Centre for Software Reliability

Staff Profile

Dr Thomas Gross

Reader System Security, Director Academic Centre of Excellence in Cyber Security Research (ACE-CSR)


Thomas Groß is a Reader (associate professor) in System Security in the School of Computing at Newcastle University. He is the Director of Newcastle University Cyber Security & Resilience, a UK Academic Centre of Excellence in Cyber Security Research (ACE-CSR). He is the Principal Investigator of the European Research Council (ERC) Starting Grant Confidentiality-Preserving Security Assurance (CASCAde). Thomas is a member of the UK Research Institute in Sociotechnical Cyber Security (RISCS), which he also serves as member of its scientific advisory board and lead for scientific methods. Before he joined Newcastle in 2011, he was a Research Staff Member (RSM) in the Security and Cryptography group of IBM Research - Zurich before that and IBM's Research Relationship Manager for privacy research. Thomas received his Ph.D. (Dr.-Ing.) from Ruhr-University Bochum, Germany, in 2009. He received his M.Sc. (Dipl. Inf.) in Computer Science at Saarland University, Germany, in 2004. Thomas is a member of the GI, ACM, IEEE, and IACR, as well as Alumnus of the German National Academic Foundation.


My research interests are in system security and privacy, where I'm mostly active in applied cryptography, human factors and evidence-based methods of security and privacy.

My main research project is in Confidentiality-Preserving Security Assurance (CASCAde, ERC). This research aims at achieving the certification and security assurance of system topologies and complex data structures in such a way that one can prove security properties to verifiers, without disclosing sensitive information.

This research includes the creation of novel digital signature schemes on graph data structures, called graph signature schemes, especially in a form that makes the signed graph elements (vertices, edges, and labels) available to zero-knowledge proofs of knowledge.

The first proposal of such a graph signature scheme operated in a Strong RSA setting, encoded vertices, edges and labels as prime numbers, and offered proofs established via co-primality and divisibility. This work also showed that graph signature schemes were expressive enough to encode statements from arbitrary NP languages. This scheme is at the heart of the graph signature library (GSL) implemented and expanded upon in the EU projects PrismaCloud and CASCAde

In meantime, we have developed a new graph signature scheme based on a q-SDH setting that can encode arbitrary messages and overcomes the restrictions of a prime encoding. It is based on our MoniPoly commitment and attribute-based credential scheme.

I have a strong interest in evidence-based methods in security and privacy as well as sound empirical research methodology. I pursue this research agenda, for instance, in my engagement in the UK Research Institute in Sociotechnical Cyber Security (RISCS), in which I serve on the scientific advisory board.

This research includes reviewing the evidence present in the field, evaluating reporting fidelity, statistical reliability, and meta-analyses. This research also involves the analysis of the validity and reliability of instruments in human dimensions of security and privacy research, incl. for example the well-known privacy concern scale IUIPC.


In semester 2021/22, I will teach Cryptography as well as Information Security and Trust.

In general, I advise UG, MSc and PhD projects in a wide range of security and privacy topics.