005 Computerprogrammierung, Programme, Daten
Refine
H-BRS Bibliography
- yes (130) (remove)
Departments, institutes and facilities
- Fachbereich Informatik (63)
- Fachbereich Wirtschaftswissenschaften (58)
- Institut für Verbraucherinformatik (IVI) (48)
- Institut für Cyber Security & Privacy (ICSP) (42)
- Institut für Technik, Ressourcenschonung und Energieeffizienz (TREE) (7)
- Fachbereich Ingenieurwissenschaften und Kommunikation (3)
- Graduierteninstitut (1)
- Institut für funktionale Gen-Analytik (IFGA) (1)
- Institute of Visual Computing (IVC) (1)
- Zentrum für Ethik und Verantwortung (ZEV) (1)
Document Type
- Conference Object (54)
- Article (37)
- Part of a Book (15)
- Book (monograph, edited volume) (6)
- Working Paper (4)
- Conference Proceedings (3)
- Research Data (2)
- Master's Thesis (2)
- Report (2)
- Study Thesis (2)
Year of publication
Keywords
- Usable Security (8)
- GDPR (6)
- Big Data Analysis (4)
- Risk-based Authentication (4)
- Usable Privacy (4)
- usable privacy (3)
- Artificial Intelligence (2)
- Authentication (2)
- Authentication features (2)
- Consumer Informatics (2)
Objektrelationale Datenbanken und Rough Sets für die Analyse von Contextualized Attention Metadata
(2009)
Publikation von Umweltdaten
(2010)
The documentation requirements of data published in long term archives have significantly grown over the last decade. At WDCC the data publishing process is assisted by “Atarrabi”, a web-based workflow system for reviewing and editing metadata information by the data authors and the publication agent. The system ensures high metadata quality for long-term use of the data with persistent identifiers (DOI/URN). By these well-defined references (DOI) credit can properly be given to the data producers in any publication.
Dieser Beitrag betrachtet den Stand der Entwicklung bei der Vernetzung von Fahrzeugen aus Sicht der IT-Sicherheit. Etablierte Kommunikationssysteme und Verkehrstelematikanwendungen im Automobil werden ebenso vorgestellt und diskutiert wie auch zukünftige Kommunikationstechnologien Car-2-Car und Car-2-X. IT-Sicherheit im Automobil ist ein schwieriges Feld, da es hier um eine Integration von neuen innovativen Anwendungen in eine hochkomplexe bestehende Fahrzeugarchitektur geht, die zu keinen neuen Gefährdungen für die Fahrzeuginsassen führen darf. Zudem bleibt die Funktionsweise dieser Anwendungen mit ihren Auswirkungen auf das informationelle Selbstbestimmungsrecht oft intransparent. Die abschließende Diskussion gibt Handlungsempfehlungen aus Sicht der Verbraucher.
Within qualitative interviews we examine attitudes towards driverless cars in order to investigate new mobility services and explore the impact of such services on everyday mobility. We identified three main issues that we would like to discuss in the workshop: (I) Designing beyond a driver-centric approach; (II) Developing mobility services for cars which drive themselves; and (III) Exploring self-driving practices.
Smart home systems are becoming an integral feature of the emerging home IT market. Under this general term, products mainly address issues of security, energy savings and comfort. Comprehensive systems that cover several use cases are typically operated and managed via a unified dashboard. Unfortunately, research targeting user experience (UX) design for smart home interaction that spans several use cases or covering the entire system is scarce. Furthermore, existing comprehensive and user-centered longterm studies on challenges and needs throughout phases of information collection, installation and operation of smart home systems are technologically outdated. Our 18-month Living Lab study covering 14 households equipped with smart home technology provides insights on how to design for improving smart home appropriation. This includes a stronger sensibility for household practices during setup and configuration, flexible visualizations for evolving demands and an extension of smart home beyond the location.
Das autonome Fahren wird die Mobilität revolutionieren. Um die Auswirkung der Vollautomation auf dieEigenschaften der Verkehrsmittel und die Präferenzen der Nutzer besser zu verstehen, haben wir dieNutzenwerte neuen Verkehrsmodi im Vergleich zu den bestehenden Verkehrsmodi analysiert und imRahmen einer Online-Umfrage von potentiellen Nutzern in Form eines vollständigen Paarvergleichsbewerten lassen. Die Studie zeigt, dass der Privat-PKW, unabhängig davon ob traditionell odervollautomatisiert, zwar nach wie vor das präferierte Verkehrsmittel ist, im direkten Vergleich das Carsharingjedoch viel stärker von der Vollautomation profitiert. Darüber hinaus gibt es Hinweise darauf, dass dasvollautomatisierte Carsharing verstärkt in Konkurrenz zum ÖPNV tritt.
The technological development of the digital computer and new options to collect, store and transfer mass data have changed the world in the last 40 years. Moreover, due to the ongoing progress of computer power, the establishment of the Internet as critical infrastructure and the options of ubiquitous sensor systems will have a dramatic impact on economies and societies in the future. We give a brief overview about the technological basics especially with regard to the exponential growth of big data and current turn towards sensor-based data collection. From this stance, we reconsider the various dimensions of personal data and and market mechanisms that have an impact of data usage and protection.
Science Track FrOSCon 2016
(2018)
Im Jahre 2015 feierte die Free and Open Source Software Conference ihr 10 Jähriges Bestehen. Entstanden aus einer Idee von Studierenden, wissenschaftlichen Mitarbeitern und Professoren des Fachbereichs Informatik entwickelte sich eine der wichtigsten Konferenzen im Bereich der freien und quelloffenen Software in Deutschland.
Durch die Digitalisierung befindet sich die Mobilitätsbranche im starken Umbruch. So wird man bei der Verkehrsmittelwahl zukünftig wohl auch auf selbstfahrende Autos zurückgreifen können. Die Studie erweitert die Verkehrs- und Nutzerakzeptanzforschung, indem unter Berücksichtigung relativer Teilmehrwerte tiefergehend analysiert wird, wie sich die neuen Verkehrsmodi autonomer Privat-PKW, autonomes Carsharing und autonomes Taxi aus heutiger Sicht in den bestehenden Verkehrsmix einsortieren. Hierzu wurde auf Basis der Nutzerpräferenztheorie eine Onlineumfrage (n=172) zu den relativen Mehrwerten der neuen autonomen Verkehrsmodi durchgeführt. Es zeigt sich, dass Nutzer im Vergleich zum PKW bei den autonomen Modi Verbesserungen im Fahrkomfort und in der Zeitnutzung sehen, in vielen anderen Bereichen – insbesondere bei Fahrspaß und Kontrolle – hingegen keine Vorteile oder sogar relative Nachteile sehen. Gegenüber dem ÖPNV bieten die autonomen Modi in fast allen Eigenschaften Mehrwerte. Diese Betrachtung auf Teilnutzenebene liefert eine genauere Erklärung für Nutzerakzeptanz des automatisierten Fahrens.
