Forschung

Unser Institut beschäftigt sich mit einem breiten Themenspektrum wie Skalierbarkeit, Zuverlässigkeit, Sicherheit und Datenschutz, Selbstorganisation und Beherrschbarkeit von Komplexität in Verteilten Systemen in einer Vielzahl von Einsatzszenarien wie Cloud-Computing oder Fahrzeug-Fahrzeug-Kommunikation.

Lehre

In der Lehre decken wir das gesamte Spektrum von Rechnernetzen, über verteilte Systeme bis hin zu Sicherheit und Privacy-Schutz ab. Unsere noch offenen Abschlussarbeiten und Projektarbeiten finden Sie auf den entsprechenden Webseiten. Für Prüfungen beachten Sie bitte unsere Hinweise.

Soziale Medien

Unsere letzten Publikationen

Volpert, S., Erb, B., Eisenhart, G., Seybold, D., Wesner, S. and Domaschka, J. 2023. A Methodology and Framework to Determine the Isolation Capabilities of Virtualisation Technologies. Proceedings of the 2023 ACM/SPEC International Conference on Performance Engineering (Coimbra, Portugal, Apr. 2023), 149–160.
The capability to isolate system resources is an essential characteristic of virtualisation technologies and is therefore important for research and industry alike. It allows the co-location of experiments and workloads, the partitioning of system resources and enables multi-tenant business models such as cloud computing. Poor isolation among tenants bears the risk of noisy-neighbour and contention effects which negatively impacts all of those use-cases. These effects describe the negative impact of one tenant onto another by utilising shared resources. Both industry and research provide many different concepts and technologies to realise isolation. Yet, the isolation capabilities of all these different approaches are not well understood; nor is there an established way to measure the quality of their isolation capabilities. Such an understanding, however, is of uttermost importance in practice to elaborately decide on a suited implementation. Hence, in this work, we present a novel methodology to measure the isolation capabilities of virtualisation technologies for system resources, that fulfils all requirements to benchmarking including reliability. It relies on an immutable approach, based on Experiment-as-Code. The complete process holistically includes everything from bare metal resource provisioning to the actual experiment enactment.The results determined by this methodology help in the decision for a virtualisation technology regarding its capability to isolate given resources. Such results are presented here as a closing example in order to validate the proposed methodology.
Köstler, J., Reiser, H.P., Hauck, F.J. and Habiger, G. 2023. Fluidity: location-awareness in replicated state machines. 38th ACM/SIGAPP Symp. on Appl. Comp. – SAC (Mar. 2023).
In planetary-scale replication systems, the overall response delay is greatly influenced by the geographical distances between client and server nodes. Current systems define the replica locations statically during startup time. However, the selected locations might be suboptimal for the clients, and the client request origin distribution may change over time, so a different replica placement may provide lower overall request latencies. In this work, we propose a locationaware replicated state machine that is able to adapt the geographic location of its replicas dynamically during runtime to locations geographically closer to client request origins. Our prototype is able to observe emerging optimization potentials and to reduce the overall request latency for the majority of clients by adapting its replica locations to the time-dependent optimum placement during real-world use case evaluations, whereby the absolute performance gain is dependent on the respective usage scenario.
Schillings, C., Meißner, E., Erb, B., Schultchen, D., Bendig, E. and Pollatos, O. 2023. A chatbot-based intervention with ELME to improve stress and health-related parameters in a stressed sample: Study protocol of a randomised controlled trial. Frontiers in Digital Health. 5, (Mar. 2023), 14.
Background: Stress levels in the general population had already been increasing in recent years, and have subsequently been exacerbated by the global pandemic. One approach for innovative online-based interventions are “chatbots” – computer programs that can simulate a text-based interaction with human users via a conversational interface. Research on the efficacy of chatbot-based interventions in the context of mental health is sparse. The present study is designed to investigate the effects of a three-week chatbot-based intervention with the chatbot ELME, aiming to reduce stress and to improve various health-related parameters in a stressed sample. Methods: In this multicenter, two-armed randomised controlled trial with a parallel design, a three-week chatbot-based intervention group including two daily interactive intervention sessions via smartphone (á 10-20 min.) is compared to a