Dr.-Ing. Peter Amthor

Curriculum Vitae:  pdf


Phone:+49 (0) 3677 69 4163
Room:Zusebau 3028
 PGP public key
(66F6 C884 6F47 C94E 0B1C 2DF2 7B0B 0E90 0032 964E)
a.k.a.:FG VSBS Staff 2 (in Open Timetable, most of the time ...)

Research Interests

Formal methods for design, analysis, specification, and implementation of secure IT systems. This includes:

  • secure software applications
  • operating systems access control
  • privacy protection mechanisms
  • threat countermeasures

My research focus is on integrating such methods into a software engineering process that explicitly focuses mission-critical non-functional requirements such as security, safety and reliability. For this reason I am always interested in collaborating with related research areas.


Regular Courses

Summer Terms:

  • Systems Security Seminar (German, International)
  • Security Engineering Course
  • Research Seminar/Hauptseminar/Proseminar

Winter Terms:

  • Advanced Operating Systems Lecture and Seminar (awarded department's Best Elective Lecture in winter 2017/18)
  • Research Seminar/Hauptseminar/Proseminar


  • Research Project (RCSE Program, on request)
  • Bachelor/Master Thesis (see also here)

Bachelor/Master Thesis Topics

In the scope of my research interests and ongoing projects, we can find a topic for a Bachelor or Master Thesis based on your personal preferences. Generally, this includes but is not limited to the following areas of interest:

  • Formal methods for security policy analysis (e.g. heuristic safety analysis, model checking, information flow analysis, ...)
  • Tool-based analysis of domain-specific security policies (e.g. OS, web services middleware, online social networks, ...)
  • Security policy specification and code generation
  • Analysis and implementation of OS security architectures (with a focus on SELinux)
  • Design and Implementation of Mobile OS Security Architectures (with a focus on Android)

It is also possible to discuss any individual ideas based on your personal interests. In any case, please contact me via Mail for further discussion.


  • 2022
  • Marius Schlegel, Peter Amthor. Putting the Pieces Together: Model-based Engineering Workflows for Attribute-based Access Control Policies. In Communications in Computer and Information Science, Revised Selected Papers from SECRYPT 2021, Springer International Publishing, 2021. (to appear)
  • 2021
  • Marius Schlegel, Peter Amthor. The Missing Piece of the ABAC Puzzle: A Modeling Scheme for Dynamic Analysis. In Proceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021, pages 234–246, 2021.
  • 2020
  • Marius Schlegel, Peter Amthor. Beyond Administration: A Modeling Scheme Supporting the Dynamic Analysis of Role-based Access Control Policies. In Proceedings of the 17th International Conference on Security and Cryptography, SECRYPT 2020, pages 431–442, 2020.
  • Peter Amthor, Marius Schlegel. Towards Language Support for Model-based Security Policy Engineering. In Proceedings of the 17th International Conference on Security and Cryptography, SECRYPT 2020, pages 513–521, 2020.
  • Peter Amthor, Martin Rabe. Command Dependencies in Heuristic Safety Analysis of Access Control Models. In Proceedings of the 12th International Symposium on Foundations & Practice of Security, FPS 2019, pages 207–224, 2020.
  • 2019
  • Peter Amthor, Daniel Fischer, Winfried E. Kühnhauser, Dirk Stelzer. Automated Cyber Threat Sensing and Responding: Integrating Threat Intelligence into Security-Policy-Controlled Systems. In Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES 2019, pages 86:1–86:10, 2019.
  • Felix Wiemuth, Peter Amthor, Winfried E. Kühnhauser. Static Termination Analysis for Event-driven Distributed Algorithms. In Proceedings of the 13th International Conference on Distributed and Event-based Systems, DEBS 2019, pages 151–162, 2019.
  • Peter Amthor. Aspect-oriented Security Engineering. Cuvillier Verlag, Göttingen, Germany, 2019. ISBN 978-3-7369-9980-0.
  • 2018
  • Peter Amthor. Modellierung und formale Analyse von Betriebssystem-Sicherheitspolitiken. Talk at the fall meeting of the German Computer Science Society (Gesellschaft für Informatik), October 2018. (slides)
  • Peter Amthor. An Aspect-oriented Approach to Model-based Security Engineering. PhD thesis, Technische Universität Ilmenau, Ilmenau, Germany, March 2018.
  • 2017
  • Peter Amthor. Efficient Heuristic Safety Analysis of Core-based Security Policies. In Proceedings of the 14th International Conference on Security and Cryptography, SECRYPT 2017, pages 384–392, 2017.
  • 2016
  • Peter Amthor and Winfried E. Kühnhauser. Privacy in sozialen Netzwerken: Eine Informationsflussanalyse. In Patrick Horster and Peter Schartner, editors, D·A·CH Security 2016, pages 224–240. syssec Verlag, 2016.
  • Peter Amthor. The Entity Labeling Pattern for Modeling Operating Systems Access Control. In S. Mohammad Obaidat and Pascal Lorenz, editors, E-Business and Telecommunications: 12th International Joint Conference, ICETE 2015, Colmar, France, July 20–22, 2015, Revised Selected Papers, pages 270–292. Springer International Publishing, Cham, 2016.
  • 2015
  • Peter Amthor and Winfried E. Kühnhauser. Security Policy Synthesis in Mobile Systems. In Proceedings of the IEEE SERVICES 2015 Visionary Track: Security and Privacy Engineering Theme, SPE '15, pages 189–197, Washington, DC, USA, 2015. IEEE Computer Society.
  • Peter Amthor. A Uniform Modeling Pattern for Operating Systems Access Control Policies with an Application to SELinux. In Proceedings of the 12th International Conference on Security and Cryptography, SECRYPT 2015, pages 88–99, 2015.
  • 2014
  • Peter Amthor, Winfried E. Kühnhauser, and Anja Pölck. WorSE: A Workbench for Model-based Security Engineering. Computers & Security, 42(0):40–55, 2014. (doi:10.1016/j.cose.2014.01.002)
  • 2013
  • Peter Amthor, Winfried E. Kühnhauser, and Anja Pölck. Heuristic Safety Analysis of Access Control Models. In Proceedings of the 18th ACM symposium on Access control models and technologies, SACMAT '13, pages 137–148, New York, NY, USA, 2013. ACM. (doi:10.1145/2462410.2462413)
  • Peter Amthor and Winfried E. Kühnhauser. Leichtgewichtige Sicherheitsdomänen für spontane Kooperationen. In Patrick Horster and Peter Schartner, editors, D·A·CH Security 2013, pages 260–274. syssec Verlag, 2013.
  • 2011
  • Peter Amthor, Winfried E. Kühnhauser, and Anja Pölck. Model-based Safety Analysis of SELinux Security Policies. In P. Samarati, S. Foresti, J. Hu, and G. Livraga, editors, Proceedings of the 5th International Conference on Network and System Security, pages 208–215. IEEE, 2011.
  • 2010 (and before)
  • Peter Amthor. Modellbasierte Analyse von SELinux-Sicherheitspolitiken. Diplomarbeit (Master Thesis), Technische Universität Ilmenau, Dezember 2010.
  • Peter Amthor, Anja Fischer, and Winfried E. Kühnhauser. Analyse von Zugriffssteuerungssystemen. In Patrick Horster and Peter Schartner, editors, D·A·CH Security 2009, pages 49–61. syssec Verlag, 2009.
  • Peter Amthor. Generierung von Informationsflussgraphen aus HRU-Modellen. Technical Report, Technische Universität Ilmenau, October 2008.