Naboichenko, Artem; Peinl, René (2026)
11th Future Technologies Conference (FTC 2026), 15-16 October 2026, Berlin, Germany 2026.
Although Vision Language Models (VLMs) have seen tremendous progress across all kinds of use cases, they still fall behind in answering questions regarding diagrams compared to photos. Although progress has been made in the area of bar charts, line charts and similar diagrams, there is still few research concerned with other types of diagrams, e.g. in the computer science domain. We identified a gap in research on visual question answering on UML class diagrams. Our objective is to fill the gap by analyzing the performance of popular open-weight VLMs on a self-constructed benchmark for visual question answering based on UML class diagrams which is both challenging and manageable. We further construct a large-scale training dataset with 16.000 image-question-an-swer triples based on real software repositories on GitHub. We focus on Java-based repositories and filter for project sizes that are small enough to fit on a single diagram with 4000x4000 pixels maximum in a readable manner. We ask questions based on 18 question templates. We show that a LoRA-based finetune of Qwen 2.5 VL 7B easily outperforms Qwen 3.5 27B, which is a recent and well-performing VLM in many other benchmarks.
Gelóczi, Emiliia; Heckel, Martin; Katzenbeisser, Stefan; Adamsky, Florian (2026)
31st European Symposium on Research in Computer Security.
Physical Unclonable Functions (PUFs) exploit inherent manufacturing variations in electronic devices to create unique hardware fingerprints, which are typically used as a source of randomness for generating device-specific cryptographic keys. In this work, however, we explore the possibility of repurposing PUFs as a secure storage mechanism for pre-existing keys. First, we evaluate existing RH-PUFs, introduce five novel RH-PUF constructions, and compare all of them with respect to their suitability for cryptographic key generation. Second, we propose DRAmGON, a novel, unconventional PUF-based approach that enables the direct encoding of cryptographic keys into Rowhammer-susceptible DRAM, thereby allowing persistent data storage in volatile memory. Our experiments using FlippyRAM show that 81 % of the tested systems exhibit Rowhammer susceptibility, establishing RH-PUFs as a viable hardware-based security primitive.
Schiller, Katharina; Herrmannsdörfer, Andreas; Benenson, Zinaida; Adamsky, Florian (2026)
Conference on Sociotechnical Cybersecurity and Privacy (SCP2026).
Ruscheweyh, Ruth; Dresler, Thomas; Goßrau, Gudrun; Kraya, Torsten; Neeb, Lars; Rafaelli, Bianca; Ruschil, Victoria; Scheidt, Jörg (2026)
Ruscheweyh, Ruth; Dresler, Thomas; Goßrau, Gudrun; Kraya, Torsten; Neeb, Lars...
Cephalalgia 46 (6).
DOI: 10.1177/03331024261444664
Peinl, René (2026)
iX - Magazin für professionelle IT 2026 (06), S. 108.
Während die Quantisierung von Modellgewichten zum Sparen von Speicherplatz Normalität ist, war das starke Verkleinern des KV-Cache bisher eher exotisch. Ein Beitrag von Google hat das Thema nun in den Mainstream gerückt.
Zöllner, Michael (2026)
Slanted Magazine #47—Digital Tools 2026 (47), 26.
Zöllner, Michael; Baumgärtner, Felix (2026)
Slanted Magazine #47—Digital Tools 2026 (47), 172.
Peinl, René; Weber, Thomas (2026)
iX - Magazin für professionelle IT 2026 (05), S. 72.
Wer nicht in Server-GPUs investieren, aber trotzdem große Sprachmodelle selbst betreiben will, findet in Unified-Memory-Workstations eine bezahlbare Alternative. iX zeigt, wie sich Geräte aus dem AMD-, Nvidia- und Apple-Ökosystem schlagen.
Schwarz, Hannes; Neumann, Gregor; Winkler, Kai; Rauschert, André; Weber, Beatrix; Groh, Wolfram; Rümmler, Christin; Hähnel, Falk; Holfeld, Denise; Nebel, Silvio; Markmiller, Johannes (2026)
Schwarz, Hannes; Neumann, Gregor; Winkler, Kai; Rauschert, André; Weber, Beatrix...
2026 (Volume 20), 49.
