Refine
H-BRS Bibliography
- no (687) (remove)
Departments, institutes and facilities
Document Type
- Conference Object (687) (remove)
Year of publication
The access to electricity and water in rural areas in Côte d’Ivoire as well as in large parts of Africa is limited. According to Ivorian government sources, the national coverage rate of drinkable water and electricity was about 80% in 2020, whereas there are differences between rural and urban regions. The coverages are lower in rural areas that are situated far from the governmental infrastructures. The poor supply of electricity also hinders education, since petroleum lamps are often the only source of light for learning after sunset. Besides, increasing demand for electricity is predicted in Côte d’Ivoire due to economic growth. The economic power is also affected by the poor supply of electricity, so only a limited production of goods is possible. A further big concern in Côte d’Ivoire is the employability of graduate students, as the educational system has a strong theoretic character, not yet taking enough into account practice orientation. Scientific public universities in Côte d'Ivoire often offer only subjects such as mathematics, physics, or chemistry but hardly any engineering.
The paper investigates the nature of Kenya's entrepreneurship education ecosystem (EEE) through a comparative analysis of three entrepreneurship education programs and an examination of how the institutions foster a favourable entrepreneurial environment. This study looks at the entrepreneurship education ecosystem through the lens of universities, NGO's and private institutes in Kenya.
A systemic analysis of EEE is provided by utilizing the Actiotope Model as a conceptual framework. The exploratory research adopts a pragmatic mixed-method methodological approach best suited to understand the research problem.
The results reveal that entrepreneurship education at higher education institutions was primarily theoretical and relied on traditional forms of entrepreneurship education. Recurring rigid patterns show minimal personalization of content and learning styles within the University, with more personalization reported in the Mully Model of education and the more specialized entrepreneurship program of the Identity Projects.
The adaptation of the Actiotope Model provided a new and unique approach to analyzing entrepreneurship ecosystems. The person-centred approach of the model provides valuable insights to learners and to entrepreneurship education institutions and researchers.
Enhanced collaboration between the different entrepreneurial education stakeholders could be a more effective short to medium-term solution to addressing the gaps in entrepreneurial education at tertiary institutions.
In the long term, the study recommends adopting practical-based and goal-oriented entrepreneurship teaching models.
Social businesses have a great positive impact on communities and are a sustainable way to do business today and in the future. This impact can be amplified through the means of digitalization. In the past, traditional for-profit business models have been used to understand the structures of business operations. However, the underlying business model of digital social businesses has not yet been explored. This study presents a building block analysis of business models and a subsequent typology. Digital and social business models are identified via a literature review. The building block analysis encompasses an assessment of the individual business activities contained in the business models. The typology is developed from existing literature utilizing a matrix for the evaluation of digital social businesses. Additionally, five semi-structured expert interviews are conducted to inform, extend, or content the findings of this study. To this end, an inductive coding procedure is applied to the transcribed interviews for the detection of themes within the text. This study contributes to social business model research by providing a first insight into the unique building blocks of digital social business models. It also creates a typology tool based on two parameters, which enables the comparison of digital social businesses.
Mobile technologies have evolved into the means of gaining access to information for learning. Its application in higher education is still a novel concept, particularly in underdeveloped countries. This study is aimed at exploring the views of doctoral students regarding their learning experiences with mobile technologies. Student focus group interviews of 24 doctoral students from 3 different academic institutions were interviewed. The participants’ responses were recorded, transcribed, and analyzed to make conclusions. According to the findings of this study, mobile devices play an important part in the learning experiences of doctoral students. The participating students engaged in collaborative learning using mobile technologies. Given the benefits of adopting mobile technologies for learning activities, academic institutions should focus on teaching faculty members to use this to involve students in their learning process. The implications of this study call for the continued advancement of mobile technologies to facilitate effective learning experience for the multitude of mobile learners in developing countries. Another implication is that academic institutions with collaboration with libraries should see the need to develop user friendly mobile app that is linked to the library management system. Such an application would allow the students to optimally use their smartphones and tablets to search the library’s resources from their mobile devices. Training should be offered to the teaching faculty members to come to terms with the benefits of mobile technologies for learning activities.