This book is about how computer systems might be designed to serve their users rather better. It deals with how to study the natural behaviour of users to see how computer systems might best help them, and how one might also involve them in the design of computer systems that will assist them in their everyday practices.
Sind kleinere und mittlere Unternehmen (KMU) bereits auf die Digitale Transformation vorbereitet?
(2018)
Eine von den Autoren durchgeführte Untersuchung konnte deutliche Indizien dafür ausmachen, dass viele kleinere und mittlere Unternehmen (KMU) aktuell noch keine ausreichende Reife zur Digitalen Transformation haben. Zur Lösung des Problems wird vorgeschlagen, ein agiles IT-Management-Konzept zu entwickeln, um den IT-Bereich dynamisch und ohne formalen Ballast des klassischen IT-Managements zu steuern.
Vertrauen ist das Schmiermittel der Shareconomy. Einen zentralen Mechanismus hierfür stellen Crowd-basierte Reputationssysteme dar, bei denen Informationen und Bewertungen anderer Nutzer dazu dienen Vertrauen aufzubauen. Die Vernetzung zu teilender Gegenstände bietet hierbei neue Potentiale, um die Reputation eines Anbieters oder Nachfragers zu bewerten und einzuschätzen. In diesem Beitrag untersu-chen wir daher das Potential eines IoT-basierten Reputationssystems im Kontext von Peer-to-Peer Car-sharing, bei dem Informationen und Bewertungen mittels Sensorik während der Nutzung des Fahrzeugs erhoben und ausgewertet werden. Hierzu wurden zwei Fokusgruppen mit insgesamt 12 Personen durch-geführt. Die Ergebnisse deuten an, dass datenbasierte Reputationssysteme das Vertrauen nicht nur vor, sondern auch während der Vermietung und in der Nachkontrolle für Ver- und Entleiher steigern können. Jedoch sollten bei der Gestaltung solcher Systeme die Prinzipien der mehrseitigen Sicherheit wie Spar-samkeit, Verhältnismäßigkeit, Transparenz und Reziprozität beachtet werden.
PosturePairsDB19
(2019)
Herein we report an update to ACPYPE, a Python3 tool that now properly converts AMBER to GROMACS topologies for force fields that utilize nondefault and nonuniform 1–4 electrostatic and nonbonded scaling factors or negative dihedral force constants. Prior to this work, ACPYPE only converted AMBER topologies that used uniform, default 1–4 scaling factors and positive dihedral force constants. We demonstrate that the updated ACPYPE accurately transfers the GLYCAM06 force field from AMBER to GROMACS topology files, which employs non-uniform 1–4 scaling factors as well as negative dihedral force constants. Validation was performed using β-d-GlcNAc through gas-phase analysis of dihedral energy curves and probability density functions. The updated ACPYPE retains all of its original functionality, but now allows the simulation of complex glycomolecular systems in GROMACS using AMBER-originated force fields. ACPYPE is available for download at https://github.com/alanwilter/acpype.
Lower back pain is one of the most prevalent diseases in Western societies. A large percentage of European and American populations suffer from back pain at some point in their lives. One successful approach to address lower back pain is postural training, which can be supported by wearable devices, providing real-time feedback about the user’s posture. In this work, we analyze the changes in posture induced by postural training. To this end, we compare snapshots before and after training, as measured by the Gokhale SpineTracker™. Considering pairs of before and after snapshots in different positions (standing, sitting, and bending), we introduce a feature space, that allows for unsupervised clustering. We show that resulting clusters represent certain groups of postural changes, which are meaningful to professional posture trainers.
Application developers constitute an important part of a digital platform’s ecosystem. Knowledge about psychological processes that drive developer behavior in platform ecosystems is scarce. We build on the lead userness construct which comprises two dimensions, trend leadership and high expected benefits from a solution, to explain how developers’ innovative work behavior (IWB) is stimulated. We employ an efficiencyoriented and a social-political perspective to investigate the relationship between lead userness and IWB. The efficiency-oriented view resonates well with the expected benefit dimension of lead userness, while the social-political view might be interpreted as a reflection of trend leadership. Using structural equation modeling, we test our model with a sample of over 400 developers from three platform ecosystems. We find that lead userness is indirectly associated with IWB and the performance-enhancing view to be the stronger predictor of IWB. Finally, we unravel differences between paid and unpaid app developers in platform ecosystems.
Designing consumption feedback to support sustainable behavior is an active research topic. In recent years, relevant work has suggested a variety of possible design strategies. Addressing the more recent developments in this field, this paper presents a structured literature review, providing an overview of current information design approaches and highlighting open research questions. We suggest a literature-based taxonomy of used strategies, data source and output media with a special focus on design. In particular, we analyze which visual forms are used in current research to reach the identified strategy goals. Our survey reveals that the trend is towards more complex and contextualized feedback and almost every design within sustainable HCI adopts common visualization forms. Furthermore, adopting more advanced visual forms and techniques from information visualization research is helpful when dealing with ever-increasing data sources at home. Yet so far, this combination has often been neglected in feedback design.
Das Deutsche Zentrum für Luft- und Raumfahrt (DLR) führt viele Forschungen und Studien im Bereich der Luft- und Raumfahrt durch. Dabei spielen die Studien für die Gesundheit und Medizin auch eine sehr wichtige Rolle bei der DLR. Zu diesem Zweck führt die DLR die Artificial Gravity bed rest study (AGBRESA) im Auftrag der European Space Agency (esa) und in Kooperation der NASA durch. In dieser Studie werden die negativen Auswirkungen der Schwerelosigkeit auf dem Menschen im Weltall simuliert. Dabei werden Experimente durchgeführt, um die negative Auswirkungen entgegenzuwirken. Die Ergebnisse der Experimente werden in der DLR digital, aber auch auf Papier dokumentiert. In diesem Master-Projekt habe ich nun die Aufgabe, die Papierprotokolle für den Bereich der Blutabnahme und der Labordokumentation in eine digitale Form zu ersetzen.
Datenmodellierung
(2019)
Andreas Gadatsch schließt mit dem vorliegenden essential eine Lücke in einführenden Werken zur Datenmodellierung. Diese Modelle gehören zum Basiswissen in Einführungsveranstaltungen zur Wirtschaftsinformatik für Betriebswirte. Die Literatur dazu ist für diese Zielgruppe häufig zu speziell, da sie sich eher an Informatiker richtet. Der Autor bietet hier nun einen kompakten Einstieg in die klassische CHEN-Notation anhand eines durchgängigen Fallbeispiels, auf der viele neue Modellierungsansätze aufbauen. Die zweite Auflage enthält einige formale Korrekturen und Ergänzungen (z. B. Rekursive Relationen).
