We investigate the effectiveness of anti-phishing support systems through a quantitative study involving 453 participants. To this end, we developed a tool that allows participants to immerse themselves in a realistic setting, tasked with classifying emails as either phishing or legitimate, while being assisted by support systems. Despite the prevalence of support systems in webmailers and email clients, our results indicate no significant difference in correctly assessing emails of varying difficulty between these systems and the control group. We found a minor negative effect of the support system that uses tooltips compared to other support systems. In the subsequent survey, we found that the support systems are appreciated and considered helpful by users, as supported by the results of the UEQ-S, even if they have no observable effect. Email context, such as the contact list, as well as hovering over the links, had stronger effects on the classification than the tested support systems. 

We present SITUATE, a novel dataset designed for training and evaluating Vision Language Models on counting tasks with spatial constraints. The dataset bridges the gap between simple 2D datasets like VLMCountBench and often ambiguous real-life datasets like TallyQA, which lack control over occlusions and spatial composition. Experiments show that our dataset helps to improve generalization for out-of-distribution images, since a finetune of Qwen VL 2.5 7B on SITUATE improves accuracy on the Pixmo count test data, but not vice versa. We cross validate this by comparing the model performance across established other counting benchmarks and against an equally sized fine-tuning set derived from Pixmo count.

Rowhammer bit flips in DRAM enable software attackers to fully compromise a great variety of systems. Hardware mitigations can be precise and efficient but suffer from long deployment cycles and very limited or no update capabilities. Consequently, refined attack methods have repeatedly bypassed deployed hardware protections, repeatedly leaving commodity systems vulnerable to Rowhammer attacks.

In this paper, we present Memory Band-Aid, a principled defense-in-depth against Rowhammer. Memory Band-Aid is no replacement for long-term, efficient hardware mitigations but a defense-in-depth that is activated when hardware mitigations are discovered to be insufficient on a specific system generation. For this purpose, Memory Band-Aid introduces per-thread and per-bank rate limits for DRAM accesses in the memory controller, ensuring that the minimum number of row activations for Rowhammer bit flips cannot be reached. We implement a proof-of-concept of Memory Band-Aid on Ubuntu Linux and test it on 3 Intel and 3 AMD systems. In a micro-benchmark to cause DRAM pressure, we observe a slow down up to a factor of 5.2. In a collection of realistic Phoronix macro-benchmarks, we observe a low overhead of 0 % to 9.4 %. Both overheads only apply to untrusted throttled workloads, e.g., sandboxes, for instance in browsers. Especially as Memory Band-Aid can be enabled on demand, we conclude that Memory Band-Aid is an important defense-in-depth that should be deployed in practice as a second defense layer.

Rowhammer is a disturbance error in Dynamic Random-Access Memory (DRAM) that can be deliberately triggered from software by repeatedly reading, i. e., hammering, proximate memory locations in different DRAM rows. While numerous studies evaluated the Rowhammer effect, in particular how it can be triggered and how it can be exploited, most studies only use a small sample size of Dual In-line Memory Modules (DIMMs). Only few studies provided indication for the prevalence of the effect, with clear limitations to specific hardware configurations or FPGA-based experiments with precise control of the DIMM, limiting how far the results can be generalized.

