Staff Profile
Professor Thomas Gross
Professor of System Security, Director of Newcastle Centre of Research Excellence in Cyber Security & Resilience, Director of the Newcastle Academic Centre of Excellence in Cyber Security Research (ACE-CSR)
- Email: thomas.gross@ncl.ac.uk
- Telephone: +44 191 208 8987
- Fax: +44 191 208 8232
- Personal Website: http://www.thomasgross.net
- Address: School of Computing
Newcastle University
Urban Sciences Building
1 Science Square
Newcastle upon Tyne
NE4 5TG
United Kingdom
Thomas Groß is a Professor in System Security in the School of Computing at Newcastle University. He is the Director of Newcastle University Centre of Research Excellence (NUCoRE) in Cyber Security & Resilience, a UK Academic Centre of Excellence in Cyber Security Research (ACE-CSR). He is the Principal Investigator of the European Research Council (ERC) Starting Grant Confidentiality-Preserving Security Assurance (CASCAde). Thomas is a member of the UK Research Institute in Sociotechnical Cyber Security (RISCS), which he also serves as member of its scientific advisory board and lead for scientific methods. Before he joined Newcastle in 2011, he was a Research Staff Member (RSM) in the Security and Cryptography group of IBM Research - Zurich before that and IBM's Research Relationship Manager for privacy research. Thomas received his Ph.D. (Dr.-Ing.) from Ruhr-University Bochum, Germany, in 2009. He received his M.Sc. (Dipl. Inf.) in Computer Science at Saarland University, Germany, in 2004. Thomas is a member of the GI, ACM, IEEE, and IACR, as well as Alumnus of the German National Academic Foundation.
My research interests are in system security and privacy, where I'm mostly active in applied cryptography, human factors and evidence-based methods of security and privacy.
My main research project is in Confidentiality-Preserving Security Assurance (CASCAde, ERC). This research aims at achieving the certification and security assurance of system topologies and complex data structures in such a way that one can prove security properties to verifiers, without disclosing sensitive information.
This research includes the creation of novel digital signature schemes on graph data structures, called graph signature schemes, especially in a form that makes the signed graph elements (vertices, edges, and labels) available to zero-knowledge proofs of knowledge.
The first proposal of such a graph signature scheme operated in a Strong RSA setting, encoded vertices, edges and labels as prime numbers, and offered proofs established via co-primality and divisibility. This work also showed that graph signature schemes were expressive enough to encode statements from arbitrary NP languages. This scheme is at the heart of the graph signature library (GSL) implemented and expanded upon in the EU projects PrismaCloud and CASCAde.
In meantime, we have developed a new graph signature scheme based on a q-SDH setting that can encode arbitrary messages and overcomes the restrictions of a prime encoding. It is based on our MoniPoly commitment and attribute-based credential scheme.
I have a strong interest in evidence-based methods in security and privacy as well as sound empirical research methodology. I pursue this research agenda, for instance, in my engagement in the UK Research Institute in Sociotechnical Cyber Security (RISCS), in which I serve on the scientific advisory board.
This research includes reviewing the evidence present in the field, evaluating reporting fidelity, statistical reliability, and meta-analyses. This research also involves the analysis of the validity and reliability of instruments in human dimensions of security and privacy research, incl. for example the well-known privacy concern scale IUIPC.
In semester 2021/22, I will teach Cryptography as well as Information Security and Trust.
In general, I advise UG, MSc and PhD projects in a wide range of security and privacy topics.
- Gross T. Hashing to Prime in Zero-Knowledge. In: Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT. 2021, Online: SciTePress.
- Sokolovsky A, Gross T, Bacardit J. Is it feasible to detect FLOSS version release events from textual messages? A case study on Stack Overflow. PLoS ONE 2021, 16(2), e0246464.
- Gross T. Validity and Reliability of the Scale Internet Users’ Information Privacy Concerns (IUIPC). Proceedings on Privacy Enhancing Technologies 2021, 2021(2), 235-258.
- Tan SY, Sfyrakis I, Gross T. A q-SDH-based Graph Signature Scheme on Full-Domain Messages with Efficient Protocols. Cryptology ePrint Archive, 2020. 2020/1403.
- Tan SY, Gross T. MoniPoly—An Expressive q-SDH-Based Anonymous Attribute-Based Credential System. In: Advances in Cryptology – ASIACRYPT 2020. 2020, Daejeon, South Korea: Springer, Cham.
