To optimally utilize Intel SGX, programs must be partitioned into trusted and untrusted parts. Writing the trusted part of a program with Intel’s SDK, however, requires manual effort that often becomes an obstacle for programmers. In this work, we investigate how compiler-level tooling can assist with the semi-automatic separation of code into a trusted and an untrusted partition. We present Cadote, a solution that generates SGX enclaves from programs written in Rust. Application developers are expected to mark functions as trusted, for which enclaves are then generated automatically. All other functions remain untrusted and are executed outside Intel SGX in the normal world. We implemented this concept using compiler optimization passes of the LLVM framework. Targeting Rust as input language allows us to benefit from high-level concepts, such as memory safety, which enable us to safely copy function parameters between the normal and trusted world in practice.

EEG classification is a promising approach to facilitate the life of handicapped people and to generate future human-computer-interfaces. In this paper we want to compare the effectiveness of current state of the art deep learning techniques for EEG classification. Therefore, we applied different approaches on various datasets and did a crosscomparison of the results in order to get more knowledge on the generalization capabilities. Additionally, we created a new EEG dataset and made it available for further research.

This citizen science project CLUE compared the attack frequency between school and vacation periods among adolescents. The data collection process adopted in citizen science projects opens up the possibility of conducting analyses by including a large number of participants over a long period and across different regions. The data on 684 migraine attacks reported by 68 adolescents aged 16 to 19 years were collected using an online platform and smartphone apps. A Fisher’s exact test was used to compare the distributions of the migraine attack frequency during vacation and school periods in two different scenarios. In both scenarios, the attack frequency during school periods was significantly higher than that during vacation periods. The use of web-based data collection has some methodological limitations; however, it enabled the measurement of relative migraine attack frequency in students during vacation and school periods. The higher prevalence of migraine during school periods indicates the requirement of increasing headache awareness among children.

Human Factors in Hypertext 2022 (HUMAN'22) is the 5th workshop in this series. It is sponsored by ACM SIGWEB and is associated to the ACM Conference on Hypertext and Social Media 2022 (HT'22), which takes place between June 28th and July 1st in Barcelona, Spain as a hybrid event. HUMAN'22 takes place on June 28th—the conference's workshop day.

After two years of pandemic-caused virtual workshops, HUMAN'22 is organized as a hybrid event, which is in line with the organization of the main conference. We see this as a chance to allow in-presence meetings while providing remote participants the opportunity to get in touch by low registration costs and a reduced carbon footprint. Today's digital media enables us to communicate over distance or even attend larger meetings online and the Corona pandemic has taught us to use these tools in our daily life. This puts a special focus on the role of hypertext in our communication and information exchange demands, in particular from a human's perspective.

E-mail is nearly 50 years old and is still one of the most used communication protocols nowadays. However, it has no support for End-to-end encryption (E2EE) by default, which makes it inappropriate for sending sensitive information. This is why two e-mail encryption standards have been developed—namely, Secure/Multipurpose Internet Mail Extensions (S/MIME) and OpenPGP. Previous studies found that bad usability of encryption software can lead to software that is incorrectly used or not at all. Both consequences have a fatal impact on users’ security and privacy. In recent years, the number of e-mails that are read and written on mobile devices has increased drastically. In this paper, we conduct to the best of our knowledge, the first usability study of e-mail encryption apps on smartphones. We tested two mobile apps, one uses OpenPGP on Android and one uses S/MIME on iOS. In our usability study, we tested both apps with eleven participants and evaluated the usability with the System Usability Scale (SUS) and the Short Version of User Experience Questionnaire (UEQ-S). Our study shows that both apps have several usability issues which partly led to unencrypted e-mails and participants sending their passphrase instead of their public key.

Although good treatment options exist for many headache disorders, not all patients benefit and disability continues to be large. To design strategies for improving headache care, real-world data observing standard care is necessary. Therefore, the German Migraine and Headache Society (DMKG) has established the DMKG Headache Registry. Here we present methods and baseline data.

Abstract. While modern-day static analysis tools are capable of finding standard vulnerabilities as well as complex patterns, implementing those tools is expensive regarding both development time and runtime performance. During the last years, domain specific languages like Datalog have gained popularity as they simplify the development process of analyses and rule sets dramatically. Similarly, intermediate representations like LLVM-IR are used to facilitate static source code analysis. In this paper, we present VANDALIR, a vulnerability analyzer and detector based on Datalog and LLVM-IR. VANDALIR is a static source code analyzer that allows to define and customize detection rules in a high-level, declarative way. We implement VANDALIR as a comprehensive static analysis tool, aiming to simplify vulnerability detection by a new combination of modern technologies. Besides the novel design of VANDALIR, we present a predefined detection rule set covering stack-based memory corruption, double free and format string vulnerabilities. As we show, our rule set achieves a detection rate of over 90% on test cases from the Juliet Test Suite, outperforming well-established vulnerability scanners such as the Clang Static Analyzer. Furthermore, we evaluated VANDALIR on open source projects and could reproduce existing vulnerabilities as well as identify previously unknown vulnerabilities.

In vielen Branchen gilt immer noch das Paradigma, dass es deutlich kostengünstiger sei, bestehende Kunden zu binden, als neue zu gewinnen. In diesem Kontext kommt einem zielgerichteten, analytischen Churn Management eine besondere Bedeutung zu. KI und Methoden des maschinellen Lernens scheinen dafür wie geschaffen.