In this paper, we perform the frist large-scale study of the Rowhammer effect involving 1 006 data sets from 822 systems. We measure Rowhammer prevalence in a fully automated crossplatform framework, FLIPKIT, using the available state-of-theart software-based DRAM and Rowhammer tools. Our framework automatically gathers information about the DRAM and uses 5 tools to reverse-engineer the DRAM addressing functions, and based on the reverse-engineered functions uses 7 tools to mount Rowhammer. We distributed the framework online and via USB thumb drives to thousands of participants from December 30, 2024, to June 30, 2025. Overall, we collected 1 006 datasets from systems with various CPUs, DRAM generations, and vendors. Our study reveals that out of 1 006 datasets, 453 (371 of the 822 unique systems) succeeded in the first stage of reverseengineering the DRAM addressing functions, indicating that successfully and reliably recovering DRAM addressing functions remains a significant open problem. In the second stage, 126 (12.5 % of all datasets) exhibited bit flips in our fully automated Rowhammer attacks. Our results show that fully-automated, i. e., weaponizable, Rowhammer attacks work on a lower share of systems than FPGA-based and lab experiments indicated but with 12.5 % enough to be a practical vector for threat actors. Furthermore, our results highlight that the two most pressing research challenges around Rowhammer exploitability are more reliable reverse-engineering addressing functions, as 50 % of datasets without bit flips failed in the DRAM reverse-engineering stage, and reliable Rowhammer attacks across diverse processor microarchitectures1, as only 12.5 % of datasets contained bit flips. Addressing each of these challenges could double the number of systems susceptible to Rowhammer and make Rowhammer a more pressing threat in real-world scenarios. 

Selected Contributions: Sustainable Excellence—Economic, Social, and Environmental Issues presents a curated collection of peer-reviewed research papers presented at the 2nd Tunisian Symposium on Economics and Management (TSEM 2025), held in Tunisia from April 11 to 13, 2025. The symposium was organised by the Research Unit "Economy, Enterprise, Environment" (3E) at the Higher Institute of Management (ISG), University of Gabes.

This volume offers a multidisciplinary and innovative examination of the factors underpinning sustainable excellence amid contemporary global challenges. The contributions are organised around five core themes: first, the role of innovation as a critical driver of ecological transition; second, the transformation of labour markets and accompanying social dynamics necessary for a just transition; third, the design and evaluation of sustainable economic models; fourth, the synergistic effects of artificial intelligence (AI) and financial inclusion on progress toward the Sustainable Development Goals (SDGs); and fifth, the significance of responsible managerial practices grounded in corporate social responsibility (CSR) and ethical governance.

Collectively, these contributions provide rigorous, timely insights into the interdependencies among economic, social, and environmental systems. This volume serves as an essential reference for academics, researchers, policymakers, and practitioners in the field.

This paper investigates the physiological responses of individuals driving both on a real
route and within a vehicle simulator designed as a digital twin of that route. The analysis
of observed data patterns in stress response bio signals provides sufficient evidence of
similarity to validating the driving simulation digital twin as a reliable replacement for
real-world experiences in controlled and consistent settings, or when overall trends of
physiological variables, rather than specific variable levels, are of interest. The findings also
stress the need for optimizing the precision of digital twins in complex settings. This study
introduces a time-series-based validation approach for driving digital twins by comparing
continuous physiological trajectories between real and simulated driving

Successful innovation processes involve multiple actors with distinct objectives, resources,
and competences across different stages of value creation. Close collaboration among relevant
stakeholders is therefore essential, yet it also entails substantial coordination and alignment
challenges. Drawing on a multi-method research design, this study examines the development and
market introduction of an advanced driver assistance system (ADAS) for passenger vehicles across
multiple market stages.
The findings conceptually and empirically demonstrate how stakeholders’ heterogeneous goal
structures and value assessments influence the innovation process across stages. In particular, the
results reveal that the absence of a multi-stage marketing (MSM) perspective can lead to
misalignments that adversely affect the progression and market success of the innovation. The
study further provides insights into how innovation processes can be systematically designed
across market stages to ensure end-user orientation and economic viability.
By integrating a multi-stage marketing perspective into innovation research, this paper
contributes to a more comprehensive understanding of innovation processes in complex, multi-
actor environments.

