TY - BOOK A1 - Zhang, Shuhao A1 - Plauth, Max A1 - Eberhardt, Felix A1 - Polze, Andreas A1 - Lehmann, Jens A1 - Sejdiu, Gezim A1 - Jabeen, Hajira A1 - Servadei, Lorenzo A1 - Möstl, Christian A1 - Bär, Florian A1 - Netzeband, André A1 - Schmidt, Rainer A1 - Knigge, Marlene A1 - Hecht, Sonja A1 - Prifti, Loina A1 - Krcmar, Helmut A1 - Sapegin, Andrey A1 - Jaeger, David A1 - Cheng, Feng A1 - Meinel, Christoph A1 - Friedrich, Tobias A1 - Rothenberger, Ralf A1 - Sutton, Andrew M. A1 - Sidorova, Julia A. A1 - Lundberg, Lars A1 - Rosander, Oliver A1 - Sköld, Lars A1 - Di Varano, Igor A1 - van der Walt, Estée A1 - Eloff, Jan H. P. A1 - Fabian, Benjamin A1 - Baumann, Annika A1 - Ermakova, Tatiana A1 - Kelkel, Stefan A1 - Choudhary, Yash A1 - Cooray, Thilini A1 - Rodríguez, Jorge A1 - Medina-Pérez, Miguel Angel A1 - Trejo, Luis A. A1 - Barrera-Animas, Ari Yair A1 - Monroy-Borja, Raúl A1 - López-Cuevas, Armando A1 - Ramírez-Márquez, José Emmanuel A1 - Grohmann, Maria A1 - Niederleithinger, Ernst A1 - Podapati, Sasidhar A1 - Schmidt, Christopher A1 - Huegle, Johannes A1 - de Oliveira, Roberto C. L. A1 - Soares, Fábio Mendes A1 - van Hoorn, André A1 - Neumer, Tamas A1 - Willnecker, Felix A1 - Wilhelm, Mathias A1 - Kuster, Bernhard ED - Meinel, Christoph ED - Polze, Andreas ED - Beins, Karsten ED - Strotmann, Rolf ED - Seibold, Ulrich ED - Rödszus, Kurt ED - Müller, Jürgen T1 - HPI Future SOC Lab – Proceedings 2017 T1 - HPI Future SOC Lab – Proceedings 2017 N2 - The “HPI Future SOC Lab” is a cooperation of the Hasso Plattner Institute (HPI) and industry partners. Its mission is to enable and promote exchange and interaction between the research community and the industry partners. The HPI Future SOC Lab provides researchers with free of charge access to a complete infrastructure of state of the art hard and software. This infrastructure includes components, which might be too expensive for an ordinary research environment, such as servers with up to 64 cores and 2 TB main memory. The offerings address researchers particularly from but not limited to the areas of computer science and business information systems. Main areas of research include cloud computing, parallelization, and In-Memory technologies. This technical report presents results of research projects executed in 2017. Selected projects have presented their results on April 25th and November 15th 2017 at the Future SOC Lab Day events. N2 - Das Future SOC Lab am HPI ist eine Kooperation des Hasso-Plattner-Instituts mit verschiedenen Industriepartnern. Seine Aufgabe ist die Ermöglichung und Förderung des Austausches zwischen Forschungsgemeinschaft und Industrie. Am Lab wird interessierten Wissenschaftlern eine Infrastruktur von neuester Hard- und Software kostenfrei für Forschungszwecke zur Verfügung gestellt. Dazu zählen teilweise noch nicht am Markt verfügbare Technologien, die im normalen Hochschulbereich in der Regel nicht zu finanzieren wären, bspw. Server mit bis zu 64 Cores und 2 TB Hauptspeicher. Diese Angebote richten sich insbesondere an Wissenschaftler in den Gebieten Informatik und Wirtschaftsinformatik. Einige der Schwerpunkte sind Cloud Computing, Parallelisierung und In-Memory Technologien. In diesem Technischen Bericht werden die Ergebnisse der Forschungsprojekte des Jahres 2017 vorgestellt. Ausgewählte Projekte stellten ihre Ergebnisse am 25. April und 15. November 2017 im Rahmen der Future SOC Lab Tag Veranstaltungen vor. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 130 KW - Future SOC Lab KW - research projects KW - multicore architectures KW - In-Memory technology KW - cloud computing KW - machine learning KW - artifical intelligence KW - Future SOC Lab KW - Forschungsprojekte KW - Multicore Architekturen KW - In-Memory Technologie KW - Cloud Computing KW - maschinelles Lernen KW - Künstliche Intelligenz Y1 - 2020 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-433100 SN - 978-3-86956-475-3 SN - 1613-5652 SN - 2191-1665 IS - 130 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - JOUR A1 - Yeung, Ching-man Au A1 - Noll, Michael G. A1 - Gibbins, Nicholas A1 - Meinel, Christoph A1 - Shadbolt, Nigel T1 - Spear spamming-resistant expertise analysis and ranking incollaborative tagging systems JF - Computational intelligence N2 - In this article, we discuss the notions of experts and expertise in resource discovery in the context of collaborative tagging systems. We propose that the level of expertise of a user with respect to a particular topic is mainly determined by two factors. First, an expert should possess a high-quality collection of resources, while the quality of a Web resource in turn depends on the expertise of the users who have assigned tags to it, forming a mutual reinforcement relationship. Second, an expert should be one who tends to identify interesting or useful resources before other users discover them, thus bringing these resources to the attention of the community of users. We propose a graph-based algorithm, SPEAR (spamming-resistant expertise analysis