005 Computerprogrammierung, Programme, Daten
Refine
Departments, institutes and facilities
- Institut für Cyber Security & Privacy (ICSP) (161)
- Institut für Verbraucherinformatik (IVI) (108)
- Fachbereich Informatik (63)
- Fachbereich Wirtschaftswissenschaften (58)
- Institut für Technik, Ressourcenschonung und Energieeffizienz (TREE) (7)
- Fachbereich Ingenieurwissenschaften und Kommunikation (3)
- Graduierteninstitut (1)
- Institut für funktionale Gen-Analytik (IFGA) (1)
- Institute of Visual Computing (IVC) (1)
- Zentrum für Ethik und Verantwortung (ZEV) (1)
Document Type
- Conference Object (187)
- Article (76)
- Part of a Book (21)
- Book (monograph, edited volume) (12)
- Contribution to a Periodical (8)
- Working Paper (4)
- Conference Proceedings (3)
- Master's Thesis (3)
- Research Data (2)
- Doctoral Thesis (2)
Year of publication
Keywords
- Usable Security (10)
- GDPR (8)
- Cloud (5)
- HTTP (5)
- Privacy (5)
- Usable Privacy (5)
- security (5)
- usable privacy (5)
- Big Data Analysis (4)
- Global Software Engineering (4)
- REST (4)
- Risk-based Authentication (4)
- Web (4)
- Authentication (3)
- Java <Programmiersprache> (3)
- Offshoring (3)
- Python <Programmiersprache> (3)
- Qualitative research (3)
- SOA (3)
- Security (3)
- web caching (3)
- web services (3)
- Artificial Intelligence (2)
- Authentication features (2)
- Business Ethnography (2)
- Claim personal data (2)
- Cloud Security (2)
- Consumer Informatics (2)
- Data literacy (2)
- Data takeout (2)
- Datenmanagement (2)
- Digital Sovereignty (2)
- Digitalisierung (2)
- Food (2)
- Global Software Development (2)
- HCI (2)
- Human Factors In Software Design (2)
- IoT (2)
- Machine Learning (2)
- Malware analysis (2)
- Methodology (2)
- Password (2)
- Practice Theory (2)
- Public Transport (2)
- Qualitative Study (2)
- Risk-based Authentication (RBA) (2)
- SOAP (2)
- Smart Home (2)
- Software (2)
- Sustainability (2)
- TLS (2)
- User Experience (2)
- User-Centered Design (2)
- Verkehrsmittelwahl (2)
- Voice Assistants (2)
- WS-Security (2)
- XML Signature (2)
- XML Signature Wrapping (2)
- end user development (2)
- software engineering (2)
- structural equation modeling (2)
- usability (2)
- 3D Printer (1)
- ACPYPE (1)
- API Documentation (1)
- API usability (1)
- Account (Datenverarbeitung) (1)
- Account Security (1)
- Accounting practices (1)
- Ad Hoc Kommunikation (1)
- Adaptive Media Streaming (1)
- Adaptive Streaming (1)
- Administrative work (1)
- Adoption (1)
- Adoption Factors (1)
- Advance Encryption Standard (1)
- Advances in Design Science Research (1)
- Affective computing (1)
- Agent-Based Modeling (1)
- Agilität (1)
- Alternde Gesellschaft (1)
- Analysis (1)
- Appropriation (1)
- Appropriation Infras-tructure (1)
- Articulation Work (1)
- Attention mechanism (1)
- Authentifikation (1)
- Autonomes Fahren (1)
- Autonomous Driving (1)
- Bewegungsmotivation (1)
- Big Data (1)
- Biometric data (1)
- Black-box models (1)
- Botnet tracking (1)
- Botnets (1)
- Browser cache (1)
- CAE metadata structures (1)
- CC (1)
- Cache Poisoning (1)
- Carbohydrate (1)
- Certificates (1)
- Chen (1)
- Chloroquine (1)
- Cipher Block Chain (1)
- Climate Risks (1)
- Cloud Computing security (1)
- Cloud Malware Injection (1)
- Cloud Standards (1)
- Clusteranalyse (1)
- Co-performance (1)
- CoAP (1)
- Collaborative design (1)
- Common Criteria (1)
- Community (1)
- Computer Aided Software Engineering (1)
- Computer Security (1)
- Computer Support (1)
- Computersicherheit (1)
- Computing Milieux (1)
- Conceptual model (1)
- Conficker (1)
- Conformance Testing (1)
- Connected Car (1)
- Constructionism (1)
- Consumer protection (1)
- Content Security Policies (1)
- Context (1)
- Cooperative Intelligent Transport Systems (ITS) (1)
- Cooperative Work (1)