Validierung einer Web-Applikation zum Fern-Monitoring von Belastungs- und Erholungsparametern
(2020)
Simultan zur agilen Entwicklung einer Web-Applikation, die Parameter der Belastungs- und Beanspruchungssteuerung erfasst, wurden die implementierten Belastungs- und Erholungs-parameter an freiwilligen Testern/innen in der Praxis überprüft. Um sowohl die Applikation als auch die z.T. selbst entwickelten Kenngrößen auf ihre externe Validität hin zu bewerten, werden diese regressionsanalytisch bearbeitet.
Dieses Buch bietet einen leicht verständlichen Einstieg in die Thematik des Data Minings und der Prädiktiven Analyseverfahren. Als Methodensammlung gedacht, bietet es zu jedem Verfahren zunächst eine kurze Darstellung der Theorie und erklärt die zum Verständnis notwendigen Formeln. Es folgt jeweils eine Illustration der Verfahren mit Hilfe von Beispielen, die mit dem Programmpaket R erarbeitet werden.
Zum Abschluss wird eine einfache Möglichkeit präsentiert, mit der die Performancewerte verschiedener Verfahren mit statistischen Mitteln verglichen werden können. Zum Einsatz kommen hierbei geeignete Grafiken und Konfidenzintervalle.
Das Buch verzichtet nicht auf Theorie, es präsentiert jedoch so wenig Theorie wie möglich, aber so viel wie nötig und ist somit optimal für Studium und Selbststudium geeignet.
An essential measure of autonomy in assistive service robots is adaptivity to the various contexts of human-oriented tasks, which are subject to subtle variations in task parameters that determine optimal behaviour. In this work, we propose an apprenticeship learning approach to achieving context-aware action generalization on the task of robot-to-human object hand-over. The procedure combines learning from demonstration and reinforcement learning: a robot first imitates a demonstrator’s execution of the task and then learns contextualized variants of the demonstrated action through experience. We use dynamic movement primitives as compact motion representations, and a model-based C-REPS algorithm for learning policies that can specify hand-over position, conditioned on context variables. Policies are learned using simulated task executions, before transferring them to the robot and evaluating emergent behaviours. We additionally conduct a user study involving participants assuming different postures and receiving an object from a robot, which executes hand-overs by either imitating a demonstrated motion, or adapting its motion to hand-over positions suggested by the learned policy. The results confirm the hypothesized improvements in the robot’s perceived behaviour when it is context-aware and adaptive, and provide useful insights that can inform future developments.
In 1991 the researchers at the center for the Learning Sciences of Carnegie Mellon University were confronted with the confusing question of “where is AI” from the users, who were interacting with AI but did not realize it. Three decades of research and we are still facing the same issue with the AItechnology users. In the lack of users’ awareness and mutual understanding of AI-enabled systems between designers and users, informal theories of the users about how a system works (“Folk theories”) become inevitable but can lead to misconceptions and ineffective interactions. To shape appropriate mental models of AI-based systems, explainable AI has been suggested by AI practitioners. However, a profound understanding of the current users’ perception of AI is still missing. In this study, we introduce the term “Perceived AI” as “AI defined from the perspective of its users”. We then present our preliminary results from deep-interviews with 50 AItechnology users, which provide a framework for our future research approach towards a better understanding of PAI and users’ folk theories.
Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well.
We present the results of a between-group lab study (n=65) to evaluate usability and security perceptions of two RBA variants, one 2FA variant, and password-only authentication. Our study shows with significant results that RBA is considered to be more usable than the studied 2FA variants, while it is perceived as more secure than password-only authentication in general and comparably secure to 2FA in a variety of application types. We also observed RBA usability problems and provide recommendations for mitigation. Our contribution provides a first deeper understanding of the users' perception of RBA and helps to improve RBA implementations for a broader user acceptance.
Bei der sechsten Ausgabe des wissenschaftlichen Workshops ”Usable Security und Privacy” auf der Mensch und Computer 2020 werden wie in den vergangenen Jahren aktuelle Forschungs- und Praxisbeiträge präsentiert und anschließend mit allen Teilnehmenden diskutiert. Drei Beiträge befassen sich dieses Jahr mit dem Thema Privatsphäre, einer mit dem Thema Sicherheit. Mit dem Workshop wird ein etabliertes Forum fortgeführt und weiterentwickelt, in dem sich Expert*innen aus unterschiedlichen Domänen, z. B. dem Usability- und Security-Engineering, transdisziplinär austauschen können.
Bedingt durch die fortlaufende Digitalisierung und den Big Data-Trend stehen immer mehr Daten zur Verfügung. Daraus resultieren viele Potenziale – gerade für Unternehmen. Die Fähigkeit zur Bewältigung und Auswertung dieser Daten schlägt sich in der Rolle des Data Scientist nieder, welcher aktuell einer der gefragtesten Berufe ist. Allerdings ist die Integration von Daten in Unternehmensstrategie und -kultur eine große Herausforderung. So müssen komplexe Daten und Analyseergebnisse auch nicht datenaffinen Stakeholdern kommuniziert werden. Hier kommt dem Data Storytelling eine entscheidende Rolle zu, denn um mit Daten eine Veränderung hervorrufen zu können, müssen vorerst Verständnis und Motivation für den Sachverhalt zielgruppenspezifisch geschaffen werden. Allerdings handelt es sich bei Data Storytelling noch um ein Nischenthema. Diese Arbeit leitet mithilfe einer systematischen Literaturanalyse die Erfolgsfaktoren von Data Storytelling für eine effektive und effiziente Kommunikation von Daten her, um Data Scientists in Forschung und Praxis bei der Kommunikation der Daten und Ergebnisse zu unterstützen.
Die Motive für die Einführung von Public Cloud Services liegen oft im Bereich der Kosteneinsparung und Qualitätsverbesserung. Vielfach werden bei der erstmaligen Einführung vermeidbare Fehler gemacht, die im Nachhinein den Erfolg des Vorhabens schmälern. Der Beitrag beschreibt ein aus Sicht der Beratungspraxis bewährtes Vorgehensmodell für die Einführung und Nutzung von Public Cloud Services unter besonderer Berücksichtigung von Microsoft Cloud Services.
The ongoing digitisation in everyday working life means that ever larger amounts of personal data of employees are processed by their employers. This development is particularly problematic with regard to employee data protection and the right to informational self-determination. We strive for the use of company Privacy Dashboards as a means to compensate for missing transparency and control. For conceptual design we use among other things the method of mental models. We present the methodology and first results of our research. We highlight the opportunities that such an approach offers for the user-centred development of Privacy Dashboards.