DOI: 10.1007/s13272-026-00970-2
Additive Manufacturing (AM) is increasingly adopted in the aerospace industry, as benefits like resource efficiency are complemented by distributed manufacturing possibilities that enhance supply chain resilience. However, replacing con ventional, established manufacturing methods with Laser Powder Bed Fusion in a highly regulated domain such as civil aviation comes at the price of increased requirements and thus costs for certification and quality assurance, which limit the attractiveness of AM. This paper presents a new data-based certification platform using Machine Learning (ML), a subdomain of artificial intelligence (AI), to enable faster and more cost-efficient design and manufacturing approval for additively manufactured aircraft components. The platform connects all relevant stakeholders and guides them through the certification process. As data sharing across different stakeholders and ML applications are central to the platform, a data governance concept aligned with European legislation, based on project-specific closed groups comprising direct supplier-customer relationships was developed. In addition, a compatible platform business model is described, presenting the roles of stakeholders and their respective value contributions. To this end, a deep dive into the landscape of current certification approaches and requirements was conducted and the impact of AM and the general use of AI on aircraft component certification was evaluated from technical, regulatory, legal, and economic perspectives
Schiller, Katharina; Scheidt, Jörg; Adamsky, Florian; Benenson, Zinaida (2026)
ACM CHI (Conference on Human Factors in Computing Systems).
We investigate the effectiveness of anti-phishing support systems through a quantitative study involving 453 participants. To this end, we developed a tool that allows participants to immerse themselves in a realistic setting, tasked with classifying emails as either phishing or legitimate, while being assisted by support systems. Despite the prevalence of support systems in webmailers and email clients, our results indicate no significant difference in correctly assessing emails of varying difficulty between these systems and the control group. We found a minor negative effect of the support system that uses tooltips compared to other support systems. In the subsequent survey, we found that the support systems are appreciated and considered helpful by users, as supported by the results of the UEQ-S, even if they have no observable effect. Email context, such as the contact list, as well as hovering over the links, had stronger effects on the classification than the tested support systems.
Markus, Heike; Acharya, Sampat; Cisneros Saldana, Shantall Marucia (2026)
Procedia Computer Science 277, 2026, 1889-1898.
This paper presents a low-complexity, open-source platform designed to empower small and medium-sized enterprises (SMEs) in the premium business to business (B2B) packaging industry with advanced digital capabilities for product personalization and rapid design visualization. Addressing the sector’s persistent barriers such as limited IT resources, manual workflows, and lack of structured supplier data access, the proposed system integrates dynamic web scraping for automated supplier data acquisition with real-time image processing for printable area detection on packaging components, particularly bottles. Leveraging open-source tools like Beautiful Soup, OpenCV, and Shapely, the platform eliminates reliance on time-intensive manual integration and supports agile, data-driven design workflows. The development process is guided by human-centered design principles to ensure usability and alignment with SME operational realities. Results demonstrate that this approach significantly streamlines catalog management and design preparation, offering a scalable pathway for SMEs to achieve digital transformation and maintain competitive differentiation in an increasingly digitalized packaging market.
Peinl, René; Tischler, Vincent; Schröder, Patrick; Groth, Christian (2026)
21st International Conference on Computer Vision Theory and Applications (VISAPP26), Marbella, Spain.
We present SITUATE, a novel dataset designed for training and evaluating Vision Language Models on counting tasks with spatial constraints. The dataset bridges the gap between simple 2D datasets like VLMCountBench and often ambiguous real-life datasets like TallyQA, which lack control over occlusions and spatial composition. Experiments show that our dataset helps to improve generalization for out-of-distribution images, since a finetune of Qwen VL 2.5 7B on SITUATE improves accuracy on the Pixmo count test data, but not vice versa. We cross validate this by comparing the model performance across established other counting benchmarks and against an equally sized fine-tuning set derived from Pixmo count.
Stock, Nele; Neeb, Désirée; Wolff, Dietmar (2026)
Procedia Computer Science 2026 (278), 1250-1258.
Digital transformation in health and social care extends far beyond the adoption of new technologies and requires coordinated organizational change. The projectpulsnetz –Mensch und Technik im Gemeinwesen (MuTiG)addresses this challenge with an Integrative Model for Leadership and Employee Development that links individual upskilling with strategic organizational transformation to advance digital maturity.Led by an interdisciplinary consortium, the project began with a comprehensive needs assessment and subsequently developed modular training programs, tailored organizational consulting, and a digital knowledge platform to foster long-term learning and peer exchange. Implementation is continuously evaluated using standardized online surveys and qualitative interviews. To date, more than 3,700 professionals from health and social care organizations have participated. Survey response rates have been moderate to high, and feedback is largely positive, with mean ratings typicallyabove 3.5 (0–4 Likert-scale); trainer performance and support receive the highest scores. Participants in leadership roles reported slightly lower levels of new learning, likely due to their higher prior knowledge.Preliminary findings suggest that sustainable digital transformation requires a combined focus on individual skill development, organizational learning, and structural adaptation. The MuTiG model provides a scalable, practice-oriented, and transferable framework that can guide health and social care organizations in their digital transformation journeys. While long-term impact cannot yet be fully assessed due to the project’s ongoing nature, early results underline its potential to support lasting digital transformation.