- Countermeasures (1)
- Creative Commons (1)
- Crisis management (1)
- Curse of dimensionality (1)
- Cyber Attacks (1)
- Cyber Security (1)
- Cybercrime (1)
- Cybercrime Legislation (1)
- DASH (1)
- DNSSEC (1)
- DSGVO (1)
- Data (1)
- Data Compression (1)
- Data Integration (1)
- Data Literacy (1)
- Data Protection Officer (1)
- Data Reduction (1)
- Data Science (1)
- Data Storytelling (1)
- Data Storytelling Process (1)
- Data Tiles (1)
- Data collection (1)
- Data protection by design (1)
- Data visualization (1)
- Data-Storytelling-Prozess (1)
- Datenbanken (1)
- Datenbanksysteme (1)
- Datenkompetenz (1)
- Datenmodellierung (1)
- Datenschutz (1)
- Datenschutzerklärungen (1)
- Datenwissenschaft (1)
- Deep Learning (1)
- Denial of Service (1)
- Deployment (1)
- Design (1)
- Design Case Study (1)
- Design Probe (1)
- Design patterns (1)
- Deskriptive Datenanalyse (1)
- Developer Centered Security (1)
- Difference-coding (1)
- Digital Ecosystem (1)
- Digital Energy Management (1)
- Digital Plumbing (1)
- Digital Receipt (1)
- Digital signatures (1)
- Digitale Lehre (1)
- Digitaler Konsum (1)
- Digitalisierungsstrategie (1)
- Dimensionsreduktion (1)
- Disclosive ethics (1)
- Distribute Software Development (1)
- Domestic Robots (1)
- Domestic Technology (1)
- Domestic workplace studies (1)
- E-Health (1)
- ELSI (1)
- ERM (1)
- Ecosystems (1)
- Effective purpose specification (1)
- Elderly (1)
- Electric micromobility (1)
- Electronic Data Capture (EDC) (1)
- Embodied knowledge (1)
- Empirical Study (1)
- Employee data protection (1)
- Employment (1)
- End-User Development (1)
- Engaging Experience (1)
- Entity-Relationship-Datenmodell (1)
- Entity-Relationship-Modell (1)
- Entitätsmengen-Beziehungs-Modell (1)
- Environment Perception (1)
- Eriodictyol (1)
- Ethnographic Research (1)
- Evaluation (1)
- Expert Interviews (1)
- Fake review cues (1)
- Fake review detection (1)
- File carving (1)
- Financial practices (1)
- Folk theories (1)
- Food Practices (1)
- Food literacy (1)
- Force field (1)
- Fragmented files (1)
- Frontend architecture (1)
- Full-text Search (1)
- Geo-tagging (1)
- Geschäftsmodell (1)
- Gesundheit (1)
- Glycam06 (1)
- Grassroots (1)
- Gromacs (1)
- HFI (1)
- HTML5 (1)
- HTTPS (1)
- Hauswirtschaft (1)
- Header whitelisting (1)
- Highly Automated Driving (1)
- Hochschullehre (1)
- Host-Based Code Injection Attacks (1)
- Household management (1)
- Human autonomy (1)
- Human computer interaction (1)
- Human computer interaction (HCI) (1)
- Human factors (1)
- Human review fraud detection (1)
- Human-Centered Robotics (1)
- Human-Robot-Interaction (HRI) (1)
- Human-centered computing (1)
- Human-food interaction (1)
- Human–Food Interaction (1)
- Hydroxychloroquine (1)
- ICT (1)
- IIoT (1)
- ISO 27000 (1)
- IT-Management (1)
- IT-Sicherheitsanforderungen (1)
- IT-Strategie (1)
- Implementation Challenges (1)
- Implementation Model (1)
- Individual Empowerment (1)
- Informational self-determination (1)
- Informationssicherheit (1)
- Infrastructuring (1)
- Infrastruktur (1)
- Integrated Household Information System (1)
- Integration Platform as a Service (1)
- Intelligence Amplification (1)
- Intelligence Augmentation (1)
- Intelligent Process Automation (1)
- Interactive Artifacts (1)
- Interbank Market (1)
- Intermediaries (1)
- Internet Technology (1)
- Internet of Things (1)
- Interpretability (1)
- Interviews (1)
- Invisible AI (1)
- IoT services security (1)
- JOSE (1)
- JPEGs (1)
- JSON (1)
- KMU (1)
- Labordaten (1)
- Large-Scale Online Services (1)
- Last mile problem (1)
- Lead userness (1)
- Learning (1)
- Learning Environments (1)
- Learning and Adaptive Systems (1)
- Legal Design (1)
- Legal metrology (1)
- Liquidity Crises (1)
- Live Streaming (1)
- Living Lab (1)
- Login (1)
