Dynamic analysis of Android malware suffers from techniques that identify the analysis environment and prevent the malicious behavior from being observed. While there are many analysis solutions that can thwart evasive malware on Windows, the application of similar techniques for Android has not been studied in-depth. In this paper, we present Lumus, a novel technique to uncover evasive malware on Android. Lumus compares the execution traces of malware on bare metal and emulated environments. We used Lumus to analyze 1,470 Android malware samples and were able to uncover 192 evasive samples. Comparing our approach with other solutions yields better results in terms of accuracy and false positives. We discuss which information are typically used by evasive malware for detecting emulated environments, and conclude on how analysis sandboxes can be strengthened in the future.

Laser cladding on 200 μm thin substrates is a challenge due to poor heat dissipation. Successful coatings were produced using Yb fiber laser with closed-loop controlled laser power. Samples were investigated by SEM and EDS.

This book describes the results of a research project on compliance and organizational integrity, financed by the German government and conducted over the last three years. The book offers a theoretical framework and valid instruments for measuring the outcome of compliance management: organizational integrity. To pinpoint the specifics of organizational integrity, and to create a framework for assessment, the book analyzes not only the cases of Siemens and Deutsche Bank but also a specific form of organization: governmental organizations. The book includes the results of a survey of employees in five German cities, in the course of which the author conducted interviews with the personnel responsible for compliance in different organizations. In addition, during their discussions he analyzed the administrative staff with regard to the decision-making processes they were involved in.

You all know this from watching CSI: When a crime is committed, usually some form of digital evidence is left on devices such as computers, mobile phones, or the navigation system of a car a suspect has used. Indeed, law enforcement agencies are regularly interested in data from personal devices to find evidence, guide investigations, or even act as proof in a court of law. This tutorial article by Felix Freiling et al. mentions the San Bernadino case as a prominent example. But how do police investigators go about accessing this evidence? Is what is shown on TV realistic? Whereas, in times of classical hard disks, accessing data was quite easy due to the non- volatility of the memory device. However, this is getting increasingly difficult because of developing technologies like SSDs, other forms of flash storage, and, in particular, for volatile memory such as RAM, with the major problem being to read out data while guarding “authenticity.” In the past ten years, there has been some substantial development in the area of forensic data acquisition, which is summarized by the article. It gives clear indications of what currently can be technically done and what cannot be done by police investigators. So, if you watch CSI again and the cops need to access some digital evidence, you can tell truth from fiction. —Jürgen Teich, Friedrich-Alexander-Universität Erlangen-Nürnberg

Due to the requirements of the Internet-of-Things, modern embedded systems have become increasingly complex, running different applications. In order to protect their intellectual property as well as the confidentiality of sensitive data they process, these applications have to be isolated from each other. Traditional memory protection and memory management units provide such isolation, but rely on operating system support for their configuration. However, modern operating systems tend to be vulnerable and cannot guarantee confidentiality when compromised. We present Atlas, a hardware-based security architecture, complementary to traditional memory protection mechanisms, ensuring code and data confidentiality through transparent encryption, even when the system software has been exploited. Atlas relies on its zero-software trusted computing base to protect against system-level attackers and also supports secure shared memory. We implemented Atlas based on the LEON3 softcore processor, including toolchain extensions for developers. Our FPGA-based evaluation shows minimal cycle overhead at the cost of a reduced maximum frequency.

Welcome to the Human Factors in Hypertext 2018 workshop (HUMAN'18) in Baltimore, Maryland, USA, the first workshop of a new series of workshops for the ACM Conference on Hypertext and Social Media. It has a strong focus on hypertext users and thus complements the machine analytics research that we experienced in previous conferences. The user-centric view on hypertext not only includes user interfaces and interaction, but also discussions about hypertext application domains. Furthermore, the workshop raises the question of how original hypertext ideas (e.g., Doug Engelbart's "augmenting human intellect" or Frank Halasz' "hypertext as a medium for thinking and communication") can improve today's hypertext systems. Historically, hypertext research is strongly connected to human factors. Hypertext pioneers, such as Doug Engelbart or Ted Nelson, focused on the usage of and interaction with hypertext. This workshop combines original hypertext research ideas with recent hypertext research trends. In addition, it consolidates different hypertext research areas from the viewpoint of human factors. Thus, HUMAN'18 fosters cross-cutting discussions and the development of new ideas.