Anjorin, Anthony; Buchmann, Thomas (2026)
Proceedings of the 14th International Conference on Model-Based Software and Systems Engineering 2026, 410-417.
Triple Graph Grammars (TGGs) are a visual, intuitive approach for specifying model transformations, allowing the automatic derivation of model management operations including forward/backward transformations and incremental synchronisation with guaranteed, desirable properties.
The conceptual simplicity of TGGs comes at a price, however, as all TGG tools impose substantial limits on practical expressiveness (measured by ease of specification, size, and readability in this paper), rendering TGGs unsuitable for real-world transformations and representing a major barrier to their mainstream adoption.
This paper discusses excerpts of model transformations that are exceedingly difficult (and perhaps even impossible) to specify using TGGs, analyses the underlying causes, and suggests suitable extensions of existing language features.
Our goal is to inspire research that improves the practical expressiveness of TGGs and facilitates applications of the approach.
Anjorin, Anthony; Buchmann, Thomas (2026)
Proceedings of the 17th Transformation Tool Contest, 10-18.
This paper revisits the Families to Persons Case with a significant extension: concurrent model synchronization. Building on the original benchmark test cases, we introduce new tests for synchronizing models and resolving conflicts, thereby enhancing the framework's capability to benchmark bidirectional transformation tools under more realistic conditions. This advancement is crucial for assessing the tools' performance in concurrent engineering scenarios requiring data consistency across multiple models.
Fiedler, Carina; Juffinger, Jonas; Sudheendra , Raghav Neela; Heckel, Martin; Weissteiner, Hannes; Yağlıkçı, Abdullah Giray; Adamsky, Florian; Gruss, Daniel (2026)
Fiedler, Carina; Juffinger, Jonas; Sudheendra , Raghav Neela; Heckel, Martin...
Network and Distributed System Security (NDSS) Symposium.
Rowhammer bit flips in DRAM enable software attackers to fully compromise a great variety of systems. Hardware mitigations can be precise and efficient but suffer from long deployment cycles and very limited or no update capabilities. Consequently, refined attack methods have repeatedly bypassed deployed hardware protections, repeatedly leaving commodity systems vulnerable to Rowhammer attacks.
In this paper, we present Memory Band-Aid, a principled defense-in-depth against Rowhammer. Memory Band-Aid is no replacement for long-term, efficient hardware mitigations but a defense-in-depth that is activated when hardware mitigations are discovered to be insufficient on a specific system generation. For this purpose, Memory Band-Aid introduces per-thread and per-bank rate limits for DRAM accesses in the memory controller, ensuring that the minimum number of row activations for Rowhammer bit flips cannot be reached. We implement a proof-of-concept of Memory Band-Aid on Ubuntu Linux and test it on 3 Intel and 3 AMD systems. In a micro-benchmark to cause DRAM pressure, we observe a slow down up to a factor of 5.2. In a collection of realistic Phoronix macro-benchmarks, we observe a low overhead of 0 % to 9.4 %. Both overheads only apply to untrusted throttled workloads, e.g., sandboxes, for instance in browsers. Especially as Memory Band-Aid can be enabled on demand, we conclude that Memory Band-Aid is an important defense-in-depth that should be deployed in practice as a second defense layer.
Heckel, Martin; Sayadi, Nima; Juffinger, Jonas; Fiedler, Carina; Gruss, Daniel; Adamsky, Florian (2026)
Heckel, Martin; Sayadi, Nima; Juffinger, Jonas; Fiedler, Carina; Gruss, Daniel...
Network and Distributed System Security (NDSS) Symposium .
Rowhammer is a disturbance error in Dynamic Random-Access Memory (DRAM) that can be deliberately triggered from software by repeatedly reading, i. e., hammering, proximate memory locations in different DRAM rows. While numerous studies evaluated the Rowhammer effect, in particular how it can be triggered and how it can be exploited, most studies only use a small sample size of Dual In-line Memory Modules (DIMMs). Only few studies provided indication for the prevalence of the effect, with clear limitations to specific hardware configurations or FPGA-based experiments with precise control of the DIMM, limiting how far the results can be generalized.