- Tan SY, Gross T. MoniPoly---An Expressive q-SDH-Based Anonymous Attribute-Based Credential System [Extended Version]. Cryptology ePrint Archive, 2020. 2020/587.
- Gross T. Pre-Registration: Power, PPV and Publication Bias of Cyber Security User Studies. Newcastle upon Tyne: Newcastle University, 2020. School of Computing Technical Report Series 1540.
- Nwadike UP, Gross T. Pre-Registration: Random-Controlled Trial on the Effect of Induced Incidental Affect States [Fear/Happiness] on Privacy Behavioural Intentions. Newcastle upon Tyne: Newcastle University, 2020. School of Computing Technical Report Series 1539.
- Gross T. Pre-Registration: Statistical Reporting in Cyber Security User Studies. Newcastle upon Tyne: Newcastle University, 2020. School of Computing Technical Report Series 1538.
- Gross T. Registration: Revisiting the Factor Structure of IUIPC-10. Newcastle upon Tyne: Newcastle University, 2020. School of Computing Technical Report Series 1541.
- Gross T. Statistical Reliability of 10 Years of Cyber Security User Studies. In: 10th International Workshop on Socio-Technical Aspects in Security (STAST 2020). 2020, Guildford, United Kingdom: Springer Verlag.
- Gross T. Statistical Reliability of 10 Years of Cyber Security User Studies (Extended Version). arXiv preprint, 2020. arXiv:2010.02117.
- Gross T. Validity and Reliability of the Scale Internet Users' Information Privacy Concern (IUIPC) [Extended Version]. arXiv preprint, 2020. arXiv:2011.11749.
- Tan SY, Gross T. A Pairing-Based Anonymous Credential System with Efficient Attribute Encoding. Newcastle upon Tyne: Newcastle University, 2019. School of Computing 1527.
- Tan SY, Gross T. A Pairing-Based Anonymous Credential System with Efficient Attribute Encoding. Newcastle upon Tyne: School of Computing, Newcastle University, 2019. School of Computing Technical Report Series 1527.
- Coopamootoo K, Gross T. A Systematic Evaluation of Evidence-Based Methods in Cyber Security User Studies. Newcastle upon Tyne: School of Computing, Newcastle University, 2019. School of Computing Technical Report Series 1528.
- Coopamootoo KPL, Gross T. Cyber security and privacy experiments: A design and reporting toolkit. In: Privacy and Identity 2017: Privacy and Identity Management. The Smart Revolution. 2018, Ispra, Italy: Springer New York LLC.
- Gross T, Ali MA. Experiment Pre-Registration Predicting 3-D-Secure Fraud Detection Outcomes. Newcastle upon Tyne: Newcastle University, 2018. School of Computing Technical Report Series 1537.
- Gross T, Sfyrakis I. Specification of the Graph Signature Cryptographic Library and the PRISMACLOUD Topology Certification Version 0.9.2. Newcastle upon Tyne: School of Computing Science, Newcastle University, 2018. School of Computing Technical Report Series 1523.
- Sfyrakis I, Gross T. UniGuard: Protecting Unikernels using Intel SGX. In: IEEE International Conference on Cloud Engineering. 2018, Orlando, USA: IEEE.
- Coopamootoo K, Gross T. A Codebook for Evidence-Based Research: The Nifty Nine Completeness Indicators v1.1. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2017. School of Computing Technical Report Series 1514.
- Coopamootoo KPL, Gross T. A Codebook for Extracting Privacy & Sharing Attitude. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2017. School of Computing Technical Report Series 1518.
- Coopamootoo KPL, Gross T, Pratama MFR. An Empirical Investigation of Security Fatigue - The Case of Password Choice after Solving a CAPTCHA. In: Learning from Authoritative Security Experiments Results (LASER). 2017, Arlington, VA, USA.
- Gross T. Correlation Matrices for "Evaluating Users' Affect States: Towards a Study on Privacy Concerns”. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2017. School of Computing Science Technical Report Series 1508.
- Coopamootoo KPL, Gross T. Cyber Security and Privacy Experiments: A Design & Reporting Toolkit. In: Privacy and Identity Management. The Smart Revolution (12th IFIP). 2017, Ispra, Italy: Springer.
- Gross T. Pretest Registration: Investigation on the Effect of Fear and Stress on Password Choice. Newcastle upon Tyne: Newcastle University, 2017. School of Computing Technical Report Series 1536.