- MLOps Tools (1)
- MLR (1)
- Malware (1)
- Malware Detection (1)
- Management (1)
- Marketplaces (1)
- Memory forensics (1)
- Mental Models (1)
- Mental models (1)
- Message Authentication (1)
- Microservices (1)
- Microsoft (1)
- Misconception (1)
- Mixed / augmented reality (1)
- Mobile devices (1)
- Mobility (1)
- Mobiltelefone (1)
- Model surrogation (1)
- Modellierung (1)
- Multimedia Communication (1)
- Multimedia forensics (1)
- Multimodal Mobility (1)
- Nachhaltigkeit (1)
- Nearshoring (1)
- Nonbonded scaling factor (1)
- Nutzerakzeptanz (1)
- OER (1)
- Online Services (1)
- Open Access (1)
- Open Educational Ressources (1)
- OpenStack (1)
- Opinion scam (1)
- Organizations (1)
- PHR (1)
- Partial Data Protection (1)
- Partial Signature (1)
- PartialEncryption (1)
- Participatory Design (1)
- Participatory Design Approach (1)
- Password Masking (1)
- Password Visualization (1)
- Passwords (1)
- Passwort (1)
- Peer-to-Peer (1)
- Perceived AI (1)
- Performance (1)
- Personal Health Record (1)
- Persuasive Systeme (1)
- Phishing (1)
- Platform economy (1)
- Policy (1)
- Privacy Awareness (1)
- Privacy engineering (1)
- Privacy in the workplace (1)
- Privacy patterns (1)
- Privacy perceptions (1)
- Privatsphäre (1)
- Programmer Workbench (1)
- Prudential Regulation (1)
- Public Cloud Services (1)
- Public Key Infrastructure (1)
- Push-based Streaming (1)
- RACS (1)
- RBAR (1)
- REDCap (1)
- REST security (1)
- Reference Architectural Model Automotive (RAMA) (1)
- Relationenmodell (1)
- Relative Energies (1)
- Relativer Mehrwert (1)
- Repositories (1)
- Requirements Engineering (1)
- Research Trajectories (1)
- Research methods (1)
- Resilienz (1)
- Restful Web Services (1)
- Review scam (1)
- Risk Perception (1)
- Risk-Based Account Recovery (1)
- Robotic Process Automation (1)
- SAML (1)
- SARS-CoV-2 (1)
- SELMA (1)
- SID (1)
- SME (1)
- SOS calls (1)
- SaaS (1)
- Safety (1)
- Scholarly workbench (1)
- Schutzobjekte (1)
- Scientific workbench (1)
- Secure Cloud Storage (1)
- Secure Coding Practices (1)
- Secure data transfer (1)
- Security APIs (1)
- Security Protocol (1)
- Selbstfahrende Autos (1)
- Selbstfahrtechnik (1)
- Self-Driving Cars (1)
- Self-driving (1)
- Semantic gap (1)
- Sensorbasierte Systeme (1)
- Service Design (1)
- Service-Oriented Architecture (1)
- Shared Autonomous Vehicles (1)
- Sichere Kommunikation Kritische Infrastrukturen (1)
- Silmitasertib (1)
- Small to medium-sized enterprises (1)
- Smart metering (1)
- Smartphones (1)
- Sociable Technologies (1)
- Social Capital (1)
- Social Media (1)
- Social learning (1)
- Socio Informatics (1)
- Software Development (1)
- Software Security (1)
- Software as a Service (1)
- Stuxnet (1)
- Sustainable HCI (1)
- Taste (1)
- Testing (1)
- Testing Tool (1)
- Thin Client (1)
- Transportation (1)
- Trust (1)
- Two-factor Authentication (1)
- UI-Dressing (1)
- URI (1)
- UXD (1)
- Umfrage (1)
- Usable Security and Privacy (1)
- Usage Experience (1)
- User Requirements (1)
- User-perspective (1)
- Valproic acid (1)
- Vehicle-2-Infrastructure Kommunikation (1)
- Vehicle-2-Vehicle Kommunikation (1)
- Verbraucherforschung (1)
- Verbraucherinformatik (1)
- Verification systems (1)
- Video (1)
- Virtual Reality (1)
- Voight-Kampff test (1)
- Vorgehensmodell (1)
- Warnings (1)
- Web Browser (1)
- Web Browser Cache (1)
- Web Information Systems and Technologies (1)
- Web Interfaces and Applications (1)
- Web Portal (1)
- Web Security (1)
- Web Service (1)
- Web Service Security (1)
- Web Services and Web Engineering (1)
- Web-Tracking (1)
- WebSocket (1)
- WebSockets (1)
- Well-being (1)
- Wind Fields (1)
- Wind Flow Visualization (1)
- Work (1)
- Workflow (1)
- XML (1)
- XML Security (1)
- XSpRES (1)
- Zeitreihenanalyse (1)
- Zweckbindung (1)
