Thomas Groß - Research in Security and Privacy

Cloud Security Verification

We design an architecture for the verification of infrastructure clouds with respect to security goals. How can automated tools tackle the complexity of cloud topology?

MORE INFO

Whereas ideal topologies of infrastructure clouds are usually shown in a well-ordered model, we discovered that actual production infrastructure have very complex topologies. How can we approach their complexity in tool-supported analysis?

MORE INFO

Infrastructure Cloud Information Flow Analysis

We pursue the information flow analysis of virtualized infrastructures by graph coloring. Analyzing VM connections, network and storage we ask: How can we discover isolation breaches hidden in the actual configuration?

MORE INFO

Smart Identity Card

European countries establish eID systems, while often debating the privacy benefits anonymous credential systems provide. Are these advanced systems feasible and efficient enough on a standard eID card?

MORE INFO

0123

Information Security Confidentiality, integrity and availability of information and information systems.

Identity and privacy in electronic identification (eID) systems, social networks and the Internet in general.

Applied Crypto and Formal Methods Applications of cryptography (e.g., anonymous credential systems) and formal methods (e.g., model checking).

Cryptography for Privacy-enhanced Identity Management

I'm researching cryptography applications to identity management, mostly in the areas of privacy-enhancing technology (PET), zero-knowledge proofs of knowledge and anonymous credential systems. My overall goal is to establish a combination of strong authentication and privacy in identity management. Much of my past research has been on IBM's anonymous credential system Identity Mixer. Watch IBM's Identity Mixer YouTube video!. Beyond its integration into standardized identity federation protocols, I've contributed to a highly efficient attribute encoding for resource-constrained environments based on prime numbers and divisibility. I'm a contributor to the Identity Mixer community page.

Security Assurance for Virtualized Environments (SAVE)

I've been researching in how far virtualized infrastructures and clouds can be abstracted sufficiently to allow a systematic analysis of their security properties. In particular, I'm interested in the applications and benefits of formal methods and model checking for large-scale heterogeneous systems. With the IBM Research project Security Assurance for Virtualized Infrastructures (SAVE), we've had some first promising results on verifying isolation properties of a production infrastructure of a global financial institution and continue to explore further properties. This project is a contribution to the validation work package of the FP7 EU project TCLOUDS.