Dr.-Ing. Peter Amthor
Formal methods for design, analysis, specification, and implementation of secure IT systems. This includes:
- secure software applications
- operating systems access control
- privacy protection mechanisms
- threat countermeasures
My research focus is on integrating such methods into a software engineering process that explicitly focuses mission-critical non-functional requirements such as security, safety and reliability. For this reason I am always interested in collaborating with related research areas.
- Systems Security Course (International)
- Seminars (Research Seminar/Hauptseminar/Proseminar)
- Advanced Operating Systems Course (awarded department's Best Elective Lecture in winter 2017/18)
- Seminars (Research Seminar/Hauptseminar/Proseminar)
RCSE Research Project(temporarily unavailable)
- Bachelor/Master Thesis (see also here)
Topics: In the scope of my research interests and ongoing projects, we can find a topic for a Bachelor or Master Thesis based on your personal preferences. Generally, this includes but is not limited to the following areas of interest:
- Trustworthy and error-free enforcement of security policies (e.g. OS, local and distributed applications, middleware, ...)
- Specification language for attribute-based access control policies (a.k.a. DynaMo)
- Tool-assisted security policy implementation/code generation
- Formal methods for security policy analysis (e.g. heuristic safety analysis, model checking, information flow analysis, ...)
- Specification and design of OS security architectures (with a focus on OSs, e.g. SELinux, SEAndroid, Redox, …)
- Design and prototypical implementation of threat-reactive security architectures
- Theoretical foundations and prototypical application of multi-tenant security policies and metapolicies for their composition
It is also possible to discuss any individual ideas based on your personal interests. In either case, please contact me via Mail for further discussion.
Prerequisites: Since most of my topics require a solid understandig of security concepts, previous attendance of the Systems Security course or a similar introduction into technical IT security is mandatory. For more practical topics, an implementation in Rust is likely to be required. Moreover, most of the following, fundamental CS skills and knowledge is assumed:
- Discrete mathematics: logic, set theory, graph theory, abstract algebra, automata theory & formal languages
- Operating systems basic concepts, mechanisms and architectures
- Networking fundamentals
- Software engineering practices and tools
- Research skills in searching, evaluating and using scientific literature
- Writing a thesis in LaTeX
- Peter Amthor, Ulf Döring, Daniel Fischer, Jonas Genath, Gunther Kreuzberger. Erfahrungen bei der Integration des Autograding-Systems CodeOcean in die universitäre Programmierausbildung. In Proceedings of the Sixth Workshop "Automatische Bewertung von Programmieraufgaben", ABP 2023, 2021. To appear.
- Peter Amthor. Language-Support for Correct and Reliable Enforcement of Access Control Policies. Talk at the Operating Systems SIG (FGBS) fall meeting of the German Computer Science Society (GI), Bamberg, Germany, September 2018. [abstract:pdf]
- Marius Schlegel, Peter Amthor. Putting the Pieces Together: Model-based Engineering Workflows for Attribute-based Access Control Policies. In Communications in Computer and Information Science (CCIS) 1795, E-Business and Telecommunications, pages 249–280. Springer Nature Switzerland, Cham, 2023. [doi]
- Marius Schlegel, Peter Amthor. The Missing Piece of the ABAC Puzzle: A Modeling Scheme for Dynamic Analysis. In Proceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021, pages 234–246, 2021. [doi]
- Marius Schlegel, Peter Amthor. Beyond Administration: A Modeling Scheme Supporting the Dynamic Analysis of Role-based Access Control Policies. In Proceedings of the 17th International Conference on Security and Cryptography, SECRYPT 2020, pages 431–442, 2020. [doi]
- Peter Amthor, Marius Schlegel. Towards Language Support for Model-based Security Policy Engineering. In Proceedings of the 17th International Conference on Security and Cryptography, SECRYPT 2020, pages 513–521, 2020. [doi]
- Peter Amthor, Martin Rabe. Command Dependencies in Heuristic Safety Analysis of Access Control Models. In Proceedings of the 12th International Symposium on Foundations & Practice of Security, FPS 2019, pages 207–224, 2020. [doi] [aam:pdf]
- Peter Amthor, Daniel Fischer, Winfried E. Kühnhauser, Dirk Stelzer. Automated Cyber Threat Sensing and Responding: Integrating Threat Intelligence into Security-Policy-Controlled Systems. In Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES 2019, pages 86:1–86:10, 2019. [doi] [slides:pdf]
- Felix Wiemuth, Peter Amthor, Winfried E. Kühnhauser. Static Termination Analysis for Event-driven Distributed Algorithms. In Proceedings of the 13th International Conference on Distributed and Event-based Systems, DEBS 2019, pages 151–162, 2019. [doi]
- Peter Amthor. Aspect-oriented Security Engineering. Cuvillier Verlag, Göttingen, Germany, 2019. ISBN 978-3-7369-9980-0. [pub]
- Peter Amthor. Modellierung und formale Analyse von Betriebssystem-Sicherheitspolitiken. Talk at the Operating Systems SIG (FGBS) fall meeting of the German Computer Science Society (GI), Coburg, Germany, October 2018. [abstract:pdf] [slides:pdf]
- Peter Amthor. An Aspect-oriented Approach to Model-based Security Engineering. PhD thesis, Technische Universität Ilmenau, Ilmenau, Germany, March 2018.