- Zweckspezifizierung (1)
- accelerometer (1)
- appropriation (1)
- attacks (1)
- breakdowns (1)
- caching (1)
- carsharing (1)
- co-design (1)
- conformations (1)
- connected car (1)
- consumer informatics (1)
- cooperation (1)
- critical consumerism (1)
- cryptographic apis (1)
- culture (1)
- culture of participation (1)
- data literacy (1)
- data management (1)
- data science (1)
- data science canvas (1)
- data visualization (1)
- database systems (1)
- decision support system (1)
- deep learning (1)
- democratization (1)
- design probe (1)
- developer console (1)
- digital fabrication (1)
- digital platform ecosystem (1)
- distributed systems (1)
- drugs (1)
- eco-feedback (1)
- emergency response (1)
- emotion recognition (1)
- employee privacy (1)
- end-to-end security (1)
- ethics (1)
- ethnographically informed studies (1)
- ethnography (1)
- factor analysis (1)
- focus groups (1)
- food waste (1)
- higher education (1)
- human-centred design (1)
- humanoidrobot (1)
- informational self-determination (1)
- innovative work behavior (1)
- intervention mechanisms (1)
- knowledge graphs (1)
- knowledge management (1)
- knowledge sharing practices (1)
- latent class analysis (1)
- maker communities (1)
- mental models (1)
- mobile computing (1)
- mobility intelligence (1)
- multi-sensory (1)
- natural language processing (1)
- ontology (1)
- open educational resources (OERs) (1)
- optimized geometries (1)
- organizational management and coordination (1)
- participatory design (1)
- pervasive computing (1)
- posture analysis (1)
- privacy at work (1)
- privacy by design (1)
- privacy preferences (1)
- privacy settings (1)
- process infrastructure (1)
- project management (1)
- prosumption (1)
- qualitative research methods (1)
- question answering (1)
- reCAPTCHA (1)
- recommender systems (1)
- right to access (1)
- security and privacy literacy (1)
- security warning design (1)
- semantic technologies (1)
- services (1)
- shared mobility (1)
- sharing (1)
- signature (1)
- simulation process (1)
- small enterprises (1)
- small molecule (1)
- smart meters (1)
- social robots (1)
- software development (1)
- spinal posture (1)
- sustainability (1)
- sustainable mobility (1)
- technological platform (1)
- text mining (1)
- transfer learning (1)
- transparency-enhancing technologies (1)
- usable privacy controls (1)
- usable secure email (1)
- user interface design (1)
- user journey (1)
- validity (1)
- visibility (1)
- visualization (1)
- voice interaction (1)
- wearable sensor (1)
- web services security (1)
- wine (1)
Projekte des maschinellen Lernens (ML), insbesondere im Bereich der Zeitreihenanalyse, gewinnen heute zunehmend an Bedeutung. Die Bereitstellung solcher Projekte in einer Produktionsumgebung mit dem gleichen Automatisierungsgrad wie bei klassischen Softwareprojekten ist ein komplexes Unterfangen. Die Umsetzung in Produktionsumgebungen erfordert neben klassischen DevOps auch Machine Learning Operation (MLOps) Technologien und Werkzeuge. Ziel dieser Studie ist es, einen umfassenden Überblick über verfügbare MLOps Tools zu bieten und einen spezifischen Techstack für Zeitreihen ML Projekte zu entwickeln. Es werden aktuelle Trends und Werkzeuge im Bereich MLOps durch eine multivokale Literaturrecherche (MLR) untersucht und analysiert. Die Studie identifiziert passende MLOps Werkzeuge und Methoden für die Zeitreihenanalyse und präsentiert eine spezifische Implementierung einer MLOps Pipeline für die Aktienkursprognose des S&P 500. MLOps und DevOps Tools nehmen eine essenzielle Rolle bei der effektiven Konstruktion und Verwaltung von ML Pipelines ein. Bei der Auswahl geeigneter Werkzeuge ist stets eine spezifische Anpassung an die jeweiligen Projektanforderungen erforderlich. Die Bereitstellung einer detaillierten Darstellung der aktuellen MLOps Tool Landschaft erweist sich hierbei als wertvolle Ressource, die es Entwicklern ermöglicht, die Effizienz und Effektivität ihrer ML Projekte zu optimieren.