The differentiation of the higher education sector in Ethiopia has created a new sector of Higher Education Institutions: Universities of Applied Sciences (UAS). Its focus is on educating academically trained experts for regional industries. Close cooperation between industries and UAS is set as a key requirement. However, Ethiopian industries in many regions are not developed enough that those could be considered as active partners for UASs and able to accommodate interns or to provide expert teachers to UAS classes. European UAS structures serve as benchmarks for the Ethiopian Ministry of Education (MoE). Therefore, UAS curricula of study programmes in building-construction, electro-engineering and economic/business/tourism from different European countries build a common ground for Ethiopian UASs. But, due to the lack of industries in the regions, Ethiopian UAS are not able to mirror the European counterparts, where study programmes at bachelor level comprise 70 credits out or 210 credits as practical works, internships and bachelor thesis. - The question is, how can Ethiopian UASs in the absence of companies offer practice-oriented education in their study programmes? This paper refers to the ongoing research, on how to integrate UAS (academic and non-academic) departments at UAS campuses to create internship placements for students in the absence of internship placements in the private sector. Kotebe University of Education (KUE) - as one of the newly founded UAS in Ethiopia - has agreed to act as subject of this try-out.
Rapid and sustained innovation in developed markets triggers the generation of innovative start-ups, some with disruptive innovations. However, when their offering faces a saturated market with satisfactory and widely available established traditional solutions, many innovative start-ups from these markets may fail. The literature on some start-ups that successfully brought their innovation to emerging markets shows how using leapfrogging traditional solutions to innovative solutions can offer survival and growth opportunities to these start-ups. However, a wide exploitation of leapfrogging processes in emerging markets for survival or business growth of innovative start-ups from developed markets is not yet theorized. To contribute to closing this gap, we propose a conceptual framework to assess the readiness of an emerging market to leapfrog to innovative solutions.
The design of the conceptual framework uses a scenario-planning like approach with two key factors, namely Context Readiness and Value Network Integration. To test and refine the proposed framework and show its relevance for coming to an informed expansion decision making, we used PAR (Participatory Action Research). For the illustration of the application of the proposed conceptual framework, the case of telehealth in Morocco is used.
Tourism in Rwanda is challenging. Since the country is small and hilly, it is difficult to tap the potential. As the country is blessed with diverse nature, the Rwandan government decided to combine ecotourism with high-end tourism, to exploit the full potential. This study aims to assess the extent to which these two types of tourism fit together, as well as if sustainability is a decisive argument in this upscale segment. In this context, ecotourism is characterized by its 3 core criteria: education, nature and sustainability. To evaluate the main question: to what extent can ecotourism projects help to promote the perception of Rwanda as a high-end tourist destination on the German market? As well as if sustainability is a decisive argument, interviews with stakeholder from the Rwandan tourism industry as well as German tour operators were conducted, to gain an understanding of both sites and then evaluate them according to the 3 ecotourism core criteria and the demands of high-end tourists. The results showed that there is a difference in the perception of the needs of high-end tourists. While the 3 core criteria seem to be too relevant while they are in booking decision with the tour operator. The high-end lodges in Rwanda state an interest in these three criteria. It is evident from the results that there is a limited active demand for sustainable tourist products, while nature and education are more relevant, but not yet fully exploited. However, all interviewees indicated that ecotourism, and in particular sustainability, is experiencing an increase in demand and will continue to grow in importance in the future. Accordingly, the results suggest the driving markets approach is relevant to further drive demand in that segment.
As a developing economy, Rwanda has been exploring transitioning to being a technologically driven and sustainable economy. Moreover, research on economic growth have focused on the need to improve human capacity potential within increasing demands of climate change activists but there remains a theoretic and practical lacuna in including renewable energy resources in economic growth and expansion of electricity access. Therefore, it is necessary to study the impact of competent skill acquisition and graduate employment market on the interaction mix between economic growth and the expansion of energy access in Rwanda, particularly finding out the problems advancing the non-inclusiveness of engineering graduates, which result to high rate of unemployment and diversions, especially for the graduates specializing in energy fields. As a result, the following open questions were raised with variations 1; how did employees penetrate energy-sector labour market opportunity in Rwanda? 2; what influenced employee’s decision in pursuing a career in Rwanda’s labour market, 3; what were the specific employee competent skills that enabled smooth transition in energy-sector employment after graduation and the ones required to maintain their current positions? 4; what specific competent skills are required for inclusivity of today's engineering graduates in energy sector employment market? The study is qualitative and it uses the exploratory research design. It is based on the growth pole theory employing snowball/chain purposeful sampling technique, whereby key informants in Rwanda energy sector were located. Data was specifically collected from these primary sources through semi-structured interviews and documentary method. Interview data and text from documents were inductively analysed. The study generally recommended institution or program for connecting learning institutions, industry and employment market in the distributed and renewable energy resources to promote competent skills acquisition, competition and improve graduates’ inclusiveness in the expansion of electricity access, thereby leading to economic growth in Rwanda.
