E-mail is nearly 50 years old and is still one of the most used communication protocols nowadays. However, it has no support for End-to-end encryption (E2EE) by default, which makes it inappropriate for sending sensitive information. This is why two e-mail encryption standards have been developed—namely, Secure/Multipurpose Internet Mail Extensions (S/MIME) and OpenPGP. Previous studies found that bad usability of encryption software can lead to software that is incorrectly used or not at all. Both consequences have a fatal impact on users’ security and privacy. In recent years, the number of e-mails that are read and written on mobile devices has increased drastically. In this paper, we conduct to the best of our knowledge, the first usability study of e-mail encryption apps on smartphones. We tested two mobile apps, one uses OpenPGP on Android and one uses S/MIME on iOS. In our usability study, we tested both apps with eleven participants and evaluated the usability with the System Usability Scale (SUS) and the Short Version of User Experience Questionnaire (UEQ-S). Our study shows that both apps have several usability issues which partly led to unencrypted e-mails and participants sending their passphrase instead of their public key.

Although good treatment options exist for many headache disorders, not all patients benefit and disability continues to be large. To design strategies for improving headache care, real-world data observing standard care is necessary. Therefore, the German Migraine and Headache Society (DMKG) has established the DMKG Headache Registry. Here we present methods and baseline data.

Abstract. While modern-day static analysis tools are capable of finding standard vulnerabilities as well as complex patterns, implementing those tools is expensive regarding both development time and runtime performance. During the last years, domain specific languages like Datalog have gained popularity as they simplify the development process of analyses and rule sets dramatically. Similarly, intermediate representations like LLVM-IR are used to facilitate static source code analysis. In this paper, we present VANDALIR, a vulnerability analyzer and detector based on Datalog and LLVM-IR. VANDALIR is a static source code analyzer that allows to define and customize detection rules in a high-level, declarative way. We implement VANDALIR as a comprehensive static analysis tool, aiming to simplify vulnerability detection by a new combination of modern technologies. Besides the novel design of VANDALIR, we present a predefined detection rule set covering stack-based memory corruption, double free and format string vulnerabilities. As we show, our rule set achieves a detection rate of over 90% on test cases from the Juliet Test Suite, outperforming well-established vulnerability scanners such as the Clang Static Analyzer. Furthermore, we evaluated VANDALIR on open source projects and could reproduce existing vulnerabilities as well as identify previously unknown vulnerabilities.

In vielen Branchen gilt immer noch das Paradigma, dass es deutlich kostengünstiger sei, bestehende Kunden zu binden, als neue zu gewinnen. In diesem Kontext kommt einem zielgerichteten, analytischen Churn Management eine besondere Bedeutung zu. KI und Methoden des maschinellen Lernens scheinen dafür wie geschaffen.

Dieses Buch bietet ein ganzheitliches Konzept und konkrete Praxisempfehlungen, wie die öffentliche Verwaltung in Deutschland Digitalisierungsprojekte erfolgreich umsetzen kann. Dazu schauen die Autor:innen mit einem 360-Grad-Blick auf die Verwaltungsorganisation und geben konkrete Handlungsempfehlungen für Daten- und Prozessmanagement, den Einsatz neuer Technologien, Organisationsstrukturen, Führungskultur und die Qualifizierung von Mitarbeiter:innen. Der technologische Fortschritt schafft die Rahmenbedingungen für die Digitalisierung, doch damit alleine kann die Transformation nicht gelingen. Diese Erfahrung haben viele Organisationen in den letzten Jahren gemacht. Das in diesem Buch dargestellte Digitale Reifegradmodell m² ermöglicht die Ermittlung konkreter Ansatzpunkte für eine digitale Transformation. Es adressiert dabei alle Dimensionen, die auf dem Weg zur digitalen Verwaltung zu berücksichtigen sind, angefangen bei den strategischen Zielen, über die zu ihrer Umsetzung notwendigen Prozesse und Ressourcen, die Organisationsstruktur und -kultur bis hin zur Steuerung. Besonderes Gewicht haben in den Ausführungen die Themen Datenerfassung, -qualität, -schutz und -sicherheit als Kern der gesamten Entwicklung. Neben den Analysen enthält das Buch eine Reihe von Handlungsvorschlägen aus Best-Practice-Projekten aus der Praxis. Diese werden von unseren Gastautor:innen aus Bundes-, Landes- und Kommunaleinrichtungen sowie Universitäten und Unternehmen vorgestellt, die aus der Praxis berichten, wie Hürden bei der Digitalisierung überwunden werden können.