Integrating physical simulation data into data ecosystems challenges the compatibility and interoperability of data management tools. Semantic web technologies and relational databases mostly use other data types, such as measurement or manufacturing design data. Standardizing simulation data storage and harmonizing the data structures with other domains is still a challenge, as current standards such as the ISO standard STEP (ISO 10303 ”Standard for the Exchange of Product model data”) fail to bridge the gap between design and simulation data. This challenge requires new methods, such as ontologies, to rethink simulation results integration. This research describes a new software architecture and application methodology based on the industrial standard ”Virtual Material Modelling in Manufacturing” (VMAP). The architecture integrates large quantities of structured simulation data and their analyses into a semantic data structure. It is capable of providing data permeability from the global digital twin level to the detailed numerical values of data entries and even new key indicators in a three-step approach: It represents a file as an instance in a knowledge graph, queries the file’s metadata, and finds a semantically represented process that enables new metadata to be created and instantiated.
Angesichts der raschen Entwicklungen und der Besonderheiten von Softwaresystemen, welche Künstliche Intelligenz (KI) nutzen, ist ein angepasstes Requirements Engineering (RE) erforderlich. Die spezifischen Anforderungen von KI-Projekten müssen dabei erkannt und angegangen werden. Hierfür wird eine systematische Überprufung bestehender Herausforderungen des RE in KI-Projekten durchgeführt. Darauf aufbauend werden neue RE-Ansätze und Empfehlungen präsentiert, die auf die Datensicht von KI-Projekten abzielen. Mithilfe der Analyse bestehender Lösungsansatze, Methoden, Frameworks und Tools soll aufgezeigt werden, inwiefern die Herausforderungen im RE bewältigt werden können. Noch bestehende Lücken im Forschungsstand werden identifiziert und aufgezeigt.
Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication
(2024)
The digitization of financial activities in consumers' lives is increasing, and the digitalization of invoicing processes is expected to play a significant role, although this area is not well understood regarding the private sector. Human-Computer Interaction (HCI) and Computer Supported Cooperative Work (CSCW) research have a long history of analyzing the socio-material and temporal aspects of work practices that are relevant for the domestic domain. The socio-material structuring of invoicing work and the working styles of consumers must be considered when designing effective consumer support systems. In this ethnomethodologically-informed, design-oriented interview study, we followed 17 consumers in their daily practices of dealing with invoices to make the invisible administrative work involved in this process visible. We identified and described the meaningful artifacts that were used in a spatial-temporal process within various storage locations such as input, reminding, intermediate (for postponing cases) buffers, and archive systems. Furthermore, we identified three different working styles that consumers exhibited: direct completion, at the next opportunity, and postpone as far as possible. This study contributes to our understanding of household economics and domestic workplace studies in the tradition of CSCW and has implications for the design of electronic invoicing systems.