While 14 % of the world's working-age population currently lives in sub-Saharan Africa (SSA), this figure will predictably be higher than the rest of the world combined by 2036. If this demographic group finds meaningful employment, Africa experiences an economic and social upswing. To tap this potential, the paper intends to answer the research question, "What are the prerequisites and how are they defined for the successful implementation of sustainable business model ideas in SSA?", by developing a top ten ranking consisting of previously identified sustainable business model ideas best suited for productive use. This achieves a novel approach to implementing future-oriented business models and contributes to current research on sustainable models. Since the geographical scope of SSA is pervasive, this paper focuses on Namibia, Rwanda, Senegal, and Uganda. An extensive literature review on these countries was conducted to gain a broader understanding of the situation in SSA. Additionally, research was carried out on the agricultural, energy, and information and communications technology (ICT) sectors to identify the most promising ideas. To contribute to current knowledge, experts were interviewed, and panel discussions were analyzed. Furthermore, the Business Model Canvas (BMC) was combined with the circular economy concept, which served as a framework for the business model ideas. Experts evaluated these ideas, which were subsequently ranked using fuzzy logic with artificial intelligence, based on the system for exploring country risks (CRISK-Explorer). The paper shows that skipping individual development processes opens up promising opportunities, such as the ICT-based business model e-crowd logistics or the renewable energy-based model e-Boda-Boda. Seven prerequisites for the successful implementation of these ideas were identified and defined: value delivery, promising customers, sufficient capital, presence of key resources, possibility to perform the key activities, sustainability, and profitability. The paper concludes by identifying limitations and suggesting avenues for future research.
Channels of distribution are important factors in the connection between goods and services produced for the final consumer and, therefore, determine the effectiveness with which they are delivered and ultimately availed to the final consumers. Globally, studies show that channels of distribution and sales play an essential role in building bonds between manufacturers, retailers, wholesalers and their consumers. The main purpose of this study is to examine the influence of distribution channels and networks on customer choice of fast-moving consumer goods (FCMG) in the Upper East Region of Ghana. The study adopted a quantitative approach and questionnaires were used to collect primary data from 110 customers of Unilever Ghana Limited in the Upper East Region of Ghana. The findings reveal that product-related factors, such as the price of products, perishability of products, size and weight of products, promote the effective distribution of Unilever goods and services, whilst consumer-related factors, such as the number of customers and increased consumer base, promote effective distribution channels. The study also established a positive influence of factors, such as incentives, receiving feedback and sales performance, on customer choice of fast-moving consumer goods (FMCG). Managers and producers in the FMCGs industry should implement reward and incentive programmes and policies to boost the sale and distribution of fast-moving consumer goods and services in the retail industry in Ghana.
Entrepreneurship is labelled as the panacea for graduate unemployment in Ghana. In the training process, students are mandatorily required to read a course in entrepreneurship, so as to be able to start their own businesses in the face of job adversities caused by the inadequacy of job opportunities created by government and lack of government drive to diversify the economy for more jobs to be created. This study, therefore aimed at investigating the critical precursors of entrepreneurial intentions among higher education students in Ghana. Using the analytical cross-sectional survey design, 250 respondents were recruited from public universities using probability sampling techniques (stratified-disproportionate and simple random) to participate in the survey. Respondents were required to respond to three constructs (entrepreneurial scaffolding, psychological capital, and entrepreneurial intentions). The data analyses were performed using multivariate regression. The study findings showed that entrepreneurial scaffolding and psychological capital were significant predictors of entrepreneurial intentions. The researchers concluded that students' convictions in succeeding or otherwise and planning to engage in entrepreneurial behaviours depended on proper entrepreneurial guidance and a positive mind-set. Therefore, it was recommended that higher education institutions in Ghana strengthened and included practical guides to entrepreneurial training. This will encourage higher education students to consider entrepreneurship, hence, reducing graduate unemployment in Ghana.