- Sfyrakis I, Gross T. VirtusCap: Capability-based Access Control for Unikernels. In: IEEE International Conference on Cloud Engineering (IC2E 2017). 2017, Vancouver, BC, Canada: IEEE.
- Gross T, Coopamootoo K, Al-Jabri A. Why Johnny Cannot Remember His Password -- An Empirical Investigation. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2017. School Of Computing Science Technical Report Series 1509.
- Coopamootoo KPL, Gross T. Why Privacy is All But Forgotten - An Empirical Study of Privacy and Sharing Attitude. Proceedings on Privacy Enhancing Technologies (PoPETs) 2017, 2017(4), 39-60.
- Gross T, Coopamootoo KPL, Al-Jabri A. Effect of Cognitive Depletion on Password Choice. In: Learning from Authoritative Security Experiment Results Workshop (LASER). 2016, San Jose, CA, USA: IEEE.
- Gross T, Coopamootoo K, Al-Jabri A. Effect of Cognitive Depletion on Password Choice. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2016. School of Computing Science Technical Report Series 1496.
- Nwadike U, Gross T, Coopamootoo KPL. Evaluating users’ affect states: Towards a study on privacy concerns. In: 11th IFIP International Summer School. 2016, Karlstad, Sweden: Springer New York LLC.
- Coopamootoo KPL, Gross T. Evidence-based methods for privacy and identity management. In: 11th IFIP International Summer School. 2016, Karlstad, Sweden: Springer New York LLC.
- Yevseyeva I, Turland J, Morisset C, Coventry L, Gross T, van Moorsel A. Addressing consumerization of IT risks with nudging. International Journal of Information Systems and Project Management 2015, 3(3), 5-22.
- Bleikertz S, Gross T, Mödersheim S, Vogel C. Proactive Security Analysis of Changes in Virtualized Infrastructure. In: 31st Annual Computer Security Applications Conference (ACSAC'2015). 2015, Los Angeles, CA, USA: ACM Press.
- Gross T. Signatures and Efficient Proofs on Committed Graphs and NP-Statements. In: 19th International Conference on Financial Cryptography and Data Security 2015. 2015, San Juan, Puerto Rico: Springer.
- Lorünser T, Rodriguez CB, Demirel D, Fischer-Hübner S, Groß T, Länger T, des Noes M, Pöhls HC, Rozenberg B, Slamanig D. Towards a New Paradigm for Privacy and Security in Cloud Services. In: 4th Cyber Security and Privacy Innovation Forum. 2015, Brussels, Belgium: Springer International Publishing.
- Arief B, Bin Adzmi MA, Gross T. Understanding Cybercrime from Its Stakeholders' Perspectives: Part 1-Attackers. IEEE Security & Privacy 2015, 13(1), 71-76.
- Yevseyeva I, Morisset C, Gross T, vanMoorsel A. A Decision Making Model of Influencing Behavior in Information Security. In: 11th European Workshop on Performance Evaluation, EPEW 2014. 2014, Florence, Italy: Springer.
- Yevseyeva I, Morisset C, Gross T, Van Moorsel A. A Decision Making Model of Influencing Behavior in Information Security. In: EPEW 2014: Computer Performance Engineering. 2014, Florence, Italy: Springer, Cham.
- Morisset C, Yevseyeva I, Gross T, van Moorsel A. A formal model for soft enforcement: Influencing the decision-maker. In: STM 2014: Security and Trust Management. 2014, Wroclaw, Poland: Springer Verlag.
- Morisset C, Yevseyeva I, Gross T, van Moorsel A. A Formal Model for Soft Enforcement: Influencing the Decision-Maker. In: 10th International Workshop on Security and Trust Management. 2014, Wroclaw, Poland: Springer.
- Morisset C, Yevseyeva I, Gross T, van Moorsel A. A Formal Model for Soft Enforcement: Influencing the Decision-Maker. In: 10th International Workshop on Security Trust and Management (STM 2014). 2014, Wroclaw, Poland: Springer.
- Coopamootoo KPL, Gross T. Cognitive effort in privacy decision-making vs. 3x4: evaluation of a pilot experiment design. In: WIP at Learning from Authoritative Security Experiment Results (LASER). 2014, Arlington, Virginia, USA: LASER.
- Yevseyeva I, Morisset C, Turland J, Coventry L, Gross T, Laing C, van Moorsel A. Consumerisation of IT: Mitigating risky user actions and improving productivity with nudging. In: CENTERIS 2014: 6th Conference on ENTERprise Information Systems. 2014, Troia, Portugal: Elsevier BV.