Hypertext systems support users in navigating structured data sets and to find relevant information. Various interaction and visualization concepts aim to give users better insight into the data set, by suggesting queries and visualizing elements of interest in a meaningful way. Ranked lists are very common to show some sort of priority, while spatial layouts often help users to trace relations in the data. Only little research has been done in user studies that systematically show and reason about the differences of such spatial layouts and ranked lists. In this paper we report on a systematic comparison of a spatial visualization versus a ranked list layout. For this purpose, we did an between-subject study with 43 participants. One group performed a task with a system providing semantic visualization in 2D, the other group performed the same task with a ranked list. Both interfaces are very similar and only differ in how suggestions are visualized. The results show that users of the spatial layout finished their task in shorter time and have a tendency towards higher satisfaction. At the same time, they had more interactions with the system. Furthermore we discuss some in-depth data of the test sessions, which show that the visualization influences the users’ behavior.

In this paper, we report on a software demonstrator that utilizes a spatial hypertext UI to support knowledge management in the context of maintenance in industry. To demonstrate the flexibility of that approach, we re-use the software to visualize bibliographic data of the Hypertext conference series.

Associating information by means of linking it is a universal concept of human thinking, and by constructivist means, a possible way of learning through exploring and constructing individual information spaces related to a topic or cross topics. An application, facilitating and externalizing this activity by enabling users to create individual hyperlinks inside the environment of the Web, is a promising way to satisfy this exploratory use of information. The focus on an augmentative approach by lining hypertext's linking paradigm, in conjunction with the Web's vast amount of information, opens up for a broad spectrum of potential use scenarios. The possibilities reflect potential complexities concerning usability and limitations of usage. Therefore, preliminary and iterative evaluations are indispensable for meeting these challenges. We discuss a preliminary evaluation of usability and user behavior of said application by a conducted study based on cross-sectional quasi experimental design, using a controlled test scenario and collected client side data that serves as basis for interpretation on user behavior. Results indicate a strong habituation to document-centric processing and storing of information, and the tendency for transferring this behavior onto the more versatile linking mechanism introduced by the application. We argue for applying additional supportive features, specific for facilitating the reduction of complexity on user-side, and a longer testing period, in order to gain better insight into the possible overcome of habitual patterns concerning the tested use scenario.

This blue sky paper envisions a novel system which promotes emotional closeness through storytelling. Family members, who may be separated, collaboratively build a spatial hypertext of images and text fragments to express and structure their thoughts and memories. The system observes their reactions as well as their media while they work. Live recommendations prompt users in their thinking and storytelling. Family stories are thus collaboratively adapted to more tightly connect the thoughts and emotions of their loved ones.

The Resilient File System (ReFS) from Microsoft promises new features such as increased performance and resilience compared to the New Technology File System (NTFS). On the downside, the ReFS drivers are growing more extensive and more complex, increasing the attack surface of the Windows kernel. Attackers can often use security-critical bugs in file system drivers to escalate privileges by mounting a file system. In this work, we present ReFuzz, a structure-aware fuzzer that uses hardware-assisted code coverage to identify bugs in the ReFS driver. The ReFS file system offers several challenges to fuzzing because first, while ReFS is not documented, it exhaustively uses checksums. Second, the minimal size of a ReFS partition is 2GB, notably decreasing the performance of naive fuzzing approaches. We demonstrate the effectiveness of our fuzzing approach by finding 27 unique payloads that panic the Windows kernel when mounting or accessing ReFS partitions. Furthermore, we find 162 unique payloads that lead to a system hang-up. Microsoft confirmed those bugs and acknowledged ten unique issues which are security-critical, eight of them allowing remote code execution attacks and got assigned with a CVE number.