and ranking), which implements the above ideas for ranking users in a folksonomy. Our experiments show that our assumptions on expertise in resource discovery, and SPEAR as an implementation of these ideas, allow us to promote experts and demote spammers at the same time, with performance significantly better than the original hypertext-induced topic search algorithm and simple statistical measures currently used in most collaborative tagging systems. KW - collaborative tagging KW - expertise KW - folksonomy KW - HITS KW - ranking KW - spamming Y1 - 2011 U6 - https://doi.org/10.1111/j.1467-8640.2011.00384.x SN - 0824-7935 SN - 1467-8640 VL - 27 IS - 3 SP - 458 EP - 488 PB - Wiley-Blackwell CY - Hoboken ER - TY - JOUR A1 - Weinstein, Theresa Julia A1 - Ceh, Simon Majed A1 - Meinel, Christoph A1 - Benedek, Mathias T1 - What's creative about sentences? BT - a computational approach to assessing creativity in a sentence generation task JF - Creativity Research Journal N2 - Evaluating creativity of verbal responses or texts is a challenging task due to psychometric issues associated with subjective ratings and the peculiarities of textual data. We explore an approach to objectively assess the creativity of responses in a sentence generation task to 1) better understand what language-related aspects are valued by human raters and 2) further advance the developments toward automating creativity evaluations. Over the course of two prior studies, participants generated 989 four-word sentences based on a four-letter prompt with the instruction to be creative. We developed an algorithm that scores each sentence on eight different metrics including 1) general word infrequency, 2) word combination infrequency, 3) context-specific word uniqueness, 4) syntax uniqueness, 5) rhyme, 6) phonetic similarity, and similarity of 7) sequence spelling and 8) semantic meaning to the cue. The text metrics were then used to explain the averaged creativity ratings of eight human raters. We found six metrics to be significantly correlated with the human ratings, explaining a total of 16% of their variance. We conclude that the creative impression of sentences is partly driven by different aspects of novelty in word choice and syntax, as well as rhythm and sound, which are amenable to objective assessment. Y1 - 2022 U6 - https://doi.org/10.1080/10400419.2022.2124777 SN - 1040-0419 SN - 1532-6934 VL - 34 IS - 4 SP - 419 EP - 430 PB - Routledge, Taylor & Francis Group CY - Abingdon ER - TY - JOUR A1 - Wang, Cheng A1 - Yang, Haojin A1 - Meinel, Christoph T1 - Image Captioning with Deep Bidirectional LSTMs and Multi-Task Learning JF - ACM transactions on multimedia computing, communications, and applications N2 - Generating a novel and descriptive caption of an image is drawing increasing interests in computer vision, natural language processing, and multimedia communities. In this work, we propose an end-to-end trainable deep bidirectional LSTM (Bi-LSTM (Long Short-Term Memory)) model to address the problem. By combining a deep convolutional neural network (CNN) and two separate LSTM networks, our model is capable of learning long-term visual-language interactions by making use of history and future context information at high-level semantic space. We also explore deep multimodal bidirectional models, in which we increase the depth of nonlinearity transition in different ways to learn hierarchical visual-language embeddings. Data augmentation techniques such as multi-crop, multi-scale, and vertical mirror are proposed to prevent over-fitting in training deep models. To understand how our models "translate" image to sentence, we visualize and qualitatively analyze the evolution of Bi-LSTM internal states over time. The effectiveness and generality of proposed models are evaluated on four benchmark datasets: Flickr8K, Flickr30K, MSCOCO, and Pascal1K datasets. We demonstrate that Bi-LSTM models achieve highly competitive performance on both caption generation and image-sentence retrieval even without integrating an additional mechanism (e.g., object detection, attention model). Our experiments also prove that multi-task learning is beneficial to increase model generality and gain performance. We also demonstrate the performance of transfer learning of the Bi-LSTM model significantly outperforms previous methods on the Pascal1K dataset. KW - Deep learning KW - LSTM KW - multimodal representations KW - image captioning KW - mutli-task learning Y1 - 2018 U6 - https://doi.org/10.1145/3115432 SN - 1551-6857 SN - 1551-6865 VL - 14 IS - 2 PB - Association for Computing Machinery CY - New York ER - TY - JOUR A1 - Wang, Cheng A1 - Yang, Haojin A1 - Meinel, Christoph T1 - A deep semantic framework for multimodal representation learning JF - Multimedia tools and applications : an international journal N2 - Multimodal representation learning has gained increasing importance in various real-world multimedia applications. Most previous approaches focused on exploring inter-modal correlation by learning a