- Yevseyeva I, Morisset C, Turland J, Coventry L, Gross T, Laing C, van Moorsel A. Consumerisation of IT: Mitigating risky user actions and improving productivity with nudging. In: CENTERIS 2014 / ProjMAN 2014 / HCIST 2014. 2014, Troia, Portugal: Elsevier BV.
- Gross T. Efficient Certification and Zero-Knowledge Proofs of Knowledge on Infrastructure Topology Graphs. In: 6th ACM Workshop at 21st ACM Conference on Computer and Communications Security (CCSW'14). 2014, Arizona, USA: ACM.
- Morisset C, Yevseyeva I, Gross T, van Moorsel A. Formalization of Influencing in Information Security. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2014. School of Computing Science Technical Report Series 1423.
- Gross T. Issuing CL-Signatures on Speed: Signing with a Constant Number of Exponentiations. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2014. School of Computing Science Technical Report Series 1418.
- Coopamootoo KPL, Gross T. Mental models for usable privacy: A position paper. In: Second International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS 2014). 2014, Crete, Greece: Springer Verlag.
- Coopamootoo KPL, Gross T. Mental Models for Usable Privacy: A Position Paper. In: Human Aspects of Information Security, Privacy, and Trust at HCI International. 2014, Heraklion, Crete, Greece: HCI International.
- Coopamootoo KPL, Gross T. Mental models of online privacy: Structural properties with cognitive maps. In: 28th International BCS Human Computer Interaction Conference: Sand, Sea and Sky - Holiday HCI, HCI 2014. 2014, Southport, UK: BCS Learning and Development Ltd.
- Coopamootoo KPL, Gross T. Mental models of privacy: structural properties with cognitive maps. In: WIP at British HCI. 2014, Southport, UK.
- Coopamootoo KPL, Gross T. Mental models: an approach to identify privacy concern and behaviour. In: Workshop on Privacy Personas and Segmentation (PPS) at SOUPS. 2014, Menlo Park, CA: SOUPS.
- Morisset C, Gross T, van Moorsel A, Yevseyeva I. Nudging for quantitative access control systems. In: Second International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS 2014). 2014, Crete, Greece: Springer.
- Morisset C, Gross T, vanMoorsel A, Yevseyeva I. Nudging for Quantitative Access Control Systems. In: Second International Conference on Human Aspects of Information Security, Privacy, and Trust.Held as Part of HCI International 2014. 2014, Heraklion, Crete, Greece: Springer.
- Coopamootoo KPL, Gross T. Poster: Preliminary Investigation of Cognitive Effort in PrivacyDecision-Making: Sharing Personal Information vs. 3X4. In: Symposium in Usable Privacy and Security (SOUPS). 2014, Menlo Park, CA, USA.
- Gross T. Signatures and Efficient Proofs on Committed Graphs and NP-Statements. Newcastle upon Tyne: School of Computing Science, University of Newcastle upon Tyne, 2014. School of Computing Science Technical Report Series 1417.
- Camenisch J, Gross T. Efficient attributes for anonymous credentials. ACM Transactions on Information and System Security (TISSEC) 2012, 15(1), 4.
- Bleikertz S, Gross T. A Virtualization Assurance Language for Isolation and Deployment. In: International Symposium on Policies for Distributed Systems and Networks (POLICY). 2011, Pisa, Italy: IEEE.
- Gross T, Karjoth G. Access control in data processing systems. US, US13/077,881, 31 March 2011.
- Bichsel P, Camenisch J, Gross T, Shoup V. Anonymous Credentials on Java Card. In: 21st Fraunhofer SIT-Smartcard Workshop. 2011, Darmstadt, Germany: Fraunhofer Verlag.
- Bleikertz S, Gross T, Schunter M, Eriksson K. Automated Information Flow Analysis of Virtualized Infrastructures. In: 16th European Symposium on Research in Computer Security (ESORICS). 2011, Leuven, Belgium: Springer.
- Bleikertz S, Gross T, Mödersheim S. Automated Verification of Virtualized Infrastructures. In: 3rd ACM Workshop on Cloud Computing Security Workshop (CCSW). 2011, Chicago, Illinois, USA: ACM Press.
- Camenisch J, Gross T, Heydt-Benjamin TS. Efficient Tight Interval Proofs with Camenisch-Gross Encoding. Zurich, Switzerland: IBM Research Division, 2011. IBM Research Report RZ3800.