Although climate-induced liquidity risks can cause significant disruptions and instabilities in the financial sector, they are frequently overlooked in current debates and policy discussions. This paper proposes a macro-financial agent-based integrated assessment model to investigate the transmission channels of climate risks to financial instability and study the emergence of liquidity crises through interbank market dynamics. Our simulations show that the financial system could experience serious funding and market liquidity shortages due to climate-induced liquidity crises. Our investigation contributes to our understanding of the impact - and possible solutions - to climate-induced liquidity crises, besides the issue of asset stranding related to transition risks usually considered in the existing studies.
In the project EILD.nrw, Open Educational Resources (OER) have been developed for teaching databases. Lecturers can use the tools and courses in a variety of learning scenarios. Students of computer science and application subjects can learn the complete life cycle of databases. For this purpose, quizzes, interactive tools, instructional videos, and courses for learning management systems are developed and published under a Creative Commons license. We give an overview of the developed OERs according to subject, description, teaching form, and format. Following, we describe how licencing, sustainability, accessibility, contextualization, content description, and technical adaptability are implemented. The feedback of students in ongoing classes are evaluated.
Trust your guts: fostering embodied knowledge and sustainable practices through voice interaction
(2023)
Despite various attempts to prevent food waste and motivate conscious food handling, household members find it difficult to correctly assess the edibility of food. With the rise of ambient voice assistants, we did a design case study to support households’ in situ decision-making process in collaboration with our voice agent prototype, Fischer Fritz. Therefore, we conducted 15 contextual inquiries to understand food practices at home. Furthermore, we interviewed six fish experts to inform the design of our voice agent on how to guide consumers and teach food literacy. Finally, we created a prototype and discussed with 15 consumers its impact and capability to convey embodied knowledge to the human that is engaged as sensor. Our design research goes beyond current Human-Food Interaction automation approaches by emphasizing the human-food relationship in technology design and demonstrating future complementary human-agent collaboration with the aim to increase humans’ competence to sense, think, and act.
There has been a growing interest in taste research in the HCI and CSCW communities. However, the focus is more on stimulating the senses, while the socio-cultural aspects have received less attention. However, individual taste perception is mediated through social interaction and collective negotiation and is not only dependent on physical stimulation. Therefore, we study the digital mediation of taste by drawing on ethnographic research of four online wine tastings and one self-organized event. Hence, we investigated the materials, associated meanings, competences, procedures, and engagements that shaped the performative character of tasting practices. We illustrate how the tastings are built around the taste-making process and how online contexts differ in providing a more diverse and distributed environment. We then explore the implications of our findings for the further mediation of taste as a social and democratized phenomenon through online interaction.
Background
Consumers rely heavily on online user reviews when shopping online and cybercriminals produce fake reviews to manipulate consumer opinion. Much prior research focuses on the automated detection of these fake reviews, which are far from perfect. Therefore, consumers must be able to detect fake reviews on their own. In this study we survey the research examining how consumers detect fake reviews online.
Methods
We conducted a systematic literature review over the research on fake review detection from the consumer-perspective. We included academic literature giving new empirical data. We provide a narrative synthesis comparing the theories, methods and outcomes used across studies to identify how consumers detect fake reviews online.
Results
We found only 15 articles that met our inclusion criteria. We classify the most often used cues identified into five categories which were (1) review characteristics (2) textual characteristics (3) reviewer characteristics (4) seller characteristics and (5) characteristics of the platform where the review is displayed.
Discussion
We find that theory is applied inconsistently across studies and that cues to deception are often identified in isolation without any unifying theoretical framework. Consequently, we discuss how such a theoretical framework could be developed.
Risk-based authentication (RBA) aims to protect users against attacks involving stolen passwords. RBA monitors features during login, and requests re-authentication when feature values widely differ from those previously observed. It is recommended by various national security organizations, and users perceive it more usable than and equally secure to equivalent two-factor authentication. Despite that, RBA is still used by very few online services. Reasons for this include a lack of validated open resources on RBA properties, implementation, and configuration. This effectively hinders the RBA research, development, and adoption progress.