common or intermediate space in a conventional way, e.g. Canonical Correlation Analysis (CCA). These works neglected the exploration of fusing multiple modalities at higher semantic level. In this paper, inspired by the success of deep networks in multimedia computing, we propose a novel unified deep neural framework for multimodal representation learning. To capture the high-level semantic correlations across modalities, we adopted deep learning feature as image representation and topic feature as text representation respectively. In joint model learning, a 5-layer neural network is designed and enforced with a supervised pre-training in the first 3 layers for intra-modal regularization. The extensive experiments on benchmark Wikipedia and MIR Flickr 25K datasets show that our approach achieves state-of-the-art results compare to both shallow and deep models in multimodal and cross-modal retrieval. KW - Multimodal representation KW - Deep neural networks KW - Semantic feature KW - Cross-modal retrieval Y1 - 2016 U6 - https://doi.org/10.1007/s11042-016-3380-8 SN - 1380-7501 SN - 1573-7721 VL - 75 SP - 9255 EP - 9276 PB - Springer CY - Dordrecht ER - TY - GEN A1 - Torkura, Kennedy A. A1 - Sukmana, Muhammad Ihsan Haikal A1 - Strauss, Tim A1 - Graupner, Hendrik A1 - Cheng, Feng A1 - Meinel, Christoph T1 - CSBAuditor BT - proactive security risk analysis for cloud storage broker systems T2 - 17th International Symposium on Network Computing and Applications (NCA) N2 - Cloud Storage Brokers (CSB) provide seamless and concurrent access to multiple Cloud Storage Services (CSS) while abstracting cloud complexities from end-users. However, this multi-cloud strategy faces several security challenges including enlarged attack surfaces, malicious insider threats, security complexities due to integration of disparate components and API interoperability issues. Novel security approaches are imperative to tackle these security issues. Therefore, this paper proposes CSBAuditor, a novel cloud security system that continuously audits CSB resources, to detect malicious activities and unauthorized changes e.g. bucket policy misconfigurations, and remediates these anomalies. The cloud state is maintained via a continuous snapshotting mechanism thereby ensuring fault tolerance. We adopt the principles of chaos engineering by integrating Broker Monkey, a component that continuously injects failure into our reference CSB system, Cloud RAID. Hence, CSBAuditor is continuously tested for efficiency i.e. its ability to detect the changes injected by Broker Monkey. CSBAuditor employs security metrics for risk analysis by computing severity scores for detected vulnerabilities using the Common Configuration Scoring System, thereby overcoming the limitation of insufficient security metrics in existing cloud auditing schemes. CSBAuditor has been tested using various strategies including chaos engineering failure injection strategies. Our experimental evaluation validates the efficiency of our approach against the aforementioned security issues with a detection and recovery rate of over 96 %. KW - Cloud-Security KW - Cloud Audit KW - Security Metrics KW - Security Risk Assessment KW - Secure Configuration Y1 - 2018 SN - 978-1-5386-7659-2 U6 - https://doi.org/10.1109/NCA.2018.8548329 PB - IEEE CY - New York ER - TY - GEN A1 - Torkura, Kennedy A. A1 - Sukmana, Muhammad Ihsan Haikal A1 - Meinig, Michael A1 - Kayem, Anne V. D. M. A1 - Cheng, Feng A1 - Meinel, Christoph A1 - Graupner, Hendrik T1 - Securing cloud storage brokerage systems through threat models T2 - Proceedings IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA) N2 - Cloud storage brokerage is an abstraction aimed at providing value-added services. However, Cloud Service Brokers are challenged by several security issues including enlarged attack surfaces due to integration of disparate components and API interoperability issues. Therefore, appropriate security risk assessment methods are required to identify and evaluate these security issues, and examine the efficiency of countermeasures. A possible approach for satisfying these requirements is employment of threat modeling concepts, which have been successfully applied in traditional paradigms. In this work, we employ threat models including attack trees, attack graphs and Data Flow Diagrams against a Cloud Service Broker (CloudRAID) and analyze these security threats and risks. Furthermore, we propose an innovative technique for combining Common Vulnerability Scoring System (CVSS) and Common Configuration Scoring System (CCSS) base scores in probabilistic attack graphs to cater for configuration-based vulnerabilities which are typically leveraged for attacking cloud storage systems. This approach is necessary since existing schemes do not provide sufficient security metrics, which are imperatives for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two common attacks against cloud storage: Cloud Storage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then used in