The idea to associate information with so-called links was developed by hypertext pioneers in the 1960s. In the 1990s the Dexter Hypertext Reference Model was developed with the goal to provide a general model for node-link hypertext systems. In the 1990s and 2000s there were important steps made for hypertext infrastructures, which led to component-based open hypermedia systems (CB-OHS). In this paper we provide a detailed description of node-link structures. We argue that Dexter does not match the need of CB-OHS, as it supports a mix of multiple structure domains. Based on the implementation of link support in our system Mother we demonstrate how Dexter needs to be tailored accordingly. We further describe Mother's ability of node-link structures to interoperate with other available structure services and vice versa.

Wie die Blockchain-Technologie die Politik beeinflussen könnte und heute bereits tatsächlich beeinflusst.

Software applications become more and more dominant in our daily life and work. However, it is very difficult to provide sophisticated tools for all arising use cases. End-User Development (EUD) is a term that describes the development of applications by end users rather than professional developers. This enables them creating highly specialized solutions. End users are laypersons when it comes to building software, therefore they need appropriate tools for managing the whole development process. This includes designing, implementing and deploying applications. While there are already various tools available, we focus on a recommendation feature for graphical EUD tools, utilizing their spatial hypertext capabilities. In this paper we provide an overview of some common issues such tools are often struggling with. We explain how visually analyzing the workspace, parsing an implicit spatial hypertext and eventually presenting recommendations may tackle them. We further describe the project HEIMDALL in detail, especially the way of generating recommendations for software modules with the aim to raise users' awareness. Furthermore, we discuss the use of such a system that reaches a similar understanding of relationships between software modules as users have. Finally, we point to open issues that still need to be addressed to improve results and their presentation.

In this contribution, a multiscale approach for the simulation of short fiber reinforced plastics (SFRP) is presented. We propose a virtual process chain in order to take into account the resulting fiber orientation obtained from fill simulations for the structural analysis. For the stress analysis of SFRP components, an anisotropic elasto-plastic material model is parametrized. Finally, multiscale simulations of a SFRP component under bending load are carried out and validated by experiments. In addition, a concept for the integrated manufacturing of hybrid composites bonded by form closure effects is presented.

As of IEEE 802.11n, a wireless Network Interface Card (NIC) uses Channel State Information (CSI) to optimize the transmission over multiple antennas. CSI contain radio-metrics such as amplitude and phase. Due to scattering during hardware production these metrics exhibit unique properties. Since these information are transmitted unencrypted, they can be captured by a passive observer. We show that these information can be used to create a unique fingerprint of a wireless device, based on as little as 100 CSI packets per device collected with an off-the-shelf Wi-Fi card. For our proof of concept we captured data from seven smartphones including two identical models. We were able to identify more than 90% when using out-of-the-box Random Forrest (RF).

Blockchain ist derzeit ein Hype. Bekanntlich folgt nach dem Gipfel der überzogenen Erwartungen der Absturz in das Tal der Enttäuschungen. Das liegt unter anderem daran, dass bisher nur wenige der sinnvollen Anwendungsfälle auch tatsächlich praktisch umgesetzt werden konnten und viele existierende Szenarien auch mit herkömmlichen Technologien ohne Blockchain funktionieren würden. Und dennoch kann Blockchain sinnvoll eingesetzt werden, beispielsweise auf dem Katasteramt oder in einer elektronischen Patientenakte.

The continued popularity of smartphones has led companies from all business sectors to use them for security-sensitive tasks like two-factor authentication. Android, however, suffers from a fragmented landscape of devices and versions, which leaves many devices unpatched by their manufacturers. This security gap has created a vital market of commercial solutions for Runtime Application Self-Protection (RASP) to harden apps and ensure their integrity even on compromised devices. In this paper, we assess the RASP market for Android by providing an overview of the available products and their features. Furthermore, we describe an in-depth case study for a leading RASP product—namely Promon Shield—which is being used by approximately 100 companies to protect over 100 million end users worldwide. We demonstrate two attacks against Promon Shield: The first removes the entire protection scheme statically from an app, while the second disables all security measures dynamically at runtime.

Various empirical studies are concerned with the success factors of the digital transformation process. However, a critical review of the literature shows that empirical studies in BtB sales management predominantly focus on company sizes as well as industries, but mostly neglect the relevance of business types. In the following paper, the results of an empirical study will be presented, which will fill the existing research gap. It will be demonstrated that the business type is having a major influence on the design of the various sales process steps as well as on the digitalization potential of the respective processes.