IEEE Symposium on Security and Privacy (Oakland)
  • 2005 IEEE New Security Paradigms Workshop (NSPW)

Education

Awards and Honors

Impact

  • 2012 Research prototype of cloud security assurance analysis, transferred to IBM as part of the IBM PowerSC Trusted Surveyor product.
  • 2011 First automated isolation analysis for infrastructure clouds, used in an IBM analysis of a global financial institution's in-house cloud.
  • 2009 First anonymous credential system on a standard Java Card, cited by, e.g., the Handbook of EID Security as feasibility proof for this protocol class on eID cards.
  • 2006 First security proof of a WS-Federation Interop Profile (WSFPI), basis for industry interoperability, recommendations adopted by standard, proof conditions transferred as test suite to TFIM.
  • 2003-04 First security analysis of SAML 1.1 and 2.0, adopted in standard and acknowledged by OASIS, major identity federation standard, basis of ~50 industry and open-source software products.
  • 2003 Design and research prototype of IBM Tivoli Federated Identity Manager (TFIM), transferred to IBM Tivoli, first production deployment with global telecom operator, 50 Million seats.
  • 2002 Design and research prototype of the Dynamic Attribute (DynADI) Entitlement Service, transferred to IBM Tivoli Access Manager (TAM).