Attack Graph Metric-based risk assessment. Our experimental evaluation shows that our approach caters for the aforementioned gaps and provides efficient security hardening options. Therefore, our proposals can be employed to improve cloud security. KW - Cloud-Security KW - Threat Models KW - Security Metrics KW - Security Risk Assessment KW - Secure Configuration Y1 - 2018 SN - 978-1-5386-2195-0 U6 - https://doi.org/10.1109/AINA.2018.00114 SN - 1550-445X SP - 759 EP - 768 PB - IEEE CY - New York ER - TY - GEN A1 - Torkura, Kennedy A. A1 - Sukmana, Muhammad Ihsan Haikal A1 - Kayem, Anne V. D. M. A1 - Cheng, Feng A1 - Meinel, Christoph T1 - A cyber risk based moving target defense mechanism for microservice architectures T2 - IEEE Intl Conf on Parallel & Distributed Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom) N2 - Microservice Architectures (MSA) structure applications as a collection of loosely coupled services that implement business capabilities. The key advantages of MSA include inherent support for continuous deployment of large complex applications, agility and enhanced productivity. However, studies indicate that most MSA are homogeneous, and introduce shared vulnerabilites, thus vulnerable to multi-step attacks, which are economics-of-scale incentives to attackers. In this paper, we address the issue of shared vulnerabilities in microservices with a novel solution based on the concept of Moving Target Defenses (MTD). Our mechanism works by performing risk analysis against microservices to detect and prioritize vulnerabilities. Thereafter, security risk-oriented software diversification is employed, guided by a defined diversification index. The diversification is performed at runtime, leveraging both model and template based automatic code generation techniques to automatically transform programming languages and container images of the microservices. Consequently, the microservices attack surfaces are altered thereby introducing uncertainty for attackers while reducing the attackability of the microservices. Our experiments demonstrate the efficiency of our solution, with an average success rate of over 70% attack surface randomization. KW - Security Risk Assessment KW - Security Metrics KW - Moving Target Defense KW - Microservices Security KW - Application Container Security Y1 - 2018 SN - 978-1-7281-1141-4 U6 - https://doi.org/10.1109/BDCloud.2018.00137 SN - 2158-9178 SP - 932 EP - 939 PB - Institute of Electrical and Electronics Engineers CY - Los Alamitos ER - TY - JOUR A1 - Torkura, Kennedy A. A1 - Sukmana, Muhammad Ihsan Haikal A1 - Cheng, Feng A1 - Meinel, Christoph T1 - CloudStrike BT - chaos engineering for security and resiliency in cloud infrastructure JF - IEEE access : practical research, open solutions N2 - Most cyber-attacks and data breaches in cloud infrastructure are due to human errors and misconfiguration vulnerabilities. Cloud customer-centric tools are imperative for mitigating these issues, however existing cloud security models are largely unable to tackle these security challenges. Therefore, novel security mechanisms are imperative, we propose Risk-driven Fault Injection (RDFI) techniques to address these challenges. RDFI applies the principles of chaos engineering to cloud security and leverages feedback loops to execute, monitor, analyze and plan security fault injection campaigns, based on a knowledge-base. The knowledge-base consists of fault models designed from secure baselines, cloud security best practices and observations derived during iterative fault injection campaigns. These observations are helpful for identifying vulnerabilities while verifying the correctness of security attributes (integrity, confidentiality and availability). Furthermore, RDFI proactively supports risk analysis and security hardening efforts by sharing security information with security mechanisms. We have designed and implemented the RDFI strategies including various chaos engineering algorithms as a software tool: CloudStrike. Several evaluations have been conducted with CloudStrike against infrastructure deployed on two major public cloud infrastructure: Amazon Web Services and Google Cloud Platform. The time performance linearly increases, proportional to increasing attack rates. Also, the analysis of vulnerabilities detected via security fault injection has been used to harden the security of cloud resources to demonstrate the effectiveness of the security information provided by CloudStrike. Therefore, we opine that our approaches are suitable for overcoming contemporary cloud security issues. KW - cloud security KW - security chaos engineering KW - resilient architectures KW - security risk assessment Y1 - 2020 U6 - https://doi.org/10.1109/ACCESS.2020.3007338 SN - 2169-3536 VL - 8 SP - 123044 EP - 123060 PB - Institute of Electrical and Electronics Engineers  CY - Piscataway ER - TY - GEN A1 - Torkura, Kennedy A. A1 - Sukmana, Muhammad Ihsan Haikal A1 - Cheng, Feng A1 - Meinel, Christoph T1 - Leveraging cloud native