Quantum mechanical theories are used to search and optimized the conformations of proposed small molecule candidates for treatment of SARS-CoV-2. These candidate compounds are taken from what is reported in the news and in other pre-peer-reviewed literature (e.g. ChemRxiv, bioRxiv). The goal herein is to provided predicted structures and relative conformational stabilities for selected drug and ligand candidates, in the hopes that other research groups can make use of them for developing a treatment.
Trust is the lubricant of the sharing economy. This is true especially in peer-to-peer carsharing, in which one leaves a highly valuable good to a stranger in the hope of getting it back unscathed. Nowadays, ratings of other users are major mechanisms for establishing trust. To foster uptake of peer-to-peer carsharing, connected car technology opens new possibilities to support trust-building, e.g., by adding driving behavior statistics to users' profiles. However, collecting such data intrudes into rentees' privacy. To explore the tension between the need for trust and privacy demands, we conducted three focus group and eight individual interviews. Our results show that connected car technologies can increase trust for car owners and rentees not only before but also during and after rentals. The design of such systems must allow a differentiation between information in terms of type, the context, and the negotiability of information disclosure.
Who do you trust: Peers or Technology? A conjoint analysis about computational reputation mechanisms
(2020)
Peer-to-peer sharing platforms are taking over an increasingly important role in the platform economy due to their sustainable business model. By sharing private goods and services, the challenge arises to build trust between peers online mostly without any kind of physical presence. Peer rating has been proven as an important mechanism. In this paper, we explore the concept called Trust Score, a computational rating mechanism adopted from car telematics, which can play a similar role in carsharing. For this purpose, we conducted a conjoint analysis where 77 car owners chose between fictitious user profiles. Our results show that in our experiment the telemetric-based score slightly outperforms the peer rating in the decision process, while the participants perceived the peer rating more helpful in retrospect. Further, we discuss potential benefits with regard to existing shortcomings of user rating, but also various concerns that should be considered in concepts like telemetric-based reputation mechanism that supplements existing trust factors such as user ratings.
New cars are increasingly "connected" by default. Since not having a car is not an option for many people, understanding the privacy implications of driving connected cars and using their data-based services is an even more pressing issue than for expendable consumer products. While risk-based approaches to privacy are well established in law, they have only begun to gain traction in HCI. These approaches are understood not only to increase acceptance but also to help consumers make choices that meet their needs. To the best of our knowledge, perceived risks in the context of connected cars have not been studied before. To address this gap, our study reports on the analysis of a survey with 18 open-ended questions distributed to 1,000 households in a medium-sized German city. Our findings provide qualitative insights into existing attitudes and use cases of connected car features and, most importantly, a list of perceived risks themselves. Taking the perspective of consumers, we argue that these can help inform consumers about data use in connected cars in a user-friendly way. Finally, we show how these risks fit into and extend existing risk taxonomies from other contexts with a stronger social perspective on risks of data use.
Science Track FrOSCon 2018
(2021)
Sharing economies enabled by technical platforms have been studied regarding their economic, legal, and social effects, as well as with regard to their possible influences on CSCW topics such as work, collaboration, and trust. While a lot current research is focusing on the sharing economy and related communities, there is little work addressing the phenomenon from a socio-technical point of view. Our workshop is meant to address this gap. Building on research themes and discussion from last year’s ECSCW, we seek to engage deeper with topics such as novel socio-technical approaches for enabling sharing communities, discussing issues around digital consumer and worker protection, as well as emerging challenges and opportunities of existing platforms and approaches.
An der Hochschule Bonn-Rhein-Sieg fand am Donnerstag, den 23.9.21 das erste Verbraucherforum für Verbraucherinformatik statt. Im Rahmen der Online-Tagesveranstaltung diskutierten mehr als 30 Teilnehmer:innen über Themen und Ideen rund um den Bereich Verbraucherdatenschutz. Dabei kamen sowohl Beiträge aus der Informatik, den Verbraucher- und Sozialwissenschaften sowie auch der regulatorischen Perspektive zur Sprache. Der folgende Beitrag stellt den Hintergrund der Veranstaltung dar und berichtet über Inhalte der Vorträge sowie Anknüpfungspunkte für die weitere Konstituierung der Verbraucherinformatik. Veranstalter waren das Institut für Verbraucherinformatik an der H-BRS in Zusammenarbeit mit dem Lehrstuhl IT-Sicherheit der Universität Siegen sowie dem Kompetenzzentrum Verbraucherforschung NRW der Verbraucherzentrale NRW e. V. mit Förderung des Bundesministeriums der Justiz und für Verbraucherschutz.
Frequently the main purpose of domestic artifacts equipped with smart sensors is to hide technology, like previous examples of a Smart Mirror show. However, current Smart Homes often fail to provide meaningful IoT applications for all residents’ needs. To design beyond efficiency and productivity, we propose to realize the potential of the traditional artifact for calm and engaging experiences. Therefore, we followed a design case study approach with 22 participants in total. After an initial focus group, we conducted a diary study to examine home routines and developed a conceptual design. The evaluation of our mid-fidelity prototype shows, that we need to study carefully the practices of the residents to leverage the physical material of the artifact to fit the routines. Our Smart Mirror, enhanced by digital qualities, supports meaningful activities and makes the bathroom more appealing. Thereby, we discuss domestic technology design beyond automation.
An der Hochschule Bonn-Rhein-Sieg fand am Donnerstag, den 23.9.21 das erste Verbraucherforum für Verbraucherinformatik statt. Im Rahmen der Online-Tagesveranstaltung diskutierten mehr als 30 Teilnehmer:innen über Themen und Ideen rund um den Bereich Verbraucherdatenschutz. Dabei kamen sowohl Beiträge aus der Informatik, den Verbraucher- und Sozialwissenschaften sowie auch der regulatorischen Perspektive zur Sprache. Der folgende Beitrag stellt den Hintergrund der Veranstaltung dar und berichtet über Inhalte der Vorträge sowie Anknüpfungspunkte für die weitere Konstituierung der Verbraucherinformatik. Veranstalter waren das Institut für Verbraucherinformatik an der H-BRS in Zusammenarbeit mit dem Lehrstuhl IT-Sicherheit der Universität Siegen sowie dem Kompetenzzentrum Verbraucherforschung NRW der Verbraucherzentrale NRW e. V. mit Förderung des Bundesministeriums der Justiz und für Verbraucherschutz.
Recent publications propose concepts of systems that integrate the various services and data sources of everyday food practices. However, this research does not go beyond the conceptualization of such systems. Therefore, there is a deficit in understanding how to combine different services and data sources and which design challenges arise from building integrated Household Information Systems. In this paper, we probed the design of an Integrated Household Information System with 13 participants. The results point towards more personalization, automatization of storage administration and enabling flexible artifact ecologies. Our paper contributes to understanding the design and usage of Integrated Household Information Systems, as a new class of information systems for HCI research.