The dawn of the 21st Century has witnessed a tremendous increase in trade pacts among nations, resulting in renewed hopes for sustainable enterprise development in emerging economies worldwide. Ghana and other sub- Saharan African (SSA) countries have signed onto several North-South and South-South free trade agreements with the hope of strengthening their presence in the international trade arena, and to promote economic growth in SSA. For over two decades, however, very little has changed, and many have dashed their high hopes as enterprises continue to struggle in SSA. Not even the African Continental Free Trade Agreement (AfCFTA) could renew the hopes of sceptics. Several studies opined that enterprises in SSA could improve their domestic and international competitiveness by establishing mutually beneficial partnerships with their counterparts from the Global North and South. This study delved into the issues that affect North-South and South-South business collaborations and recommends key success factors that could help promote mutually beneficial cross-border business partnerships. The research includes both literature and empirical information on the key success factors of business partnerships between African enterprises as well as between African enterprises and firms from the Global North. We approached the study qualitatively using a phenomenological research design. Research participants included important stakeholders in Africa and Europe's international trade and sustainable enterprise development ecosystem. The study identified several challenges with the current business collaborations and recommended new ways of making such partnerships more beneficial.
Towards an Interaction-Centered and Dynamically Constructed Episodic Memory for Social Robots
(2020)
Towards self-explaining social robots. Verbal explanation strategies for a needs-based architecture
(2019)
In order to establish long-term relationships with users, social companion robots and their behaviors need to be comprehensible. Purely reactive behavior such as answering questions or following commands can be readily interpreted by users. However, the robot's proactive behaviors, included in order to increase liveliness and improve the user experience, often raise a need for explanation. In this paper, we provide a concept to produce accessible “why-explanations” for the goal-directed behavior an autonomous, lively robot might produce. To this end we present an architecture that provides reasons for behaviors in terms of comprehensible needs and strategies of the robot, and we propose a model for generating different kinds of explanations.
Towards explaining deep learning networks to distinguish facial expressions of pain and emotions
(2018)
Deep learning networks are successfully used for object and face recognition in images and videos. In order to be able to apply such networks in practice, for example in hospitals as a pain recognition tool, the current procedures are only suitable to a limited extent. The advantage of deep learning methods is that they can learn complex non-linear relationships between raw data and target classes without limiting themselves to a set of hand-crafted features provided by humans. However, the disadvantage is that due to the complexity of these networks, it is not possible to interpret the knowledge that is stored inside the network. It is a black-box learning procedure. Explainable Artificial Intelligence (AI) approaches mitigate this problem by extracting explanations for decisions and representing them in a human-interpretable form. The aim of this paper is to investigate the explainable AI method Layer-wise Relevance Propagation (LRP) and apply it to explain how a deep learning network distinguishes facial expressions of pain from facial expressions of emotions such as happiness and disgust.
This paper describes a dynamic, model-based approach for estimating intensities of 22 out of 44 different basic facial muscle movements. These movements are defined as Action Units (AU) in the Facial Action Coding System (FACS) [1]. The maximum facial shape deformations that can be caused by the 22 AUs are represented as vectors in an anatomically based, deformable, point-based face model. The amount of deformation along these vectors represent the AU intensities, and its valid range is [0, 1]. An Extended Kalman Filter (EKF) with state constraints is used to estimate the AU intensities. The focus of this paper is on the modeling of constraints in order to impose the anatomically valid AU intensity range of [0, 1]. Two process models are considered, namely constant velocity and driven mass-spring-damper. The results show the temporal smoothing and disambiguation effect of the constrained EKF approach, when compared to the frame-by-frame model fitting approach ‘Regularized Landmark Mean-Shift (RLMS)’ [2]. This effect led to more than 35% increase in performance on a database of posed facial expressions.