design patterns for security-as-a-service applications T2 - IEEE International Conference on Smart Cloud (SmartCloud) N2 - This paper discusses a new approach for designing and deploying Security-as-a-Service (SecaaS) applications using cloud native design patterns. Current SecaaS approaches do not efficiently handle the increasing threats to computer systems and applications. For example, requests for security assessments drastically increase after a high-risk security vulnerability is disclosed. In such scenarios, SecaaS applications are unable to dynamically scale to serve requests. A root cause of this challenge is employment of architectures not specifically fitted to cloud environments. Cloud native design patterns resolve this challenge by enabling certain properties e.g. massive scalability and resiliency via the combination of microservice patterns and cloud-focused design patterns. However adopting these patterns is a complex process, during which several security issues are introduced. In this work, we investigate these security issues, we redesign and deploy a monolithic SecaaS application using cloud native design patterns while considering appropriate, layered security counter-measures i.e. at the application and cloud networking layer. Our prototype implementation out-performs traditional, monolithic applications with an average Scanner Time of 6 minutes, without compromising security. Our approach can be employed for designing secure, scalable and performant SecaaS applications that effectively handle unexpected increase in security assessment requests. KW - Cloud-Security KW - Security-as-a-Service KW - Vulnerability Assessment KW - Cloud Native Applications Y1 - 2017 SN - 978-1-5386-3684-8 U6 - https://doi.org/10.1109/SmartCloud.2017.21 SP - 90 EP - 97 PB - Institute of Electrical and Electronics Engineers CY - New York ER - TY - BOOK A1 - Tietz, Christian A1 - Pelchen, Chris A1 - Meinel, Christoph A1 - Schnjakin, Maxim T1 - Management Digitaler Identitäten BT - aktueller Status und zukünftige Trends N2 - Um den zunehmenden Diebstahl digitaler Identitäten zu bekämpfen, gibt es bereits mehr als ein Dutzend Technologien. Sie sind, vor allem bei der Authentifizierung per Passwort, mit spezifischen Nachteilen behaftet, haben andererseits aber auch jeweils besondere Vorteile. Wie solche Kommunikationsstandards und -Protokolle wirkungsvoll miteinander kombiniert werden können, um dadurch mehr Sicherheit zu erreichen, haben die Autoren dieser Studie analysiert. Sie sprechen sich für neuartige Identitätsmanagement-Systeme aus, die sich flexibel auf verschiedene Rollen eines einzelnen Nutzers einstellen können und bequemer zu nutzen sind als bisherige Verfahren. Als ersten Schritt auf dem Weg hin zu einer solchen Identitätsmanagement-Plattform beschreiben sie die Möglichkeiten einer Analyse, die sich auf das individuelle Verhalten eines Nutzers oder einer Sache stützt. Ausgewertet werden dabei Sensordaten mobiler Geräte, welche die Nutzer häufig bei sich tragen und umfassend einsetzen, also z.B. internetfähige Mobiltelefone, Fitness-Tracker und Smart Watches. Die Wissenschaftler beschreiben, wie solche Kleincomputer allein z.B. anhand der Analyse von Bewegungsmustern, Positionsund Netzverbindungsdaten kontinuierlich ein „Vertrauens-Niveau“ errechnen können. Mit diesem ermittelten „Trust Level“ kann jedes Gerät ständig die Wahrscheinlichkeit angeben, mit der sein aktueller Benutzer auch der tatsächliche Besitzer ist, dessen typische Verhaltensmuster es genauestens „kennt“. Wenn der aktuelle Wert des Vertrauens-Niveaus (nicht aber die biometrischen Einzeldaten) an eine externe Instanz wie einen Identitätsprovider übermittelt wird, kann dieser das Trust Level allen Diensten bereitstellen, welche der Anwender nutzt und darüber informieren will. Jeder Dienst ist in der Lage, selbst festzulegen, von welchem Vertrauens-Niveau an er einen Nutzer als authentifiziert ansieht. Erfährt er von einem unter das Limit gesunkenen Trust Level, kann der Identitätsprovider seine Nutzung und die anderer Services verweigern. Die besonderen Vorteile dieses Identitätsmanagement-Ansatzes liegen darin, dass er keine spezifische und teure Hardware benötigt, um spezifische Daten auszuwerten, sondern lediglich Smartphones und so genannte Wearables. Selbst Dinge wie Maschinen, die Daten über ihr eigenes Verhalten per Sensor-Chip ins Internet funken, können einbezogen werden. Die Daten werden kontinuierlich im Hintergrund erhoben, ohne dass sich jemand darum kümmern muss. Sie sind nur für die Berechnung eines Wahrscheinlichkeits-Messwerts von Belang und verlassen niemals das Gerät. Meldet sich ein Internetnutzer bei einem Dienst an, muss er sich nicht zunächst an ein vorher festgelegtes Geheimnis – z.B. ein Passwort – erinnern, sondern braucht nur die Weitergabe seines aktuellen Vertrauens-Wertes mit einem „OK“ freizugeben. Ändert sich das Nutzungsverhalten – etwa durch andere Bewegungen oder andere Orte des Einloggens ins Internet als die üblichen – wird dies schnell