Voice assistants (VA) collect data about users’ daily life including interactions with other connected devices, musical preferences, and unintended interactions. While users appreciate the convenience of VAs, their understanding and expectations of data collection by vendors are often vague and incomplete. By making the collected data explorable for consumers, our research-through-design approach seeks to unveil design resources for fostering data literacy and help users in making better informed decisions regarding their use of VAs. In this paper, we present the design of an interactive prototype that visualizes the conversations with VAs on a timeline and provides end users with basic means to engage with data, for instance allowing for filtering and categorization. Based on an evaluation with eleven households, our paper provides insights on how users reflect upon their data trails and presents design guidelines for supporting data literacy of consumers in the context of VAs.
Critical consumerism is complex as ethical values are difficult to negotiate, appropriate products are hard to find, and product information is overwhelming. Although recommender systems offer solutions to reduce such complexity, current designs are not appropriate for niche practices and use non-personalized intransparent ethics. To support critical consumption, we conducted a design case study on a personalized food recommender system. Therefore, we first conducted an empirical pre-study with 24 consumers to understand value negotiations and current practices, co-designed the recommender system, and finally evaluated it in a real-world trial with ten consumers. Our findings show how recommender systems can support the negotiation of ethical values within the context of consumption practices, reduce the complexity of finding products and stores, and strengthen consumers. In addition to providing implications for the design to support critical consumption practices, we critically reflect on the scope of such recommender systems and its appropriation.
Kompetenzen auf dem Gebiet der Datenbanken gehören zum Pflichtbereich der Informatik. Das Angebot an Lehrbüchern, Vorlesungsformaten und Tools lässt sich jedoch für Lehrende oft nur eingeschränkt in die eigene Lehre integrieren. In diesem Aufsatz schildern wir unsere Erfahrungen in der Nutzung (frei) verfügbarer und der Entwicklung eigener digitaler Inhalte für grundlegende Datenbankveranstaltungen. Die Präferenzen der Studierenden werden mittels Nutzungsanalysen und Befragungen ermittelt. Wir stellen die Anforderungen auf, wie die nicht selten aufwendig herzustellenden digitalen Materialien von Lehrenden in ihre Lehr- und Lernumgebungen integriert werden können. Als konstruktive Antwort auf diese Herausforderung wird das Konzept EILD zur Entwicklung von Inhalten für die Lehre im Fach Datenbanken vorgestellt. Die Inhalte sollen in vielfältigen Lernszenarien eingesetzt werden können und mit einer Creative Commons (CC) Lizenzierung als OER (open educational resources) frei zur Verfügung stehen.
Risk-based authentication (RBA) extends authentication mechanisms to make them more robust against account takeover attacks, such as those using stolen passwords. RBA is recommended by NIST and NCSC to strengthen password-based authentication, and is already used by major online services. Also, users consider RBA to be more usable than two-factor authentication and just as secure. However, users currently obtain RBA's high security and usability benefits at the cost of exposing potentially sensitive personal data (e.g., IP address or browser information). This conflicts with user privacy and requires to consider user rights regarding the processing of personal data. We outline potential privacy challenges regarding different attacker models and propose improvements to balance privacy in RBA systems. To estimate the properties of the privacy-preserving RBA enhancements in practical environments, we evaluated a subset of them with long-term data from 780 users of a real-world online service. Our results show the potential to increase privacy in RBA solutions. However, it is limited to certain parameters that should guide RBA design to protect privacy. We outline research directions that need to be considered to achieve a widespread adoption of privacy preserving RBA with high user acceptance.
Risk-based authentication (RBA) aims to strengthen password-based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at login time differ significantly from those observed before, RBA requests an additional proof of identification. Although RBA is recommended in the NIST digital identity guidelines, it has so far been used almost exclusively by major online services. This is partly due to a lack of open knowledge and implementations that would allow any service provider to roll out RBA protection to its users. To close this gap, we provide a first in-depth analysis of RBA characteristics in a practical deployment. We observed N=780 users with 247 unique features on a real-world online service for over 1.8 years. Based on our collected data set, we provide (i) a behavior analysis of two RBA implementations that were apparently used by major online services in the wild, (ii) a benchmark of the features to extract a subset that is most suitable for RBA use, (iii) a new feature that has not been used in RBA before, and (iv) factors which have a significant effect on RBA performance. Our results show that RBA needs to be carefully tailored to each online service, as even small configuration adjustments can greatly impact RBA's security and usability properties. We provide insights on the selection of features, their weightings, and the risk classification in order to benefit from RBA after a minimum number of login attempts.
Die Blockchain-Technologie ist einer der großen Innovationstreiber der letzten Jahre. Mit einer zugrundeliegenden Blockchain-Technologie ist auch der Betrieb von verteilten Anwendungen, sogenannter Decentralized Applications (DApps), bereits technisch umsetzbar. Dieser Beitrag verfolgt das Ziel, Gestaltungsmöglichkeiten der digitalen Verbraucherteilhabe an Blockchain-Anwendungen zu untersuchen. Hierzu enthält der Beitrag eine Einführung in die digitale Verbraucherteilhabe und die technischen Grundlagen und Eigenschaften der Blockchain-Technologie, einschließlich darauf basierender DApps. Abschließend werden technische, ethisch-organisatorische, rechtliche und sonstige Anforderungsbereiche für die Umsetzung von digitaler Verbraucherteilhabe in Blockchain-Anwendungen adressiert.
Data emerged as a central success factor for companies to benefit from digitization. However, the skills in successfully creating value from data – especially at the management level – are not always profound. To address this problem, several canvas models have already been designed. Canvas models are usually created to write down an idea in a structured way to promote transparency and traceability. However, some existing data science canvas models mainly address developers and are thus unsuitable for decision-makers and communication within interdisciplinary teams. Based on a literature review, we identified influencing factors that are essential for the success of data science projects. With the information gained, the Data Science Canvas was developed in an expert workshop and finally evaluated by practitioners to find out whether such an instrument could support data-driven value creation.
Auch die mittlerweile siebte Ausgabe des wissenschaftlichen Workshops “Usable Security und Privacy” auf der Mensch und Computer 2021 wird aktuelle Forschungs- und Praxisbeiträge präsentiert und anschließend mit allen Teilnehmer:innen diskutiert. Zwei Beiträge befassen sich dieses Jahr mit dem Thema Privatsphäre, zwei mit dem Thema Sicherheit. Mit dem Workshop wird ein etabliertes Forum fortgeführt und weiterentwickelt, in dem sich Expert:innen aus unterschiedlichen Domänen, z. B. dem Usability- und Security- Engineering, transdisziplinär austauschen können.