- Peter Amthor. Efficient Heuristic Safety Analysis of Core-based Security Policies. In Proceedings of the 14th International Conference on Security and Cryptography, SECRYPT 2017, pages 384–392, 2017. [doi]
- Peter Amthor and Winfried E. Kühnhauser. Privacy in sozialen Netzwerken: Eine Informationsflussanalyse. In Patrick Horster and Peter Schartner, editors, D·A·CH Security 2016, pages 224–240. syssec Verlag, 2016. [pdf]
- Peter Amthor. The Entity Labeling Pattern for Modeling Operating Systems Access Control. In S. Mohammad Obaidat and Pascal Lorenz, editors, E-Business and Telecommunications, pages 270–292. Springer International Publishing, Cham, 2016. [doi]
- Peter Amthor and Winfried E. Kühnhauser. Security Policy Synthesis in Mobile Systems. In Proceedings of the IEEE SERVICES 2015 Visionary Track: Security and Privacy Engineering Theme, SPE '15, pages 189–197, Washington, DC, USA, 2015. IEEE Computer Society. [doi]
- Peter Amthor. A Uniform Modeling Pattern for Operating Systems Access Control Policies with an Application to SELinux. In Proceedings of the 12th International Conference on Security and Cryptography, SECRYPT 2015, pages 88–99, 2015. [doi]
- Peter Amthor, Winfried E. Kühnhauser, and Anja Pölck. WorSE: A Workbench for Model-based Security Engineering. Elsevier Computers & Security, 42(0):40–55, 2014. [doi]
- Heuristic Safety Analysis of Access Control Models. In Proceedings of the 18th ACM symposium on Access control models and technologies, SACMAT '13, pages 137–148, New York, NY, USA, 2013. ACM. [doi]
- Peter Amthor and Winfried E. Kühnhauser. Leichtgewichtige Sicherheitsdomänen für spontane Kooperationen. In Patrick Horster and Peter Schartner, editors, D·A·CH Security 2013, pages 260–274. syssec Verlag, 2013. [pdf]
- Peter Amthor, Winfried E. Kühnhauser, and Anja Pölck. Model-based Safety Analysis of SELinux Security Policies. In P. Samarati, S. Foresti, J. Hu, and G. Livraga, editors, Proceedings of the 5th International Conference on Network and System Security, NSS ’11 pages 208–215. IEEE, 2011.
- 2010 (and before)
- Peter Amthor. Modellbasierte Analyse von SELinux-Sicherheitspolitiken. Diplomarbeit (Master's Thesis), Technische Universität Ilmenau, December 2010.
- Peter Amthor, Anja Fischer, and Winfried E. Kühnhauser. Analyse von Zugriffssteuerungssystemen. In Patrick Horster and Peter Schartner, editors, D·A·CH Security 2009, pages 49–61. syssec Verlag, 2009. [pdf]
- Peter Amthor. Generierung von Informationsflussgraphen aus HRU-Modellen. Technical Report, Technische Universität Ilmenau, October 2008.