To close this gap, we provide the first long-term RBA analysis on a real-world large-scale online service. We collected feature data of 3.3 million users and 31.3 million login attempts over more than 1 year. Based on the data, we provide (i) studies on RBA’s real-world characteristics plus its configurations and enhancements to balance usability, security, and privacy; (ii) a machine learning–based RBA parameter optimization method to support administrators finding an optimal configuration for their own use case scenario; (iii) an evaluation of the round-trip time feature’s potential to replace the IP address for enhanced user privacy; and (iv) a synthesized RBA dataset to reproduce this research and to foster future RBA research. Our results provide insights on selecting an optimized RBA configuration so that users profit from RBA after just a few logins. The open dataset enables researchers to study, test, and improve RBA for widespread deployment in the wild.
Risk-Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example
(2023)
Online services have difficulties to replace passwords with more secure user authentication mechanisms, such as Two-Factor Authentication (2FA). This is partly due to the fact that users tend to reject such mechanisms in use cases outside of online banking. Relying on password authentication alone, however, is not an option in light of recent attack patterns such as credential stuffing.
Risk-Based Authentication (RBA) can serve as an interim solution to increase password-based account security until better methods are in place. Unfortunately, RBA is currently used by only a few major online services, even though it is recommended by various standards and has been shown to be effective in scientific studies. This paper contributes to the hypothesis that the low adoption of RBA in practice can be due to the complexity of implementing it. We provide an RBA implementation for the open source cloud management software OpenStack, which is the first fully functional open source RBA implementation based on the Freeman et al. algorithm, along with initial reference tests that can serve as a guiding example and blueprint for developers.
Risikobasierte Authentifizierung (RBA) ist ein adaptiver Ansatz zur Stärkung der Passwortauthentifizierung. Er überwacht eine Reihe von Merkmalen, die sich auf das Loginverhalten während der Passworteingabe beziehen. Wenn sich die beobachteten Merkmalswerte signifikant von denen früherer Logins unterscheiden, fordert RBA zusätzliche Identitätsnachweise an. Regierungsbehörden und ein Erlass des US-Präsidenten empfehlen RBA, um Onlineaccounts vor Angriffen mit gestohlenen Passwörtern zu schützen. Trotz dieser Tatsachen litt RBA unter einem Mangel an offenem Wissen. Es gab nur wenige bis keine Untersuchungen über die Usability, Sicherheit und Privatsphäre von RBA. Das Verständnis dieser Aspekte ist jedoch wichtig für eine breite Akzeptanz.
Diese Arbeit soll ein umfassendes Verständnis von RBA mit einer Reihe von Studien vermitteln. Die Ergebnisse ermöglichen es, datenschutzfreundliche RBA-Lösungen zu schaffen, die die Authentifizierung stärken bei gleichzeitig hoher Menschenakzeptanz.
Der Programmier-Trainingsplan für alle, die weiter kommen wollen.
In diesem Übungsbuch trainierst du anhand von kurzweiligen und praxisnahen Aufgaben deine Programmierfähigkeiten. Jedes Kapitel beginnt mit einem kurzen Warmup zum behandelten Programmierkonzept; die Umsetzung übst du dann anhand von zahlreichen Workout-Aufgaben. Du startest mit einfachen Aufgaben und steigerst dich hin zu komplexeren Fragestellungen. Damit dir nicht langweilig wird, gibt es über 150 praxisnahe Übungen. So lernst du z. B. einen BMI-Rechner oder einen PIN-Generator zu programmieren oder wie du eine Zeitangabe mit einer analogen Uhr anzeigen kannst. (Verlagsangaben)
The European General Data Protection Regulation requires the implementation of Technical and Organizational Measures (TOMs) to reduce the risk of illegitimate processing of personal data. For these measures to be effective, they must be applied correctly by employees who process personal data under the authority of their organization. However, even data processing employees often have limited knowledge of data protection policies and regulations, which increases the likelihood of misconduct and privacy breaches. To lower the likelihood of unintentional privacy breaches, TOMs must be developed with employees’ needs, capabilities, and usability requirements in mind. To reduce implementation costs and help organizations and IT engineers with the implementation, privacy patterns have proven to be effective for this purpose. In this chapter, we introduce the privacy pattern Data Cart, which specifically helps to develop TOMs for data processing employees. Based on a user-centered design approach with employees from two public organizations in Germany, we present a concept that illustrates how Privacy by Design can be effectively implemented. Organizations, IT engineers, and researchers will gain insight on how to improve the usability of privacy-compliant tools for managing personal data.