Software developers build complex systems using plenty of third-party libraries. Documentation is key to understand and use the functionality provided via the libraries’ APIs. Therefore, functionality is the main focus of contemporary API documentation, while cross-cutting concerns such as security are almost never considered at all, especially when the API itself does not provide security features. Documentations of JavaScript libraries for use in web applications, e.g., do not specify how to add or adapt a Content Security Policy (CSP) to mitigate content injection attacks like Cross-Site Scripting (XSS). This is unfortunate, as security-relevant API documentation might have an influence on secure coding practices and prevailing major vulnerabilities such as XSS. For the first time, we study the effects of integrating security-relevant information in non-security API documentation. For this purpose, we took CSP as an exemplary study object and extended the official Google Maps JavaScript API documentation with security-relevant CSP information in three distinct manners. Then, we evaluated the usage of these variations in a between-group eye-tracking lab study involving N=49 participants. Our observations suggest: (1) Developers are focused on elements with code examples. They mostly skim the documentation while searching for a quick solution to their programming task. This finding gives further evidence to results of related studies. (2) The location where CSP-related code examples are placed in non-security API documentation significantly impacts the time it takes to find this security-relevant information. In particular, the study results showed that the proximity to functional-related code examples in documentation is a decisive factor. (3) Examples significantly help to produce secure CSP solutions. (4) Developers have additional information needs that our approach cannot meet.
Overall, our study contributes to a first understanding of the impact of security-relevant information in non-security API documentation on CSP implementation. Although further research is required, our findings emphasize that API producers should take responsibility for adequately documenting security aspects and thus supporting the sensibility and training of developers to implement secure systems. This responsibility also holds in seemingly non-security relevant contexts.
Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on passwordless FIDO2 authentication using security tokens demonstrated the potential to replace passwords. However, widespread acceptance of FIDO2 depends, among other things, on how user accounts can be recovered when the security token becomes permanently unavailable. For this reason, we provide a heuristic evaluation of 12 account recovery mechanisms regarding their properties for FIDO2 passwordless authentication. Our results show that the currently used methods have many drawbacks. Some even rely on passwords, taking passwordless authentication ad absurdum. Still, our evaluation identifies promising account recovery solutions and provides recommendations for further studies.
Less is Often More: Header Whitelisting as Semantic Gap Mitigation in HTTP-Based Software Systems
(2021)
The web is the most wide-spread digital system in the world and is used for many crucial applications. This makes web application security extremely important and, although there are already many security measures, new vulnerabilities are constantly being discovered. One reason for some of the recent discoveries lies in the presence of intermediate systems—e.g. caches, message routers, and load balancers—on the way between a client and a web application server. The implementations of such intermediaries may interpret HTTP messages differently, which leads to a semantically different understanding of the same message. This so-called semantic gap can cause weaknesses in the entire HTTP message processing chain.
In this paper we introduce the header whitelisting (HWL) approach to address the semantic gap in HTTP message processing pipelines. The basic idea is to normalize and reduce an HTTP request header to the minimum required fields using a whitelist before processing it in an intermediary or on the server, and then restore the original request for the next hop. Our results show that HWL can avoid misinterpretations of HTTP messages in the different components and thus prevent many attacks rooted in a semantic gap including request smuggling, cache poisoning, and authentication bypass.
XML Signature Wrapping (XSW) has been a relevant threat to web services for 15 years until today. Using the Personal Health Record (PHR), which is currently under development in Germany, we investigate a current SOAP-based web services system as a case study. In doing so, we highlight several deficiencies in defending against XSW. Using this real-world contemporary example as motivation, we introduce a guideline for more secure XML signature processing that provides practitioners with easier access to the effective countermeasures identified in the current state of research.
Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication against account takeover attacks. Our study on 65 participants shows that users find RBA more usable than two-factor authentication equivalents and more secure than password-only authentication. We identify pitfalls and provide guidelines for putting RBA into practice.
Risk-based authentication (RBA) aims to strengthen password-based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at login time differ significantly from those observed before, RBA requests an additional proof of identification. Although RBA is recommended in the NIST digital identity guidelines, it has so far been used almost exclusively by major online services. This is partly due to a lack of open knowledge and implementations that would allow any service provider to roll out RBA protection to its users.
To close this gap, we provide a first in-depth analysis of RBA characteristics in a practical deployment. We observed N=780 users with 247 unique features on a real-world online service for over 1.8 years. Based on our collected data set, we provide (i) a behavior analysis of two RBA implementations that were apparently used by major online services in the wild, (ii) a benchmark of the features to extract a subset that is most suitable for RBA use, (iii) a new feature that has not been used in RBA before, and (iv) factors which have a significant effect on RBA performance. Our results show that RBA needs to be carefully tailored to each online service, as even small configuration adjustments can greatly impact RBA's security and usability properties. We provide insights on the selection of features, their weightings, and the risk classification in order to benefit from RBA after a minimum number of login attempts.
Due to ongoing digitalization, more and more cloud services are finding their way into companies. In this context, data integration from the various software solutions, which are provided both on-premise (local use or licensing for local use of software) and as a service, is of great importance. In this regard, Integration Platform as a Service (IPaaS) models aim to support companies as well as software providers in the context of data integration by providing connectors to enable data flow between different applications and systems and other integration services. Since previous research has mostly focused on technical or legal aspects of IPaaS, this article focuses on deriving integration practices and design-related barriers and drivers regarding the adoption of IPaaS. Therefore, we conducted 10 interviews with experts from different software as a services vendors. Our results show that the main factors regarding the adoption of IPaaS are the standardization of data models, the usability and variety of connectors provided, and the issues regarding data privacy, security, and transparency.
Components and Architecture for the Implementation of Technology-Driven Employee Data Protection
(2021)
Applied privacy research has so far focused mainly on consumer relations in private life. Privacy in the context of employment relationships is less well studied, although it is subject to the same legal privacy framework in Europe. The European General Data Protection Regulation (GDPR) has strengthened employees’ right to privacy by obliging that employers provide transparency and intervention mechanisms. For such mechanisms to be effective, employees must have a sound understanding of their functions and value. We explored possible boundaries by conducting a semistructured interview study with 27 office workers in Germany and elicited mental models of the right to informational self-determination, which is the European proxy for the right to privacy. We provide insights into (1) perceptions of different categories of data, (2) familiarity with the legal framework regarding expectations for privacy controls, and (3) awareness of data processing, data flow, safeguards, and threat models. We found that legal terms often used in privacy policies used to describe categories of data are misleading. We further identified three groups of mental models that differ in their privacy control requirements and willingness to accept restrictions on their privacy rights. We also found ignorance about actual data flow, processing, and safeguard implementation. Participants’ mindsets were shaped by their faith in organizational and technical measures to protect privacy. Employers and developers may benefit from our contributions by understanding the types of privacy controls desired by office workers and the challenges to be considered when conceptualizing and designing usable privacy protections in the workplace.