A method for minimum range extension with improved accuracy in triangulation laser range finder
(2011)
Zumutbarkeit von Arbeit
(1994)
Mechanical properties and microstructure of heavy aluminum bonding wires for power applications
(2009)
Hinreichende Datensouveränität gestaltet sich für Verbraucher:innen in der Praxis als äußerst schwierig. Die Europäische Datenschutzgrundverordnung garantiert umfassende Betroffenenrechte, die von verwantwortlichen Stellen durch technisch-organisatorische Maßnahmen umzusetzen sind. Traditionelle Vorgehensweisen wie die Bereitstellung länglicher Datenschutzerklärungen oder der ohne weitere Hilfestellungen angebotene Download von personenbezogenen Rohdaten werden dem Anspruch der informationellen Selbstbestimmung nicht gerecht. Die im Folgenden aufgezeigten neuen technischen Ansätze insbesondere KI-basierter Transparenz- und Auskunftsmodalitäten zeigen die Praktikabilität wirksamer und vielseitiger Mechanismen. Hierzu werden die relevanten Transparenzangaben teilautomatisiert extrahiert, maschinenlesbar repräsentiert und anschließend über diverse Kanäle wie virtuelle Assistenten oder die Anreicherung von Suchergebnissen ausgespielt. Ergänzt werden außerdem automatisierte und leicht zugängliche Methoden für Auskunftsersuchen und deren Aufbereitung nach Art. 15 DSGVO. Abschließend werden konkrete Regulierungsimplikationen diskutiert.
Künstliche Intelligenz im autonomen Fahrzeug verarbeitet enorme Mengen an Daten. Beim Betrieb eines solchen Fahrzeugs basiert jede Bewegung auf einer datenbasierten, automatisierten und adaptiven Entscheidungsfindung. Aber auch, um Regeln zur Erkennung und Entscheidung in komplexen Situationen wie den hochindividuellen Verkehrsszenarien entwickeln zu können (KI-Training), sind bereits beachtliche Datenmengen von Fahrzeugen im Realverkehr erforderlich – zum Beispiel Videosequenzen aus Kamerafahrten. Für das Training Künstlicher Intelligenz ist es aus Sicht der Fahrzeugentwicklung attraktiv, auf den Datenschatz zuzugreifen, den die Gesamtheit der Fahrzeuge im realen Anwendungskontext erzeugen kann. Als Nutzer:innen und Insassen sind Verbraucher:innen so Teil einer groß angelegten Testdatenerhebung durch Fahrzeughersteller und Anbieter. Das wirft Datenschutzfragen auf. Ziel des vorliegenden Beitrags ist es herauszuarbeiten, inwiefern sich hierdurch Implikationen für die Rechte und Freiheiten von Verbraucher:innen ergeben und welche Mechanismen das geltende Recht sowie aktuelle legislative Entwicklungen bereithalten, den „Datenhunger“ der KI mit den Interessen an Datensouveränität und informationeller Selbstbestimmung in Einklang und Ausgleich zu bringen. Im Fokus steht dabei insbesondere, wie Anforderungen schon im Produktdesign „mitgedacht“ werden und damit für Verbraucher:innen rechts- und vertrauensfördernd wirken können.
Datenschutz und informationelle Selbstbestimmung sind Bestandteile aktueller Leitbilder einer Digitalen Bildung in der Schule. Im Kontext der Schulschließungen und der vorrangigen Nutzung digitaler Medien zeigte sich jedoch, dass Datenschutz weder als Thema noch als Gestaltungsprinzip digitaler Lernumgebungen in der bildungsadministrativen und pädagogisch-praktischen Schulwirklichkeit systematisch verankert ist. Die Diskrepanz zwischen aktuellen Leitbildern einer digitalen Bildung und der sichtbar problematischen Praxis des digitalen Notfalldistanzunterrichts markiert den Ausgangspunkt des Beitrages, der sich der übergeordneten Frage widmet, welche Herausforderungen sich bei der Realisierung von Datenschutz in der Schul- und Unterrichtswirklichkeit in einer digital geprägten Welt stellen. Im Sinne einer Problemfeldanalyse werden prototypische Handlungsprobleme der Schule herausgearbeitet. Fokussiert betrachtet werden exemplarische Herausforderungen und Anforderungen an Technologien und Akteur:innen der inneren und äußeren Schulentwicklung auf den Ebenen der Unterrichtsentwicklung, der Personalentwicklung, der Technologieentwicklung und der Organisationsentwicklung.