- Bhargav-Spantzel A, Gross T, ed. Proceedings of the 7th ACM Workshop on Digital Identity Management. New York, USA: ACM Press, 2011.
- Gross T, Mödersheim S. Vertical Protocol Composition. In: IEEE 24th Computer Security Foundations Symposium (CSF). 2011, Cernay-la-Ville, France: IEEE.
- Gross T, Mödersheim S. Vertical Protocol Composition (Extended Version). Zurich, Switzerland: IBM Research Division, 2011. IBM Research Report RZ3803.
- Camenisch J, Gross T. Attributes in cryptographic credentials. Armonk, New York, US: International Business Machines Corporation, Patent application US20100115281, 6 May 2010.
- Gross T. Browser-based Identity Federation. Germany: Ruhr-University Bochum, 2010.
- Bussani A, Camenisch J, Gross T, Husemann D, Sommer D. Confidential Presentations in Virtual World Infrastructure. Armonk, New York, US: International Business Machines Corporation, Patent application US20100058443, 4 March 2010.
- Camenisch J, Casati N, Gross T, Shoup V. Credential Authenticated Identification and Key Exchange. In: Advances in Cryptology - CRYPTO 2010: 30th Annual Cryptology Conference. 2010, Santa Barbara, California, USA: Springer.
- Camenisch J, Casati N, Gross T, Shoup V. Credential-Authenticated Identification and Key Exchange (Extended Version). Berlin: IACR, 2010. Cryptology ePrint Archive 2010/055.
- Camenisch J, Gross T, Heydt-Benjamin TS. Cryptographic encoding and decoding of secret data. Armonk, New York, US: International Business Machines Corporation, United States Patent Application 20100142704, 6 June 2010.
- Camenisch J, Gross T. Efficient attributes for anonymous credentials (Extended Version). Berlin: IACR, 2010. Cryptology ePrint Archive 2010/496.
- Camenisch J, Gross T. Forming Credentials. Armonk, New York, US: International Business Machines Corporation, Patent application US20100063932, 11 March 2010.
- Camenisch J, Gross T, Scott-Heydt B. Preliminary Thoughts on Privacy Supporting Binding of Biometrics to Credentials. In: 3rd Hot Topics in Privacy Enhancing Technologies (HotPETS). 2010, Berlin, Germany.
- Camenisch J, Gross T, Hladky P, Hörtnagl C. Privacy-friendly Incentives and their Application to Wikipedia. In: 2nd IFIP WG 11.6 Working Conference on Policies and Research in Identity Management (IDMAN). 2010, Oslo, Norway: Springer.
- Camenisch J, Gross T, Hladky P, Hoertnagl C. Privacy-friendly Incentives and their Application to Wikipedia (Extended Version). Berlin: IACR, 2010. Cryptology ePrint Archive 2010/401.
- Gross T, Takahashi K, ed. Proceedings of the 6th ACM Workshop on Digital Identity Management. New York, USA: ACM Press, 2010.
- Bussani A, Camenisch J, Gross T, Husemann D, Schmidt A, Sommer D. Providing an ad-hoc 3d GUI within a virtual world to a non-virtual world application. Armonk, New York, US: International Business Machines Corporation, Patent application US20100023889, 28 January 2010.
- Gross T. [Transactional Analysis Thesis] Self-Competence by Mindfulness. Zurich, Switzerland: Erich-Berne Institute, 2009.
- Camenisch J, Gross T, Heydt-Benjamin TS. Accountable privacy supporting services. Identity in the Information Society 2009, 2(3), 241-267.
- Bichsel P, Camenisch J, Gross T, Shoup V. Anonymous credentials on a standard java card. In: CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security. 2009, Chicago, Illinois, USA: ACM Press.
- Camenisch J, Gilbin C, Gross T, Karjoth G. Anonymous Separation of Duties with Credentials. US, US12/536.874, 6 August 2009.
- Gross T, Sommer D, Camenisch J. Assertion Message Signatures. Armonk, New York, US: International Business Machines Corporation, EP2030364 (A2), 4 March 2009.
- Bichsel P, Binding C, Camenisch J, Gross T, Heydt-Benjamin TS, Sommer D, Zaverucha G. Cryptographic Protocols of the Identity Mixer Library, v. 1.0. Zurich, Switzerland: IBM Research Division, 2009. IBM Research Report RZ3730.