Data Science
(2021)
Data Science ist in vielen Organisationen angekommen und oft alltägliche Praxis. Dennoch stehen viele Verantwortliche vor der Herausforderung, sich erstmalig mit konkreten Fragestellungen zu beschäftigen oder laufende Projekte weiterzuentwickeln. Die Spannbreite der Methoden, Werkzeuge und Anwendungsmöglichkeiten ist sehr groß und entwickelt sich kontinuierlich weiter. Die Vielzahl an Publikationen zu Data Science ist spezialisiert und behandelt fokussiert Einzelaspekte.
Das vorliegende Werk gibt den Leserinnen und Lesern eine umfassende Orientierung zum Status Quo aus der wissenschaftlichen Perspektive und zahlreiche vertiefende Darstellungen praxisrelevanter Aspekte. Die Inhalte bauen auf den wissenschaftlichen CAS-Zertifikatskursen zu Big Data und Data Science der Hochschule Niederrhein in Kooperation mit der Hochschule Bonn-Rhein-Sieg und der FH Dortmund auf. Sie berücksichtigen wissenschaftliche Grundlagen und Vertiefungen, aber auch konkrete Erfahrungen aus Data Science Projekten. Das Buch greift praxisrelevante Fragen auf wissenschaftlichem Niveau aus Sicht der Rollen eines „Data Strategist“, „Data Architect“ und „Data Analyst“ auf und bindet erprobte Praxiserfahrungen u. a. von Seminarteilnehmern mit ein. Das Buch gibt für Interessierte einen Einblick in die aktuell relevante Vielfalt der Aspekte zu Data Science bzw. Big Data und liefert Hinweise für die praxisnahe Umsetzung. (Verlagsangaben)
With the debates on climate change and sustainability, a reduction of the share of cars in the modal split has become increasingly prevalent in both public and academic discourse. Besides some motivational approaches, there is a lack of ICT artifacts that successfully raise the ability of consumers to adopt sustainable mobility patterns. To further understand the requirements and the design of these artifacts within everyday mobility adopted a practice-lens. This lens is helpful to get a broader perspective on the use of ICT artifacts along consumers’ transformational journey towards sustainable mobility practices. Based on 12 retrospective interviews with car-free mobility consumers, we argue that artifacts should not be viewed as ’magic-bullet’ solutions but should accompany the complex transformation of practices in multifaceted ways. Moreover, we highlight in particular the difficulties of appropriating shared infrastructures and aligning own practices with them. This opens up a design space to provide more support for these kinds of material-interactions, to provide access to consumption infrastructures and make them usable, rather than leaving consumers alone with increased motivation.
While the recent discussion on Art. 25 GDPR often considers the approach of data protection by design as an innovative idea, the notion of making data protection law more effective through requiring the data controller to implement the legal norms into the processing design is almost as old as the data protection debate. However, there is another, more recent shift in establishing the data protection by design approach through law, which is not yet understood to its fullest extent in the debate. Art. 25 GDPR requires the controller to not only implement the legal norms into the processing design but to do so in an effective manner. By explicitly declaring the effectiveness of the protection measures to be the legally required result, the legislator inevitably raises the question of which methods can be used to test and assure such efficacy. In our opinion, extending the legal compatibility assessment to the real effects of the required measures opens this approach to interdisciplinary methodologies. In this paper, we first summarise the current state of research on the methodology established in Art. 25 sect. 1 GDPR, and pinpoint some of the challenges of incorporating interdisciplinary research methodologies. On this premise, we present an empirical research methodology and first findings which offer one approach to answering the question on how to specify processing purposes effectively. Lastly, we discuss the implications of these findings for the legal interpretation of Art. 25 GDPR and related provisions, especially with respect to a more effective implementation of transparency and consent, and provide an outlook on possible next research steps.
Der technische Fortschritt im Bereich der Erhebung, Speicherung und Verarbeitung von Daten macht es erforderlich, neue Fragen zu sozialverträglichen Datenmärkten aufzuwerfen. So gibt es sowohl eine Tendenz zur vereinfachten Datenteilung als auch die Forderung, die informationelle Selbstbestimmung besser zu schützen. Innerhalb dieses Spannungsfeldes bewegt sich die Idee von Datentreuhändern. Ziel des Beitrags ist darzulegen, dass zwischen verschiedenen Formen der Datentreuhänderschaft unterschieden werden sollte, um der Komplexität des Themas gerecht zu werden. Insbesondere bedarf es neben der mehrseitigen Treuhänderschaft, mit dem Treuhänder als neutraler Instanz, auch der einseitigen Treuhänderschaft, bei dem der Treuhänder als Anwalt der Verbraucherinteressen fungiert. Aus dieser Perspektive wird das Modell der Datentreuhänderschaft als stellvertretende Deutung der Interessen individueller und kollektiver Identitäten systematisch entwickelt.
Regions and their innovation ecosystems have increasingly become of interest to CSCW research as the context in which work, research and design takes place. Our study adds to this growing discourse, by providing preliminary data and reflections from an ongoing attempt to intervene and support a regional innovation ecosystem. We report on the benefits and shortcomings of a practice-oriented approach in such regional projects and highlight the importance of relations and the notion of spillover. Lastly, we discuss methodological and pragmatic hurdles that CSCW research needs to overcome in order to support regional innovation ecosystems successfully.
For most people, using their body to authenticate their identity is an integral part of daily life. From our fingerprints to our facial features, our physical characteristics store the information that identifies us as "us." This biometric information is becoming increasingly vital to the way we access and use technology. As more and more platform operators struggle with traffic from malicious bots on their servers, the burden of proof is on users, only this time they have to prove their very humanity and there is no court or jury to judge, but an invisible algorithmic system. In this paper, we critique the invisibilization of artificial intelligence policing. We argue that this practice obfuscates the underlying process of biometric verification. As a result, the new "invisible" tests leave no room for the user to question whether the process of questioning is even fair or ethical. We challenge this thesis by offering a juxtaposition with the science fiction imagining of the Turing test in Blade Runner to reevaluate the ethical grounds for reverse Turing tests, and we urge the research community to pursue alternative routes of bot identification that are more transparent and responsive.
AI (artificial intelligence) systems are increasingly being used in all aspects of our lives, from mundane routines to sensitive decision-making and even creative tasks. Therefore, an appropriate level of trust is required so that users know when to rely on the system and when to override it. While research has looked extensively at fostering trust in human-AI interactions, the lack of standardized procedures for human-AI trust makes it difficult to interpret results and compare across studies. As a result, the fundamental understanding of trust between humans and AI remains fragmented. This workshop invites researchers to revisit existing approaches and work toward a standardized framework for studying AI trust to answer the open questions: (1) What does trust mean between humans and AI in different contexts? (2) How can we create and convey the calibrated level of trust in interactions with AI? And (3) How can we develop a standardized framework to address new challenges?