Sprachassistenten wie Alexa oder Google Assistant sind aus dem Alltag vieler VerbraucherInnen nicht mehr wegzudenken. Sie überzeugen insbesondere durch die sprachbasierte und somit freihändige Steuerung und mitunter auch den unterhaltsamen Charakter. Als häuslicher Lebensmittelpunkt sind die häufigsten Aufstellungsorte das Wohnzimmer und die Küche, da sich Haushaltsmitglieder dort die meiste Zeit aufhalten und das alltägliche Leben abspielt. Dies bedeutet allerdings ebenso, dass an diesen Orten potenziell viele Daten erfasst und gesammelt werden können, die nicht für den Sprachassistenten bestimmt sind. Demzufolge ist nicht auszuschließen, dass der Sprachassistent – wenn auch versehentlich – durch Gespräche oder Geräusche aktiviert wird und Aufnahmen speichert, selbst wenn eine Aktivierung unbewusst von Anwesenden bzw. von anderen Geräten (z. B. Fernseher) erfolgt oder aus anderen Räumen kommt. Im Rahmen eines Forschungsprojekts haben wir dazu NutzerInnen über Ihre Nutzungs- und Aufstellungspraktiken der Sprachassistenten befragt und zudem einen Prototyp getestet, der die gespeicherten Interaktionen mit dem Sprachassistenten sichtbar macht. Dieser Beitrag präsentiert basierend auf den Erkenntnissen aus den Interviews und abgeleiteten Leitfäden aus den darauffolgenden Nutzungstests des Prototyps eine Anwendung zur Beantragung und Visualisierung der Interaktionsdaten mit dem Sprachassistenten. Diese ermöglicht es, Interaktionen und die damit zusammenhängende Situation darzustellen, indem sie zu jeder Interaktion die Zeit, das verwendete Gerät sowie den Befehl wiedergibt und unerwartete Verhaltensweisen wie die versehentliche oder falsche Aktivierung sichtbar macht. Dadurch möchten wir VerbraucherInnen für die Fehleranfälligkeit dieser Geräte sensibilisieren und einen selbstbestimmteren und sichereren Umgang ermöglichen.
Most people use disaster apps infrequently, primarily only in situations of turmoil, when they are physically or emotionally vulnerable. Personal data may be necessary to help them, data protections may be waived. In some circumstances, free movement and liberties may be curtailed for public protection, as was seen in the current COVID pandemic. Consuming and producing disaster data can deepen problems arising at the confluence of surveillance and disaster capitalism, where data has become a tool for solutionist instrumentarian power (Zuboff 2019, Klein 2008) and part of a destructive mode of one world worlding (Law 2015, Escobar 2020). The special use of disaster apps prompts us to ask what role consumer protection could play in safeguarding democratic liberties. Within this work, a set of current approaches are briefly reviewed and two case studies are presented of what we call appropriation or design against datafication. These combine document analysis and literature research with several months of online and field ethnographic observation. The first case study examines disaster app use in response to the 2010 Haiti earthquake, the second explores COVID Contact Tracing in Taiwan in 2020/21. Against this backdrop we ask, ‘how could and how should consumer protection respond to problems of surveillance disaster capitalism?’ Drawing on our work with the is IT ethical? Exchange, a co-designed community platform and knowledge exchange for disaster information sharing, and a Societal Readiness Assessment Framework that we are developing alongside it, we explore how co-design methodologies could help define answers.
Unsere interdisziplinäre Forschungsarbeit „Die Gestaltung wirksamer Bildsymbole für Verarbeitungszwecke und ihre Folgen für Betroffene“ („Designing Effective Privacy Icons through an Interdisciplinary Research Methodology“) baut auf dem „Data Protection by Design“-Ansatz (Art. 25(1) DSGVO) auf und zielt auf folgende Forschungsfragen ab: Wie müssen das Transparenzprinzip (Art. 5(1)(a) DSGVO) und die Informationspflichten (Art. 12-14 DSGVO) insbesondere im Hinblick auf die Festlegung der Verarbeitungszwecke (Art. 5(1)(b) DSGVO) umgesetzt werden, damit sie die Nutzer:innen effektiv vor Risiken der Datenverarbeitung schützen? Mit welchen Methoden lässt sich die Wirksamkeit der Umsetzung ermitteln und diese auch durchsetzen?1 Im vorliegenden Projekt erweitern wir juristische Methoden um solche aus der HCI-Forschung (Human Computer Interaction) und der Visuellen Gestaltung. In einer ersten Phase haben wir mit empirischen Methoden der HCI-Forschung untersucht, welche Datennutzungstypen Nutzer:innen technologieübergreifend als relevant empfinden. Diese Erkenntnisse können als Ausgangspunkt für eine neue Zweckbestimmung dienen, die bestimmte Datennutzungstypen deutlicher ein- oder ausschließt. Erste Umformulierungen von Zweckbestimmungen haben wir in zwei Praxisworkshops mit Verantwortlichen der Datenverarbeitung getestet. In einer darauffolgenden qualitativen Studie untersuchten wir dann die Einstellungen und Erwartungen von Internetnutzerinnen und -nutzern am Beispiel der Personalisierung von Internetinhalten, um die entsprechenden Zwecke anhand eines konkreten Beispiels, in unserem Fall der personalisierten Werbung, neu zu formulieren. Auf dieser Basis haben wir nun die zweite Forschungsphase begonnen, in der wir Designs für Datenschutzhinweise und Kontrollmöglichkeiten unter besonderer Berücksichtigung des Verarbeitungszwecks entwickeln. Da der Einsatz von Cookies eine wichtige Rolle bei der Personalisierung von Werbung spielt, ist eine zentrale Aufgaben die Neugestaltung des sogenannten „Cookie-Banners“.
