Lox: Protecting the Social Graph in Bridge Distribution

Access to the open Internet, free from surveillance and censorship, is an important part of fulfilling the right to privacy. Despite this, in many regions of the world, censorship of the Internet is used to limit access to information, monitor the activity of Internet users and quash dissent. Where access to the Internet is heavily censored, anti-censorship proxies, or bridges, can offer a connection to journalists, dissidents and members of oppressed groups who seek access to the Internet beyond a censor's area of influence. Bridges are an anti-censorship tool that can provide users inside censored regions with a link to the open Internet. Using bridges as an anti-censorship tool is fraught with risks for users inside the censored region who may face persecution if they are discovered using or requesting bridges. Bridge distribution systems that are built for widespread public distribution of bridges face the inherently conflicting issues of extending bridges to unknown users when some of them may be malicious. If not designed with care, bridge distribution systems can be quickly compromised or overwhelmed by attacks from censors and their automated agents and leak user and usage data, undermining the integrity of the system and the safety of users. It is therefore crucial to prioritize protecting users when developing such systems. In this work, we take a holistic and realistic view of the bridge distribution problem. We analyze known threats to deployed bridge distribution systems, (i.e., The Tor Project's BridgeDB), and combine insights from prior work to create a new bridge distribution system. To this end, we propose Lox, a bridge distribution system that is open to anyone while also leveraging users' trust networks to distribute bridges. Lox protects the privacy of users and their social graphs and limits the malicious behaviour of censors. We use an updated unlinkable multi-show anonymous credential scheme, suitable for a single credential issuer and verifier, to protect bridge users and their social networks from being identified by malicious actors. We formalize a trust level scheme that is compatible with anonymous credentials and effectively limits malicious behaviour while maintaining user anonymity. Our work includes a full system design of Lox, as well as an implementation of each of Lox's protocols. We evaluate the efficiency of our Lox protocols and show that they have reasonable performance and latency for the expected user base of our system, thus demonstrating Lox as a practical bridge distribution system

Computational Resource Abuse in Web Applications

Internet browsers include Application Programming Interfaces (APIs) to support Web applications that require complex functionality, e.g., to let end users watch videos, make phone calls, and play video games. Meanwhile, many Web applications employ the browser APIs to rely on the user's hardware to execute intensive computation, access the Graphics Processing Unit (GPU), use persistent storage, and establish network connections. However, providing access to the system's computational resources, i.e., processing, storage, and networking, through the browser creates an opportunity for attackers to abuse resources. Principally, the problem occurs when an attacker compromises a Web site and includes malicious code to abuse its visitor's computational resources. For example, an attacker can abuse the user's system networking capabilities to perform a Denial of Service (DoS) attack against third parties. What is more, computational resource abuse has not received widespread attention from the Web security community because most of the current specifications are focused on content and session properties such as isolation, confidentiality, and integrity. Our primary goal is to study computational resource abuse and to advance the state of the art by providing a general attacker model, multiple case studies, a thorough analysis of available security mechanisms, and a new detection mechanism. To this end, we implemented and evaluated three scenarios where attackers use multiple browser APIs to abuse networking, local storage, and computation. Further, depending on the scenario, an attacker can use browsers to perform Denial of Service against third-party Web sites, create a network of browsers to store and distribute arbitrary data, or use browsers to establish anonymous connections similarly to The Onion Router (Tor). Our analysis also includes a real-life resource abuse case found in the wild, i.e., CryptoJacking, where thousands of Web sites forced their visitors to perform crypto-currency mining without their consent. In the general case, attacks presented in this thesis share the attacker model and two key characteristics: 1) the browser's end user remains oblivious to the attack, and 2) an attacker has to invest little resources in comparison to the resources he obtains. In addition to the attack's analysis, we present how existing, and upcoming, security enforcement mechanisms from Web security can hinder an attacker and their drawbacks. Moreover, we propose a novel detection approach based on browser API usage patterns. Finally, we evaluate the accuracy of our detection model, after training it with the real-life crypto-mining scenario, through a large scale analysis of the most popular Web sites