erkannt. Unbefugten kann dann sofort der Zugang zum Smartphone oder zu Internetdiensten gesperrt werden. Künftig kann die Auswertung von Verhaltens-Faktoren noch erweitert werden, indem z.B. Routinen an Werktagen, an Wochenenden oder im Urlaub erfasst werden. Der Vergleich mit den live erhobenen Daten zeigt dann an, ob das Verhalten in das übliche Muster passt, der Benutzer also mit höchster Wahrscheinlichkeit auch der ausgewiesene Besitzer des Geräts ist. Über die Techniken des Managements digitaler Identitäten und die damit verbundenen Herausforderungen gibt diese Studie einen umfassenden Überblick. Sie beschreibt zunächst, welche Arten von Angriffen es gibt, durch die digitale Identitäten gestohlen werden können. Sodann werden die unterschiedlichen Verfahren von Identitätsnachweisen vorgestellt. Schließlich liefert die Studie noch eine zusammenfassende Übersicht über die 15 wichtigsten Protokolle und technischen Standards für die Kommunikation zwischen den drei beteiligten Akteuren: Service Provider/Dienstanbieter, Identitätsprovider und Nutzer. Abschließend wird aktuelle Forschung des Hasso-Plattner-Instituts zum Identitätsmanagement vorgestellt. N2 - To prevent the increasing number of identity thefts, more than a douzend technologies are already existing. They have, especially then authentication with passwords, specific disadvantages or advantages, respectively. The authors of this survey analyzed how to combine these communication standards and protocols to provide more security. They recommend new kinds of identity management systems that are flexible for different user roles and are more convenient to use as the existing systems. As a first step to build such an identity management platform the authors describe how to analyze and use the individual behavior of users or objects. As a result sensor data of mobile devices are analyzed. Such devices are internetready mobiles, fitness tracker and smart watches. Therefore devices that users often carry with them. The researchers describe how these little computers can continously analyze movement patterns, data of location and connected networks and compute a trust level from the data. With this trust level, a device can indicate the probability that the current user is the actual owner, because it knows the behavioral patterns of the owner. If the current trust level value (not single biometric data) is send to an external entity like an identity provider, this provider can provide the trust level to all services used by the user. Each service is able to decide which trust level value is necessary for user authentication. If the trust level drops under a this specific threshold the identity provider can deny the access to itself and all other services. The particular advantages of this identity management approach is that no special and expensive hardware is needed but instead smartphone and wearables to evaluate the specific data. Even objects like machines that send data of their own behavior to the internet can be used. The data is continously collected in the background so users do not need to care about it. The data is only used for computing the trust level and never leaves the device. If a user logs into an internet service he does not need to remember a secret anymore, e.g. a password, instead he just needs to give an OK to pass on the trust level. If the user behavior is changing, for example by different movement patterns or unknown or new locations when trying to log into a web services, it can be immediately detected and the access to the smartphone or internet services an be locked for the unauthorized person. In future the evaluation can be extended for example with detecting routines on working days, on weekands or on vacations. The comparisons of learned routines with live data will show if the behavior fits into the usual patterns. This survey gives a comprehensive overview of techniques in digital identity management and the related challenges. First, it describes different kinds of attack methods which attacker uses to steal digital identities. Then possible authentication methods are presented. Eventually a summary of the 15 most important protocols and technical standards for communication between the three involved players: service provider, identity provider and user. Finally, it introduces the current research of the Hasso-Plattner Institute. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 114 KW - Studie KW - Identitätsmanagement KW - Biometrie KW - Authentifizierung KW - Identität KW - Angriffe KW - Mehr-Faktor-Authentifizierung KW - Single-Sign-On KW - HPI Forschung KW - identity management KW - biometrics KW - authentication KW - identity KW - multi factor authentication KW - HPI research KW - wearables KW - smartphone KW - OpenID Connect KW - OAuth KW - FIDO Y1 - 2017 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-103164 SN - 978-3-86956-395-4 SN - 1613-5652 SN - 2191-1665 IS - 114 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - JOUR A1 - Thomas, Max A1 - Staubitz, Thomas A1 - Meinel, Christoph ED - Meinel, Christoph ED - Schweiger, Stefanie ED - Staubitz, Thomas ED - Conrad, Robert ED - Alario Hoyos, Carlos ED - Ebner, Martin ED - Sancassani, Susanna ED - Żur, Agnieszka ED - Friedl, Christian ED - Halawa, Sherif ED - Gamage, Dilrukshi ED - Scott, Jeffrey ED - Kristine Jonson Carlon, May ED - Deville, Yves ED - Gaebel, Michael ED - Delgado Kloos, Carlos ED - von Schmieden, Karen T1 - Preparing MOOChub metadata for the future of online learning BT - optimizing for AI recommendation services JF - EMOOCs 2023 : Post-Covid Prospects for Massive Open Online Courses - Boost or Backlash? N2 - With the growing number of online learning resources, it becomes increasingly difficult and overwhelming to keep track of the latest developments and to find orientation in the plethora of offers. AI-driven services to recommend standalone learning resources or even complete learning paths are discussed as a possible solution for this challenge. To function properly, such services require a well-defined set of metadata provided by the learning resource. During the last few years, the so-called MOOChub metadata format has been established as a de-facto standard by a group of MOOC providers in German-speaking countries. This format, which is based on schema.org, already delivers a quite comprehensive set of metadata. So far, this set has been sufficient to list, display, sort, filter, and search for courses on several MOOC and open educational resources (OER) aggregators. AI recommendation services and further automated integration, beyond a plain listing, have special requirements, however. To optimize the format for proper support of such systems, several extensions and modifications have to be applied. We herein report on a set of suggested changes to prepare the format for this task. KW - Digitale Bildung KW - Kursdesign KW - MOOC KW - Micro Degree KW - Online-Lehre KW - Onlinekurs KW - Onlinekurs-Produktion KW - digital education KW - e-learning KW - micro degree KW - micro-credential KW - online course creation KW - online course design KW - online teaching Y1 - 2023 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus4-624830 SP - 329 EP - 338 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - JOUR A1 - Thienen, Julia von A1 - Weinstein, Theresa Julia A1 - Meinel, Christoph T1 - Creative metacognition in design thinking BT - exploring theories, educational practices, and their implications for measurement JF - Frontiers in psychology N2 - Design thinking is a well-established practical and educational approach to fostering high-level creativity and innovation, which has been refined since the 1950s with the participation of experts like Joy Paul Guilford and Abraham Maslow. Through real-world projects, trainees learn to optimize their creative outcomes by developing and practicing creative cognition and metacognition. This paper provides a holistic perspective on creativity, enabling the formulation of a comprehensive theoretical framework of creative metacognition. It focuses on the design thinking approach to creativity and explores the role of metacognition in four areas of creativity expertise: Products, Processes, People, and Places. The analysis includes task-outcome relationships (product metacognition), the monitoring of strategy effectiveness (process metacognition), an understanding of individual or group strengths and weaknesses (people metacognition), and an examination of the mutual impact between environments and creativity (place metacognition). It also reviews measures taken in design thinking education, including a distribution of cognition and metacognition, to support students in their development of creative mastery. On these grounds, we propose extended methods for measuring creative metacognition with the goal of enhancing comprehensive assessments of the phenomenon. Proposed methodological advancements include accuracy sub-scales, experimental tasks where examinees explore problem and solution spaces, combinations of naturalistic observations with capability testing, as well as physiological assessments as indirect measures of creative metacognition. KW - accuracy KW - creativity KW - design thinking KW - education KW - measurement KW - metacognition KW - innovation KW - framework Y1 - 2023 U6 - https://doi.org/10.3389/fpsyg.2023.1157001 SN - 1664-1078 VL - 14 PB - Frontiers Research Foundation CY - Lausanne ER - TY - JOUR A1 - Thienen, Julia von A1 - Noweski, Christine A1 - Rauth, Ingo A1 - Meinel, Christoph A1 - Lange, Sabine T1 - If you want to know who are, tell me where you are : the importance of places Y1 - 2012 ER - TY - JOUR A1 - Thienen, Julia von A1 - Noweski, Christine A1 - Meinel, Christoph A1 - Rauth, Ingo T1 - The co-evolution of theory and practice in design thinking - or - "Mind the oddness trap!" Y1 - 2011 SN - 978-3-642-13756-3 ER - TY - JOUR A1 - Thienen, Julia von A1 - Noweski, Christine A1 - Meinel, Christoph A1 - Lang, Sabine A1 - Nicolai, Claudia A1 - Bartz, Andreas