The processing of employees’ personal data is dramatically increasing, yet there is a lack of tools that allow employees to manage their privacy. In order to develop these tools, one needs to understand what sensitive personal data are and what factors influence employees’ willingness to disclose. Current privacy research, however, lacks such insights, as it has focused on other contexts in recent decades. To fill this research gap, we conducted a cross-sectional survey with 553 employees from Germany. Our survey provides multiple insights into the relationships between perceived data sensitivity and willingness to disclose in the employment context. Among other things, we show that the perceived sensitivity of certain types of data differs substantially from existing studies in other contexts. Moreover, currently used legal and contextual distinctions between different types of data do not accurately reflect the subtleties of employees’ perceptions. Instead, using 62 different data elements, we identified four groups of personal data that better reflect the multi-dimensionality of perceptions. However, previously found common disclosure antecedents in the context of online privacy do not seem to affect them. We further identified three groups of employees that differ in their perceived data sensitivity and willingness to disclose, but neither in their privacy beliefs nor in their demographics. Our findings thus provide employers, policy makers, and researchers with a better understanding of employees’ privacy perceptions and serve as a basis for future targeted research
on specific types of personal data and employees.
Ziel der achten Auflage des wissenschaftlichen Workshops “Usable Security and Privacy” auf der Mensch und Computer 2022 ist es, aktuelle Forschungs- und Praxisbeiträge zu präsentieren und anschließend mit den Teilnehmenden zu diskutieren. Der Workshop soll ein etabliertes Forum fortführen und weiterentwickeln, in dem sich Experten aus verschiedenen Bereichen, z. B. Usability und Security Engineering, transdisziplinär austauschen können.
This open access book brings together the latest developments from industry and research on automated driving and artificial intelligence.
Environment perception for highly automated driving heavily employs deep neural networks, facing many challenges. How much data do we need for training and testing? How to use synthetic data to save labeling costs for training? How do we increase robustness and decrease memory usage? For inevitably poor conditions: How do we know that the network is uncertain about its decisions? Can we understand a bit more about what actually happens inside neural networks? This leads to a very practical problem particularly for DNNs employed in automated driving: What are useful validation techniques and how about safety?
This book unites the views from both academia and industry, where computer vision and machine learning meet environment perception for highly automated driving. Naturally, aspects of data, robustness, uncertainty quantification, and, last but not least, safety are at the core of it. This book is unique: In its first part, an extended survey of all the relevant aspects is provided. The second part contains the detailed technical elaboration of the various questions mentioned above.
Login Data Set for Risk-Based Authentication
Synthesized login feature data of >33M login attempts and >3.3M users on a large-scale online service in Norway. Original data collected between February 2020 and February 2021.
This data sets aims to foster research and development for <a href="https://riskbasedauthentication.org">Risk-Based Authentication (RBA) systems. The data was synthesized from the real-world login behavior of more than 3.3M users at a large-scale single sign-on (SSO) online service in Norway.
Deployment of modern data-driven machine learning methods, most often realized by deep neural networks (DNNs), in safety-critical applications such as health care, industrial plant control, or autonomous driving is highly challenging due to numerous model-inherent shortcomings. These shortcomings are diverse and range from a lack of generalization over insufficient interpretability and implausible predictions to directed attacks by means of malicious inputs. Cyber-physical systems employing DNNs are therefore likely to suffer from so-called safety concerns, properties that preclude their deployment as no argument or experimental setup can help to assess the remaining risk. In recent years, an abundance of state-of-the-art techniques aiming to address these safety concerns has emerged. This chapter provides a structured and broad overview of them. We first identify categories of insufficiencies to then describe research activities aiming at their detection, quantification, or mitigation. Our work addresses machine learning experts and safety engineers alike: The former ones might profit from the broad range of machine learning topics covered and discussions on limitations of recent methods. The latter ones might gain insights into the specifics of modern machine learning methods. We hope that this contribution fuels discussions on desiderata for machine learning systems and strategies on how to help to advance existing approaches accordingly.
Personal-Information-Management-Systeme (PIMS) gelten als Chance, um die Datensouveränität der Verbraucher zu stärken. Datenschutzbezogene Fragen sind für Verbraucher immer dort relevant, wo sie Verträge und Nutzungsbedingungen mit Diensteanbietern eingehen. Vor diesem Hintergrund diskutiert dieser Beitrag die Potenziale von VRM-Systemen, die nicht nur das Datenmanagement, sondern das gesamte Vertragsmanagement von Verbrauchern unterstützen. Dabei gehen wir der Frage nach, ob diese besser geeignet sind, um Verbraucher zu souveränem Handeln zu befähigen.
The corporate landscape is experiencing an increasing change in business models due to digitization. An increasing availability of data along the business processes enhance the opportunities for process automation. Technologies such as Robotic Process Automation (RPA) are widely used for business process optimization, but as a side effect an increase in stand-alone solutions and a lack of holistic approaches can be observed. Intelligent Process Automation (IPA) is said to support more complex processes and enable automated decision-making, but due to the lack of connectors makes the implementation difficult. RPA marketplaces can be a bridging technology to help companies implement Intelligent Process Automation. This paper explores the drivers and challenges for the adoption of RPA marketplaces to realize IPA. For this purpose, we conducted ten expert interviews with decision makers and IT staff from the process automation sector.
Although climate-induced liquidity risks can cause significant disruptions and instabilities in the financial sector, they are frequently overlooked in current debates and policy discussions. This paper proposes a macro-financial agent-based integrated assessment model to investigate the transmission channels of climate risks to financial instability and study the emergence of liquidity crises through interbank market dynamics. Our simulations show that the financial system could experience serious funding and market liquidity shortages due to climate-induced liquidity crises. Our investigation contributes to our understanding of the impact - and possible solutions - to climate-induced liquidity crises, besides the issue of asset stranding related to transition risks usually considered in the existing studies.
In the project EILD.nrw, Open Educational Resources (OER) have been developed for teaching databases. Lecturers can use the tools and courses in a variety of learning scenarios. Students of computer science and application subjects can learn the complete life cycle of databases. For this purpose, quizzes, interactive tools, instructional videos, and courses for learning management systems are developed and published under a Creative Commons license. We give an overview of the developed OERs according to subject, description, teaching form, and format. Following, we describe how licencing, sustainability, accessibility, contextualization, content description, and technical adaptability are implemented. The feedback of students in ongoing classes are evaluated.