Evolutionary Computation 2020

Intelligent optimization is based on the mechanism of computational intelligence to refine a suitable feature model, design an effective optimization algorithm, and then to obtain an optimal or satisfactory solution to a complex problem. Intelligent algorithms are key tools to ensure global optimization quality, fast optimization efficiency and robust optimization performance. Intelligent optimization algorithms have been studied by many researchers, leading to improvements in the performance of algorithms such as the evolutionary algorithm, whale optimization algorithm, differential evolution algorithm, and particle swarm optimization. Studies in this arena have also resulted in breakthroughs in solving complex problems including the green shop scheduling problem, the severe nonlinear problem in one-dimensional geodesic electromagnetic inversion, error and bug finding problem in software, the 0-1 backpack problem, traveler problem, and logistics distribution center siting problem. The editors are confident that this book can open a new avenue for further improvement and discoveries in the area of intelligent algorithms. The book is a valuable resource for researchers interested in understanding the principles and design of intelligent algorithms

Agile Processes in Software Engineering and Extreme Programming – Workshops

This open access book constitutes papers from the 5 research workshops, the poster presentations, as well as two panel discussions which were presented at XP 2021, the 22nd International Conference on Agile Software Development, which was held online during June 14-18, 2021. XP is the premier agile software development conference combining research and practice. It is a unique forum where agile researchers, practitioners, thought leaders, coaches, and trainers get together to present and discuss their most recent innovations, research results, experiences, concerns, challenges, and trends. XP conferences provide an informal environment to learn and trigger discussions and welcome both people new to agile and seasoned agile practitioners. The 18 papers included in this volume were carefully reviewed and selected from overall 37 submissions. They stem from the following workshops: 3rd International Workshop on Agile Transformation 9th International Workshop on Large-Scale Agile Development 1st International Workshop on Agile Sustainability 4th International Workshop on Software-Intensive Business 2nd International Workshop on Agility with Microservices Programmin

Human Practice. Digital Ecologies. Our Future. : 14. Internationale Tagung Wirtschaftsinformatik (WI 2019) : Tagungsband