At a time when vehicle automation is becoming increasingly important, there
is a growing need for greater consumer centricity. However, the importance of
effectively deriving functional product specifications appears to be diminishing.
The case of Automated Parking Systems (APS) demonstrates that the automotive
industry often employs a top-down approach, in contrast to a more customer-
-centric method in the development process. To assess the effectiveness of this
top-down approach, we conducted a field study and a mixed-method online
survey to explore user expectations of APS functionality. Our findings indicate
that drivers strongly dislike excessive parking maneuvers caused by overly re-
strictive product specifications. Moreover, user demands are less stringent
than the development requirements set by OEMs. Based on these insights, we
recommend adopting a more user-centered approach. This shift could enable
companies to reduce development costs and time investments, while accelerat-
ing the adoption of their innovations.

Scents influence emotions, cognition and behavior by activating memories, enhanc-
ing mood and modulating mental processes. Perception of scents is shaped by both
stimulus-related dimensions, including familiarity, pleasantness and intensity and
individual factors – such as mood, sensory sensitivity and personality traits. The
present study systematically examined the relative impact of these determinants in
a quasi-experimental design involving 51 participants. Seven scents were evaluated
along perceptual dimensions (recognizability, pleasantness, familiarity, intensity)
and related to participants’ individual characteristics. Findings emphasize the inter-
play of stimulus-related dimensions and personality traits but highlight the need
for refined measures of (sensory-specific) personality traits in olfactory process-
ing for multisensory marketing and immersive applications.

Background

Rare diseases affect a small percentage of the population, leading to challenges such as delayed diagnoses and limited treatment options. Mobile health technologies offer solutions to improve patient outcomes, yet their application in rare diseases remains underexplored. The German citizen science project SelEe created a customizable app for the self-management of rare diseases through a co-creation process that involved patients with such conditions.

Methods

The project consisted of three phases. In Phase 1, 9 to 68 patients or relatives of patients participated in workshops to define research topics and app requirements. Phase 2 involved a core research team of nine patients and researchers who iteratively developed the app, released in March 2023. Phase 3 focused on evaluating the app’s usage and usability through an in-app survey conducted from March 2023 to February 2024. We utilized descriptive statistics to evaluate app usage and employed the mHealth App Usability Questionnaire to assess usability.

Results

The SelEe app offers the possibility to create and store data in a personalized health diary. Patients can create their own templates or use templates which were defined by the core research team. Users can record findings (e.g. blood test results) and export data using different graphs and formats. Furthermore, the app supports blind users. The app was downloaded 3040 times and 1456 users registered, with 1967 unique diseases entered. 50.7% of the diseases were rare, 30.5% non-rare, and 18.8% were classified as suspected, undefined, or symptoms. A total of 1223 valid user profiles were analyzed for app usage and demographics. Furthermore, 432 users qualified for the in-app survey by making at least one health diary entry, and 117 participated. The app was rated with an overall usability score of 5.19 out of 7. While the app’s health diary function was frequently used, other functionalities like findings and data export were less utilized. Feedback highlighted the need for improved usability and additional features.

Conclusions

The study highlights active patient engagement in developing a mobile health app for individuals with rare diseases. Although improvements are necessary for broader acceptance, the app is promising for the management of rare diseases.

We introduce WireTrust, a VPN architecture for ARMv8-A devices that leverages ARM TrustZone to mitigate OS-level vulnerabilities. Contrary to commodity VPNs, WireTrust does not rely on the security of the OS, its network stack, or its routing tables to provide a secure VPN full tunnel. WireTrust operates transparently to applications on the device and enforces that all IP traffic is routed exclusively through the VPN tunnel, blocking attempts to bypass it even if the OS has been compromised. WireTrust ensures that packets outside the tunnel are discarded before they reach the OS, significantly reducing the device’s attack surface that is exposed to the public internet. Extending the WireGuard VPN, we implement a proof of concept on real hardware, show that WireTrust's additions to the trusted computing base account for 6.61%, and measure a performance penalty of 2.12% - 5.50% on TCP throughput and 1.40% on latency compared to stock WireGuard.

KI im Marketing, Methoden des maschinellen Lernens, Anwendungsmöglichkeiten von KI im Marketing, insbesondere auch von generativer KI