In this paper, we perform the frist large-scale study of the Rowhammer effect involving 1 006 data sets from 822 systems. We measure Rowhammer prevalence in a fully automated crossplatform framework, FLIPKIT, using the available state-of-theart software-based DRAM and Rowhammer tools. Our framework automatically gathers information about the DRAM and uses 5 tools to reverse-engineer the DRAM addressing functions, and based on the reverse-engineered functions uses 7 tools to mount Rowhammer. We distributed the framework online and via USB thumb drives to thousands of participants from December 30, 2024, to June 30, 2025. Overall, we collected 1 006 datasets from systems with various CPUs, DRAM generations, and vendors. Our study reveals that out of 1 006 datasets, 453 (371 of the 822 unique systems) succeeded in the first stage of reverseengineering the DRAM addressing functions, indicating that successfully and reliably recovering DRAM addressing functions remains a significant open problem. In the second stage, 126 (12.5 % of all datasets) exhibited bit flips in our fully automated Rowhammer attacks. Our results show that fully-automated, i. e., weaponizable, Rowhammer attacks work on a lower share of systems than FPGA-based and lab experiments indicated but with 12.5 % enough to be a practical vector for threat actors. Furthermore, our results highlight that the two most pressing research challenges around Rowhammer exploitability are more reliable reverse-engineering addressing functions, as 50 % of datasets without bit flips failed in the DRAM reverse-engineering stage, and reliable Rowhammer attacks across diverse processor microarchitectures1, as only 12.5 % of datasets contained bit flips. Addressing each of these challenges could double the number of systems susceptible to Rowhammer and make Rowhammer a more pressing threat in real-world scenarios.
Czaban, Marcin; Sultanow, Eldar ; Chircu, Alina; Czarnecki, Christian; Riedl, Joachim; Wengler, Stefan (2026)
Czaban, Marcin; Sultanow, Eldar ; Chircu, Alina; Czarnecki, Christian; Riedl, Joachim...
, 1-21.
This paper investigates the physiological responses of individuals driving both on a real
route and within a vehicle simulator designed as a digital twin of that route. The analysis
of observed data patterns in stress response bio signals provides sufficient evidence of
similarity to validating the driving simulation digital twin as a reliable replacement for
real-world experiences in controlled and consistent settings, or when overall trends of
physiological variables, rather than specific variable levels, are of interest. The findings also
stress the need for optimizing the precision of digital twins in complex settings. This study
introduces a time-series-based validation approach for driving digital twins by comparing
continuous physiological trajectories between real and simulated driving
Czaban, Marcin; Mohr, Sarah Victoria; Riedl, Joachim; Wengler, Stefan (2026)
OPPORTUNITIES AND THREATS TO CURRENT BUSINESS MANAGEMENT IN CROSS-BORDER COMPARISON 2025 2026, 9, 149-169.
At a time when vehicle automation is becoming increasingly important, there
is a growing need for greater consumer centricity. However, the importance of
effectively deriving functional product specifications appears to be diminishing.
The case of Automated Parking Systems (APS) demonstrates that the automotive
industry often employs a top-down approach, in contrast to a more customer-
-centric method in the development process. To assess the effectiveness of this
top-down approach, we conducted a field study and a mixed-method online
survey to explore user expectations of APS functionality. Our findings indicate
that drivers strongly dislike excessive parking maneuvers caused by overly re-
strictive product specifications. Moreover, user demands are less stringent
than the development requirements set by OEMs. Based on these insights, we
recommend adopting a more user-centered approach. This shift could enable
companies to reduce development costs and time investments, while accelerat-
ing the adoption of their innovations.
Mohr, Sarah Victoria; Riedl, Joachim (2026)
OPPORTUNITIES AND THREATS TO CURRENT BUSINESS MANAGEMENT IN CROSS-BORDER COMPARISON 2025 2026, 4, 55-73.
Scents influence emotions, cognition and behavior by activating memories, enhanc-
ing mood and modulating mental processes. Perception of scents is shaped by both
stimulus-related dimensions, including familiarity, pleasantness and intensity and
individual factors – such as mood, sensory sensitivity and personality traits. The
present study systematically examined the relative impact of these determinants in
a quasi-experimental design involving 51 participants. Seven scents were evaluated
along perceptual dimensions (recognizability, pleasantness, familiarity, intensity)
and related to participants’ individual characteristics. Findings emphasize the inter-
play of stimulus-related dimensions and personality traits but highlight the need
for refined measures of (sensory-specific) personality traits in olfactory process-
ing for multisensory marketing and immersive applications.
Hochschule für Angewandte Wissenschaften Hof
Alfons-Goppel-Platz 1
95028 Hof
T +49 9281 409 - 4091
gerald.schmola[at]hof-university.de