Erschienen bei: universi - Universitätsverlag Siegen. - ISBN: 978-3-96182-063-4Aus dem Inhalt: Track 1: Produktion & Cyber-Physische Systeme Requirements and a Meta Model for Exchanging Additive Manufacturing Capacities Service Systems, Smart Service Systems and Cyber- Physical Systems—What’s the difference? Towards a Unified Terminology Developing an Industrial IoT Platform – Trade-off between Horizontal and Vertical Approaches Machine Learning und Complex Event Processing: Effiziente Echtzeitauswertung am Beispiel Smart Factory Sensor retrofit for a coffee machine as condition monitoring and predictive maintenance use case Stakeholder-Analyse zum Einsatz IIoT-basierter Frischeinformationen in der Lebensmittelindustrie Towards a Framework for Predictive Maintenance Strategies in Mechanical Engineering - A Method-Oriented Literature Analysis Development of a matching platform for the requirement-oriented selection of cyber physical systems for SMEs Track 2: Logistic Analytics An Empirical Study of Customers’ Behavioral Intention to Use Ridepooling Services – An Extension of the Technology Acceptance Model Modeling Delay Propagation and Transmission in Railway Networks What is the impact of company specific adjustments on the acceptance and diffusion of logistic standards? Robust Route Planning in Intermodal Urban Traffic Track 3: Unternehmensmodellierung & Informationssystemgestaltung (Enterprise Modelling & Information Systems Design) Work System Modeling Method with Different Levels of Specificity and Rigor for Different Stakeholder Purposes Resolving Inconsistencies in Declarative Process Models based on Culpability Measurement Strategic Analysis in the Realm of Enterprise Modeling – On the Example of Blockchain-Based Initiatives for the Electricity Sector Zwischenbetriebliche Integration in der Möbelbranche: Konfigurationen und Einflussfaktoren Novices’ Quality Perceptions and the Acceptance of Process Modeling Grammars Entwicklung einer Definition für Social Business Objects (SBO) zur Modellierung von Unternehmensinformationen Designing a Reference Model for Digital Product Configurators Terminology for Evolving Design Artifacts Business Role-Object Specification: A Language for Behavior-aware Structural Modeling of Business Objects Generating Smart Glasses-based Information Systems with BPMN4SGA: A BPMN Extension for Smart Glasses Applications Using Blockchain in Peer-to-Peer Carsharing to Build Trust in the Sharing Economy Testing in Big Data: An Architecture Pattern for a Development Environment for Innovative, Integrated and Robust Applications Track 4: Lern- und Wissensmanagement (e-Learning and Knowledge Management) eGovernment Competences revisited – A Literature Review on necessary Competences in a Digitalized Public Sector Say Hello to Your New Automated Tutor – A Structured Literature Review on Pedagogical Conversational Agents Teaching the Digital Transformation of Business Processes: Design of a Simulation Game for Information Systems Education Conceptualizing Immersion for Individual Learning in Virtual Reality Designing a Flipped Classroom Course – a Process Model The Influence of Risk-Taking on Knowledge Exchange and Combination Gamified Feedback durch Avatare im Mobile Learning Alexa, Can You Help Me Solve That Problem? - Understanding the Value of Smart Personal Assistants as Tutors for Complex Problem Tasks Track 5: Data Science & Business Analytics Matching with Bundle Preferences: Tradeoff between Fairness and Truthfulness Applied image recognition: guidelines for using deep learning models in practice Yield Prognosis for the Agrarian Management of Vineyards using Deep Learning for Object Counting Reading Between the Lines of Qualitative Data – How to Detect Hidden Structure Based on Codes Online Auctions with Dual-Threshold Algorithms: An Experimental Study and Practical Evaluation Design Features of Non-Financial Reward Programs for Online Reviews: Evaluation based on Google Maps Data Topic Embeddings – A New Approach to Classify Very Short Documents Based on Predefined Topics Leveraging Unstructured Image Data for Product Quality Improvement Decision Support for Real Estate Investors: Improving Real Estate Valuation with 3D City Models and Points of Interest Knowledge Discovery from CVs: A Topic Modeling Procedure Online Product Descriptions – Boost for your Sales? Entscheidungsunterstützung durch historienbasierte Dienstreihenfolgeplanung mit Pattern A Semi-Automated Approach for Generating Online Review Templates Machine Learning goes Measure Management: Leveraging Anomaly Detection and Parts Search to Improve Product-Cost Optimization Bedeutung von Predictive Analytics für den theoretischen Erkenntnisgewinn in der IS-Forschung Track 6: Digitale Transformation und Dienstleistungen Heuristic Theorizing in Software Development: Deriving Design Principles for Smart Glasses-based Systems Mirroring E-service for Brick and Mortar Retail: An Assessment and Survey Taxonomy of Digital Platforms: A Platform Architecture Perspective Value of Star Players in the Digital Age Local Shopping Platforms – Harnessing Locational Advantages for the Digital Transformation of Local Retail Outlets: A Content Analysis A Socio-Technical Approach to Manage Analytics-as-a-Service – Results of an Action Design Research Project Characterizing Approaches to Digital Transformation: Development of a Taxonomy of Digital Units Expectations vs. Reality – Benefits of Smart Services in the Field of Tension between Industry and Science Innovation Networks and Digital Innovation: How Organizations Use Innovation Networks in a Digitized Environment Characterising Social