T1 - What can design thinking learn from behavior group theraphy? Y1 - 2012 SN - 978-3-642-31990-7 ER - TY - JOUR A1 - Thienen, Julia von A1 - Clancey, William J. A1 - Corazza, Giovanni Emanuele A1 - Meinel, Christoph T1 - Theoretical foundations of design thinking creative thinking theories JF - Design Thinking Research: Making Distinctions: Collaboration versus Cooperation N2 - Design thinking is acknowledged as a thriving innovation practice plus something more, something in the line of a deep understanding of innovation processes. At the same time, quite how and why design thinking works-in scientific terms-appeared an open question at first. Over recent years, empirical research has achieved great progress in illuminating the principles that make design thinking successful. Lately, the community began to explore an additional approach. Rather than setting up novel studies, investigations into the history of design thinking hold the promise of adding systematically to our comprehension of basic principles. This chapter makes a start in revisiting design thinking history with the aim of explicating scientific understandings that inform design thinking practices today. It offers a summary of creative thinking theories that were brought to Stanford Engineering in the 1950s by John E. Arnold. Y1 - 2018 SN - 978-3-319-60967-6 SN - 978-3-319-60966-9 U6 - https://doi.org/10.1007/978-3-319-60967-6_2 SP - 13 EP - 40 PB - Springer CY - New York ER - TY - JOUR A1 - Takouna, Ibrahim A1 - Sachs, Kai A1 - Meinel, Christoph T1 - Multiperiod robust optimization for proactive resource provisioning in virtualized data centers JF - The journal of supercomputing : an internat. journal of supercomputer design, analysis and use KW - Energy-aware KW - Virtualization KW - Resource management KW - Robust optimization KW - Prediction Y1 - 2014 U6 - https://doi.org/10.1007/s11227-014-1246-2 SN - 0920-8542 SN - 1573-0484 VL - 70 IS - 3 SP - 1514 EP - 1536 PB - Springer CY - Dordrecht ER - TY - GEN A1 - Sukmana, Muhammad Ihsan Haikal A1 - Torkura, Kennedy A. A1 - Graupner, Hendrik A1 - Cheng, Feng A1 - Meinel, Christoph T1 - Unified Cloud Access Control Model for Cloud Storage Broker T2 - 33rd International Conference on Information Networking (ICOIN 2019) N2 - Cloud Storage Broker (CSB) provides value-added cloud storage service for enterprise usage by leveraging multi-cloud storage architecture. However, it raises several challenges for managing resources and its access control in multiple Cloud Service Providers (CSPs) for authorized CSB stakeholders. In this paper we propose unified cloud access control model that provides the abstraction of CSP's services for centralized and automated cloud resource and access control management in multiple CSPs. Our proposal offers role-based access control for CSB stakeholders to access cloud resources by assigning necessary privileges and access control list for cloud resources and CSB stakeholders, respectively, following privilege separation concept and least privilege principle. We implement our unified model in a CSB system called CloudRAID for Business (CfB) with the evaluation result shows it provides system-and-cloud level security service for cfB and centralized resource and access control management in multiple CSPs. KW - Cloud Storage Broker KW - Cloud access control and resource management KW - Unified cloud model KW - Privilege separation concept KW - Least privilege principle KW - Role-based access control Y1 - 2019 SN - 978-1-5386-8350-7 U6 - https://doi.org/10.1109/ICOIN.2019.8717982 SN - 1976-7684 SP - 60 EP - 65 PB - IEEE CY - Los Alamitos ER - TY - GEN A1 - Sukmana, Muhammad Ihsan Haikal A1 - Torkura, Kennedy A. A1 - Cheng, Feng A1 - Meinel, Christoph A1 - Graupner, Hendrik T1 - Unified logging system for monitoring multiple cloud storage providers in cloud storage broker T2 - 32ND International Conference on Information Networking (ICOIN) N2 - With the increasing demand for personal and enterprise data storage service, Cloud Storage Broker (CSB) provides cloud storage service using multiple Cloud Service Providers (CSPs) with guaranteed Quality of Service (QoS), such as data availability and security. However monitoring cloud storage usage in multiple CSPs has become a challenge for CSB due to lack of standardized logging format for cloud services that causes each CSP to implement its own format. In this paper we propose a unified logging system that can be used by CSB to monitor cloud storage usage across multiple CSPs. We gather cloud storage log files from three different CSPs and normalise these into our proposed log format that can be used for further analysis process. We show that our work enables a coherent view suitable for data navigation, monitoring, and analytics. KW - Unified logging system KW - Cloud Service Provider KW - cloud monitoring KW - data integration KW - security analytics Y1 - 2018 SN - 978-1-5386-2290-2 U6 - https://doi.org/10.1109/ICOIN.2018.8343081 SP - 44 EP - 49 PB - IEEE CY - New York ER -