- Bussani A, Camenisch J, Gross T, Husemann D, Schmidt A, Sommer D. Method, system, and computer program product for virtual world access control management. Armonk, New York, US: International Business Machines Corporation, Patent application US20090254968, 8 October 2009.
- Bertino E, Gross T, Takahashi K, ed. Proceedings of the 5th ACM Workshop on Digital Identity Management. New York, USA: ACM Press, 2009.
- Gross T, Camenisch J. System and method for verifying an electronic document. Armonk, New York, US: International Business Machines Corporation, US 2009/0063986 A1, 5 March 2009.
- Gross T, Pfitzmann B. Test Cases for a WS-Federation Passive Requestor Profile. Zurich, Switzerland: IBM Research Division, 2009. IBM Research Report RZ3732.
- Camenisch J, Gross T. Efficient attributes for anonymous credentials. In: 15th ACM conference on Computer and communications security (TISSEC). 2008, Alexandria, Virginia, USA: ACM Press.
- Camenisch J, Gross T. Efficient attributes for anonymous credentials. In: ACM Computer and Communications Security (CCS). 2008, Tokyo, Japan: ACM Press.
- Camenisch J, Gross T, Scott-Heydt B. Rethinking accountable privacy supporting services. In: ACM Digital Identity Management (DIM). 2008, Alexandria, Virginia, USA: ACM Press.
- Bhargav-Spantzel A, Camenisch J, Gross T, Sommer D. User centricity: A taxonomy and open issues. Journal of Computer Security 2007, 15(5), 493-527.
- Camenisch J, Gross T, Sommer D. Enhancing privacy in identity federation: Anonymous credentials ensure unlinkability in WS-Security. In: IEEE Workshop on Web Services Security (WSSS). 2006, Berkeley, California, USA: IEEE.
- Camenisch J, Gross T, Sommer D. Enhancing privacy of federated identity management protocols. In: Workshop on Privacy in the Electronic Society (WPES). 2006, Alexandria, Virginia, USA: ACM Press.
- Gross T, Pfitzmann B. SAML artifact information flow revisited. In: IEEE Workshop on Web Services Security (WSSS). 2006, Berkeley, California, USA: IEEE.
- Gross T, Pfitzmann B. Secure Identity Management. New York: International Business Machines Corporation, WO Patent WO/2007/072318, European Patent EP1964021B1, January 2006.
- Backes M, Gross T, Karjoth G. Tag identification system. Armonk, New York, US: International Business Machines Corporation, Patent applications US2008204243A1, EP0612346.3, December 2006.
- Bhargav-Spantzel A, Camenisch J, Gross T, Sommer D. User centricity: a taxonomy and open issues. In: ACM Digital Identity Management (DIM). 2006, Alexandria, Virginia, USA: ACM Press.
- Backes M, Gross T, Karjoth G, O'Connor L. Verification method and system. Armonk, New York, US: International Business Machines Corporation, Patent applications US20080136586A1, EP06123078.5, October 2006.
- Gross T, Pfitzmann B, Ahmad-Reza S. Browser model for security analysis of browser-based protocols. In: 10th European Symposium on Research in Computer Security (ESORICS). 2005, Milan, Italy: Springer.
- Gross T, Karjoth G, Schunter M. Conditionalized access control based on dynamic content analysis. Armonk, New York, US: International Business Machines Corporation, Patent application US20050086228A1, 21 April 2005.
- Gross T, Lovatt BM, Moran AS, Schunter M. Dynamic access decision information module. Armonk, New York, US: International Business Machines Corporation, United States Patent 7523200, January 2005.
- Gross T, Pfitzmann B, Ahmad-Reza S. Proving a WS-Federation Passive Requestor Profile with a browser model. In: ACM Workshop on Secure Web Services (SWS). 2005, Alexandria, Virginia, USA: ACM Press.
- Backes M, Gross T. Tailoring the Dolev-Yao abstraction to web services realities. In: ACM Workshop on Secure Web Services (SWS). 2005, Alexandria, Virginia, USA: ACM Press.
- Gross T, Pfitzmann B. Proving a WS-Federation Passive Requestor Profile. In: ACM Workshop on Secure Web Services (SWS). 2004, Alexandria, Virginia, USA: ACM Press.
- Gross T. [Master Thesis] Context-based access control. Germany: Saarland University, 2003.
- Gross T. Security analysis of the SAML single sign-on browser/artifact profile. In: 19th Annual Computer Security Applications Conference (ACSAC). 2003, Las Vegas, Nevada, USA: IEEE.