In Fortführung zu den drei erfolgreichen „Usable Security und Privacy“ Workshops der letzten drei Jahre, sollen in einem vierten ganztätigen wissenschaftlichen Workshop auf der diesjährigen Mensch und Computer sechs bis acht Arbeiten auf dem Gebiet Usable Security and Privacy vorgestellt und diskutiert werden. Vorgesehen sind Beiträge aus Forschung und Praxis, die neue nutzerzentrierte Ansätze aber auch praxisrelevante Lösungen zur nutzerzentrierten Entwicklung und Ausgestaltung von digitalen Schutzmechanismen thematisieren. Mit dem Workshop soll das etablierte Forum weiterentwickelt werden, in dem sich Experten aus unterschiedlichen Domänen, z. B. dem Usability-Engineering und Security-Engineering, transdisziplinär austauschen können. Der Workshop wird von den Organisatoren als klassischer wissenschaftlicher Workshop ausgestaltet. Ein Programmkomitee bewertet die Einreichungen und wählt daraus die zur Präsentation akzeptierten Beiträge aus. Diese werden zudem im Poster- und Workshopband der Mensch und Computer 2018 veröffentlicht.
Recent years have seen extensive adoption of domain generation algorithms (DGA) by modern botnets. The main goal is to generate a large number of domain names and then use a small subset for actual C&C communication. This makes DGAs very compelling for botmasters to harden the infrastructure of their botnets and make it resilient to blacklisting and attacks such as takedown efforts. While early DGAs were used as a backup communication mechanism, several new botnets use them as their primary communication method, making it extremely important to study DGAs in detail.
In this paper, we perform a comprehensive measurement study of the DGA landscape by analyzing 43 DGAbased malware families and variants. We also present a taxonomy for DGAs and use it to characterize and compare the properties of the studied families. By reimplementing the algorithms, we pre-compute all possible domains they generate, covering the majority of known and active DGAs. Then, we study the registration status of over 18 million DGA domains and show that corresponding malware families and related campaigns can be reliably identified by pre-computing future DGA domains. We also give insights into botmasters’ strategies regarding domain registration and identify several pitfalls in previous takedown efforts of DGA-based botnets. We will share the dataset for future research and will also provide a web service to check domains for potential DGA identity.
Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study
(2016)
Der Arbeitskreis Usable Security & Privacy bietet ein Forum für den Gedankenaustausch und die interdisziplinäre Zusammenarbeit rund um das Thema benutzerfreundliche Informationssicherheit und privatheitsfördernde Technologien. Sicherheit ist bei der Anschaffung von Software und Technikprodukten zwar eines der zentralen Auswahlkriterien – aufgrund mangelnder Gebrauchstauglichkeit werden die vorhandenen Sicherheitsfunktionen und -mechanismen von den Nutzern jedoch oft falsch oder überhaupt nicht bedient. Im alltäglichen Gebrauch ergeben sich hierdurch Sicherheitsgefährdungen beim Umgang mit IKT-Systemen bzw. -Produkten und den darin enthaltenen sensiblen Daten. Im Workshop werden mit den Teilnehmern Beispiele diskutiert und es wird gemeinsam ein Stimmungsbild zum Verständnis, zum Stellenwert und zum aktuellen Grad der Umsetzung von Usable Security & Privacy erhoben. Ergebnis des Workshops ist ein Positionspapier, in dem die aktuellen Problemfelder und die wichtigsten Herausforderungen aus Sicht der Usability und UX Professionals beschrieben sind.