Reading Platforms— A Taxonomy-Based Approach to Structure the Field Less Complex than Expected – What Really Drives IT Consulting Value Modularity Canvas – A Framework for Visualizing Potentials of Service Modularity Towards a Conceptualization of Capabilities for Innovating Business Models in the Industrial Internet of Things A Taxonomy of Barriers to Digital Transformation Ambidexterity in Service Innovation Research: A Systematic Literature Review Design and success factors of an online solution for cross-pillar pension information Track 7: IT-Management und -Strategie A Frugal Support Structure for New Software Implementations in SMEs How to Structure a Company-wide Adoption of Big Data Analytics The Changing Roles of Innovation Actors and Organizational Antecedents in the Digital Age Bewertung des Kundennutzens von Chatbots für den Einsatz im Servicedesk Understanding the Benefits of Agile Software Development in Regulated Environments Are Employees Following the Rules? On the Effectiveness of IT Consumerization Policies Agile and Attached: The Impact of Agile Practices on Agile Team Members’ Affective Organisational Commitment The Complexity Trap – Limits of IT Flexibility for Supporting Organizational Agility in Decentralized Organizations Platform Openness: A Systematic Literature Review and Avenues for Future Research Competence, Fashion and the Case of Blockchain The Digital Platform Otto.de: A Case Study of Growth, Complexity, and Generativity Track 8: eHealth & alternde Gesellschaft Security and Privacy of Personal Health Records in Cloud Computing Environments – An Experimental Exploration of the Impact of Storage Solutions and Data Breaches Patientenintegration durch Pfadsysteme Digitalisierung in der Stressprävention – eine qualitative Interviewstudie zu Nutzenpotenzialen User Dynamics in Mental Health Forums – A Sentiment Analysis Perspective Intent and the Use of Wearables in the Workplace – A Model Development Understanding Patient Pathways in the Context of Integrated Health Care Services - Implications from a Scoping Review Understanding the Habitual Use of Wearable Activity Trackers On the Fit in Fitness Apps: Studying the Interaction of Motivational Affordances and Users’ Goal Orientations in Affecting the Benefits Gained Gamification in Health Behavior Change Support Systems - A Synthesis of Unintended Side Effects Investigating the Influence of Information Incongruity on Trust-Relations within Trilateral Healthcare Settings Track 9: Krisen- und Kontinuitätsmanagement Potentiale von IKT beim Ausfall kritischer Infrastrukturen: Erwartungen, Informationsgewinnung und Mediennutzung der Zivilbevölkerung in Deutschland Fake News Perception in Germany: A Representative Study of People’s Attitudes and Approaches to Counteract Disinformation Analyzing the Potential of Graphical Building Information for Fire Emergency Responses: Findings from a Controlled Experiment Track 10: Human-Computer Interaction Towards a Taxonomy of Platforms for Conversational Agent Design Measuring Service Encounter Satisfaction with Customer Service Chatbots using Sentiment Analysis Self-Tracking and Gamification: Analyzing the Interplay of Motivations, Usage and Motivation Fulfillment Erfolgsfaktoren von Augmented-Reality-Applikationen: Analyse von Nutzerrezensionen mit dem Review-Mining-Verfahren Designing Dynamic Decision Support for Electronic Requirements Negotiations Who is Stressed by Using ICTs? A Qualitative Comparison Analysis with the Big Five Personality Traits to Understand Technostress Walking the Middle Path: How Medium Trade-Off Exposure Leads to Higher Consumer Satisfaction in Recommender Agents Theory-Based Affordances of Utilitarian, Hedonic and Dual-Purposed Technologies: A Literature Review Eliciting Customer Preferences for Shopping Companion Apps: A Service Quality Approach The Role of Early User Participation in Discovering Software – A Case Study from the Context of Smart Glasses The Fluidity of the Self-Concept as a Framework to Explain the Motivation to Play Video Games Heart over Heels? An Empirical Analysis of the Relationship between Emotions and Review Helpfulness for Experience and Credence Goods Track 11: Information Security and Information Privacy Unfolding Concerns about Augmented Reality Technologies: A Qualitative Analysis of User Perceptions To (Psychologically) Own Data is to Protect Data: How Psychological Ownership Determines Protective Behavior in a Work and Private Context Understanding Data Protection Regulations from a Data Management Perspective: A Capability-Based Approach to EU-GDPR On the Difficulties of Incentivizing Online Privacy through Transparency: A Qualitative Survey of the German Health Insurance Market What is Your Selfie Worth? A Field Study on Individuals’ Valuation of Personal Data Justification of Mass Surveillance: A Quantitative Study An Exploratory Study of Risk Perception for Data Disclosure to a Network of Firms Track 12: Umweltinformatik und nachhaltiges Wirtschaften Kommunikationsfäden im Nadelöhr – Fachliche Prozessmodellierung der Nachhaltigkeitskommunikation am Kapitalmarkt Potentiale und Herausforderungen der Materialflusskostenrechnung Computing Incentives for User-Based Relocation in Carsharing Sustainability’s Coming Home: Preliminary Design Principles for the Sustainable Smart District Substitution of hazardous chemical substances using Deep Learning and t-SNE A Hierarchy of DSMLs in Support of Product Life-Cycle Assessment A Survey of Smart Energy Services for Private Households Door-to-Door Mobility Integrators as Keystone Organizations of Smart Ecosystems: Resources and Value Co-Creation – A Literature Review Ein Entscheidungsunterstützungssystem zur ökonomischen Bewertung von Mieterstrom auf Basis der Clusteranalyse Discovering Blockchain for Sustainable Product-Service Systems to enhance the Circular Economy Digitale Rückverfolgbarkeit von Lebensmitteln: Eine verbraucherinformatische Studie Umweltbewusstsein durch audiovisuelles Content Marketing? Eine experimentelle Untersuchung zur Konsumentenbewertung nachhaltiger Smartphones Towards Predictive Energy Management in Information Systems: A Research Proposal A Web Browser-Based Application for Processing and Analyzing Material Flow Models using the MFCA Methodology Track 13: Digital Work - Social, mobile, smart On Conversational Agents in Information Systems Research: Analyzing the Past to Guide Future Work The Potential of Augmented Reality for Improving Occupational First Aid Prevent a Vicious Circle! The Role of Organizational IT-Capability in Attracting IT-affine Applicants Good, Bad, or Both? Conceptualization and Measurement of Ambivalent User Attitudes Towards AI A Case Study on Cross-Hierarchical Communication in Digital Work Environments ‘Show Me Your People Skills’ - Employing CEO Branding for Corporate Reputation Management in Social Media A Multiorganisational Study of the Drivers and Barriers of Enterprise Collaboration Systems-Enabled Change The More the Merrier? The Effect of Size of Core Team Subgroups on Success of Open Source Projects The Impact of Anthropomorphic and Functional Chatbot Design Features in Enterprise Collaboration Systems on User Acceptance Digital Feedback for Digital Work? Affordances and Constraints of a Feedback App at InsurCorp The Effect of Marker-less Augmented Reality on Task and Learning Performance Antecedents for Cyberloafing – A Literature Review Internal Crowd Work as a Source of Empowerment - An Empirical Analysis of the Perception of Employees in a Crowdtesting Project Track 14: Geschäftsmodelle und digitales Unternehmertum Dividing the ICO Jungle: Extracting and Evaluating Design Archetypes Capturing Value from Data: Exploring Factors Influencing Revenue Model Design for Data-Driven Services Understanding the Role of Data for Innovating Business Models: A System Dynamics Perspective Business Model Innovation and Stakeholder: Exploring Mechanisms and Outcomes of Value Creation and Destruction Business Models for Internet of Things Platforms: Empirical Development of a Taxonomy and Archetypes Revitalizing established Industrial Companies: State of the Art and Success Principles of Digital Corporate Incubators When 1+1 is Greater than 2: Concurrence of Additional Digital and Established Business Models within Companies Special Track 1: Student Track Investigating Personalized Price Discrimination of Textile-, Electronics- and General Stores in German Online Retail From Facets to a Universal Definition – An Analysis of IoT Usage in Retail Is the Technostress Creators Inventory Still an Up-To-Date Measurement Instrument? Results of a Large-Scale Interview Study Application of Media Synchronicity Theory to Creative Tasks in Virtual Teams Using the Example of Design Thinking TrustyTweet: An Indicator-based Browser-Plugin to Assist Users in Dealing with Fake News on Twitter Application of Process Mining Techniques to Support Maintenance-Related Objectives How Voice Can Change Customer Satisfaction: A Comparative Analysis between E-Commerce and Voice Commerce Business Process Compliance and Blockchain: How Does the Ethereum Blockchain Address Challenges of Business Process Compliance? Improving Business Model Configuration through a Question-based Approach The Influence of Situational Factors and Gamification on Intrinsic Motivation and Learning Evaluation von ITSM-Tools für Integration und Management von Cloud-Diensten am Beispiel von ServiceNow How Software Promotes the Integration of Sustainability in Business Process Management Criteria Catalog for Industrial IoT Platforms from the Perspective of the Machine Tool Industry Special Track 3: Demos & Prototyping Privacy-friendly User Location Tracking with Smart Devices: The BeaT Prototype Application-oriented robotics in nursing homes Augmented Reality for Set-up Processe Mixed Reality for supporting Remote-Meetings Gamification zur Motivationssteigerung von Werkern bei der Betriebsdatenerfassung Automatically Extracting and Analyzing Customer Needs from Twitter: A “Needmining” Prototype GaNEsHA: Opportunities for Sustainable Transportation in Smart Cities TUCANA: A platform for using local processing power of edge devices for building data-driven services Demonstrator zur Beschreibung und Visualisierung einer kritischen Infrastruktur Entwicklung einer alltagsnahen persuasiven App zur Bewegungsmotivation für ältere Nutzerinnen und Nutzer A browser-based modeling tool for studying the learning of conceptual modeling based on a multi-modal data collection approach Exergames & Dementia: An interactive System for People with Dementia and their Care-Network Workshops Workshop Ethics and Morality in Business Informatics (Workshop Ethik und Moral in der Wirtschaftsinformatik – EMoWI’19) Model-Based Compliance in Information Systems - Foundations, Case Description and Data Set of the MobIS-Challenge for Students and Doctoral Candidates Report of the Workshop on Concepts and Methods of Identifying Digital Potentials in Information Management Control of Systemic Risks in Global Networks - A Grand Challenge to Information Systems Research Die Mitarbeiter von morgen - Kompetenzen künftiger Mitarbeiter im Bereich Business Analytics Digitaler Konsum: Herausforderungen und Chancen der Verbraucherinformati