In Fortführung zum erfolgreichen Auftaktworkshop „Usable Security and Privacy: Nutzerzentrierte Lösungsansätze zum Schutz sensibler Daten“ auf der Mensch und Computer 2015 werden in einem zweiten wissenschaftlichen Workshop auf der diesjährigen Mensch und Computer vier Arbeiten auf dem Gebiet Usable Security and Privacy vorgestellt und diskutiert. Das Programm bilden Beiträge aus Forschung und Praxis, die neue nutzerzentrierte Ansätze, aber auch praxisrelevante Lösungen zur nutzerzentrierten Entwicklung und Ausgestaltung von digitalen Schutzmechanismen thematisieren. Mit dem Workshop wird das etablierte Forum weiterentwickelt, in dem sich Experten aus unterschiedlichen Domänen, z. B. dem Usability-Engineering und Security-Engineering, transdisziplinär austauschen können. Der Workshop wird von den Organisatoren als klassischer wissenschaftlicher Workshop ausgestaltet. Ein Programmkomitee hat die Einreichungen bewertet und daraus die zur Präsentation akzeptierten Beiträge ausgewählt.
In education, finding the appropriate learning pace that fits to the members of a large group is a challenging task. This becomes especially evident when teaching multidisciplinary subjects such as epidemiology in medicine or computer science in most study programs, since lecturers have to face a very heterogeneous state of previous knowledge. Approaching this issue requires an individual supervision of each and every student, which is obviously bounded by the available resources. Moreover, when referring back to the second example, writing computer programs requires a complex installation and configuration of development tools. Many beginning programmers already become stuck at this entry stage. This paper introduces WHELP, a Web-based Holistic E-Learning Platform, which provides an integrated environment enabling the learning and teaching of computer science topics without the need to install any software. Moreover, WHELP includes an interactive feedback system for each programming exercise, where lecturers or tutors can supply comments, improvements, code assistance or tips helping the students to accomplish their tasks. Furthermore, WHELP offers a statistical analysis module as well as a real-time classroom polling system both promoting an overview of the state of knowledge of a course. In addition to that, WHELP enables collaborative working including code-sharing and peer-to-peer learning. This feature enables students to work on exercises simultaneously at distinct places. WHELP has been successfully deployed in the winter term 2013 at the Cologne University of Applied Sciences supporting the 120 students and 3 lecturers to learn and teach basic topics of computer science in an engineering study program.
XML Encryption and XML Signature are fundamental security standards forming the core for many applications which require to process XML-based data. Due to the increased usage of XML in distributed systems and platforms such as in SOA and Cloud settings, the demand for robust and effective security mechanisms increased as well. Recent research work discovered, however, substantial vulnerabilities in these standards as well as in the vast majority of the available implementations. Amongst them, the so-called XML Signature Wrapping attack belongs to the most relevant ones. With the many possible instances of this attack type, it is feasible to annul security systems relying on XML Signature and to gain access to protected resources as has been successfully demonstrated lately for various Cloud infrastructures and services. This paper contributes a comprehensive approach to robust and effective XML Signatures for SOAP-based Web Services. An architecture is proposed, which integrates the r equired enhancements to ensure a fail-safe and robust signature generation and verification. Following this architecture, a hardened XML Signature library has been implemented. The obtained evaluation results show that the developed concept and library provide the targeted robustness against all kinds of known XML Signature Wrapping attacks. Furthermore the empirical results underline, that these security merits are obtained at low efficiency and performance costs as well as remain compliant with the underlying standards.
The Web has become an indispensable prerequisite of everyday live and the Web browser is the most used application on a variety of distinct devices. The content delivered by the Web has changed drastically from static pages to media-rich and interactive Web applications offering nearly the same functionality as native applications, a trend which is further pushed by the Cloud and more specifically the Cloud’s SaaS layer. In the light of this development, security and performance of Web browsing has become a crucial issue.
The usage of link quality based routing metrics significantly improves the quality of the chosen paths and by that the performance of the network. But, attackers may try to exploit link qualities for their purposes. Especially in tactical multi-hop networks, routing may fall prey to an attacker. Such routing attacks are a serious threat to communication. TOGBAD is a centralised approach, using topology graphs to detect routing attacks. In this paper, we enhance TOGBAD with the capability to detect fake link qualities. We use a Challenge/Response method to estimate the link qualities in the network. Based on this, we perform plausibility checks for the link qualities propagated by the nodes in the network. Furthermore, we study the impact of attackers propagating fake link qualities and present simulation results showing TOGBAD's detection rate.