Actas de la XIII Reunión Española sobre Criptología y Seguridad de la Información RECSI XIII : Alicante, 2-5 de septiembre de 2014

Si tuviéramos que elegir un conjunto de palabras clave para definir la sociedad actual, sin duda el término información sería uno de los más representativos. Vivimos en un mundo caracterizado por un continuo flujo de información en el que las Tecnologías de la Información y Comunicación (TIC) y las Redes Sociales desempeñan un papel relevante. En la Sociedad de la Información se generan gran variedad de datos en formato digital, siendo la protección de los mismos frente a accesos y usos no autorizados el objetivo principal de lo que conocemos como Seguridad de la Información. Si bien la Criptología es una herramienta tecnológica básica, dedicada al desarrollo y análisis de sistemas y protocolos que garanticen la seguridad de los datos, el espectro de tecnologías que intervienen en la protección de la información es amplio y abarca diferentes disciplinas. Una de las características de esta ciencia es su rápida y constante evolución, motivada en parte por los continuos avances que se producen en el terreno de la computación, especialmente en las últimas décadas. Sistemas, protocolos y herramientas en general considerados seguros en la actualidad dejarán de serlo en un futuro más o menos cercano, lo que hace imprescindible el desarrollo de nuevas herramientas que garanticen, de forma eficiente, los necesarios niveles de seguridad. La Reunión Española sobre Criptología y Seguridad de la Información (RECSI) es el congreso científico español de referencia en el ámbito de la Criptología y la Seguridad en las TIC, en el que se dan cita periódicamente los principales investigadores españoles y de otras nacionalidades en esta disciplina, con el fin de compartir los resultados más recientes de su investigación. Del 2 al 5 de septiembre de 2014 se celebrará la decimotercera edición en la ciudad de Alicante, organizada por el grupo de Criptología y Seguridad Computacional de la Universidad de Alicante. Las anteriores ediciones tuvieron lugar en Palma de Mallorca (1991), Madrid (1992), Barcelona (1994), Valladolid (1996), Torremolinos (1998), Santa Cruz de Tenerife (2000), Oviedo (2002), Leganés (2004), Barcelona (2006), Salamanca (2008), Tarragona (2010) y San Sebastián (2012)

Urban Informatics

This open access book is the first to systematically introduce the principles of urban informatics and its application to every aspect of the city that involves its functioning, control, management, and future planning. It introduces new models and tools being developed to understand and implement these technologies that enable cities to function more efficiently – to become ‘smart’ and ‘sustainable’. The smart city has quickly emerged as computers have become ever smaller to the point where they can be embedded into the very fabric of the city, as well as being central to new ways in which the population can communicate and act. When cities are wired in this way, they have the potential to become sentient and responsive, generating massive streams of ‘big’ data in real time as well as providing immense opportunities for extracting new forms of urban data through crowdsourcing. This book offers a comprehensive review of the methods that form the core of urban informatics from various kinds of urban remote sensing to new approaches to machine learning and statistical modelling. It provides a detailed technical introduction to the wide array of tools information scientists need to develop the key urban analytics that are fundamental to learning about the smart city, and it outlines ways in which these tools can be used to inform design and policy so that cities can become more efficient with a greater concern for environment and equity