treatment-as-usual control group. A total of 130 adult participants with a medium to high stress levels will be recruited in Germany. Assessments will take place pre-intervention, post-intervention (after three weeks), and follow-up (after six weeks). The primary outcome is perceived stress. Secondary outcomes include self-reported interoceptive accuracy, mindfulness, anxiety, depression, personality, emotion regulation, psychological well-being, stress mindset, intervention credibility and expectancies, affinity for technology, and attitudes towards artificial intelligence. During the intervention, participants undergo ecological momentary assessments. Furthermore, satisfaction with the intervention, the usability of the chatbot, potential negative effects of the intervention, adherence, potential dropout reasons, and open feedback questions regarding the chatbot are assessed post-intervention. Discussion: To the best of our knowledge, this is the first chatbot-based intervention addressing interoception, as well as in the context with the target variables stress and mindfulness. The design of the present study and the usability of the chatbot were successfully tested in a previous feasibility study. To counteract a low adherence of the chatbot-based intervention, a high guidance by the chatbot, short sessions, individual and flexible time points of the intervention units and the ecological momentary assessments, reminder messages, and the opportunity to postpone single units were implemented.
Bradatsch, L., Miroshkin, O. and Kargl, F. 2023. ZTSFC: A Service Function Chaining-Enabled Zero Trust Architecture. IEEE Access. 11, (2023), 125307–125327.
Recently, zero trust security has received notable attention in the security community. However, while many networks use monitoring and security functions like firewalls, their integration in the design of zero trust architectures remains largely unaddressed. In this article, we contribute with respect to this aspect a novel network security architecture called Zero Trust Service Function Chaining (ZTSFC). With ZTSFC, we achieve three main improvements over zero trust architectures: (1) the zero trust components can directly integrate other monitoring and security functions into their access decisions, (2) an efficient flow of information between zero trust components, monitoring, and security functions are achieved, and (3) ZTSFC improves the performance with respect to hardware load and user experience. As proof of concept, we implemented a publicly available ZTSFC prototype based on HTTPS and the policy language ALFA. Using this prototype, we demonstrate the achievement of all three improvements in representative use cases. In addition, our performance evaluation compares ZTSFC with a regular zero trust network without ZTSFC. The results indicate that ZTSFC can reduce CPU usage by 25% for specific monitoring and security functions in certain scenarios. Overall, we also observed a 30% decrease in the time it takes to access services with ZTSFC.
Bradatsch, L., Miroshkin, O., Trkulja, N. and Kargl, F. 2023. Zero Trust Score-based Network-level Access Control in Enterprise Networks. 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (2023), 1–7. [accepted for publication]
Zero Trust security has recently gained attention in enterprise network security. One of its key ideas is making network-level access decisions based on trust scores. However, score-based access control in the enterprise domain still lacks essential elements in our understanding, and in this paper, we contribute with respect to three crucial aspects. First, we provide a comprehensive list of 29 trust attributes that can be used to calculate a trust score. By introducing a novel mathematical approach, we demonstrate how to quantify these attributes. Second, we describe a dynamic risk-based method to calculate the trust threshold the trust score must meet for permitted access. Third, we introduce a novel trust algorithm based on Subjective Logic that incorporates the first two contributions and offers fine-grained decision possibilities. We discuss how this algorithm shows a higher expressiveness compared to a lightweight additive trust algorithm. Performance-wise, a prototype of the Subjective Logic-based approach showed similar calculation times for mak- ing an access decision as the additive approach. In addition, the dynamic threshold calculation showed only 7% increased decision-making times compared to a static threshold.

Klicken Sie hier um eine Übersicht aller Publikationen zu erhalten.

Ältere News finden Sie im Archiv.

Kontakt

Sekretariat

Marion Köhler
Lysha Lewis
Email-Adresse Sekretariat
Telefon: +49 731 50-24140
Telefax: +49 731 50-24142

Postanschrift

Institut für Verteilte Systeme
Universität Ulm
Albert-Einstein-Allee 11
89081 Ulm

Besucheranschrift

James-Franck-Ring
Gebäude O27, Raum 349
89081 Ulm
Sekretariat:
Montag, Mittwoch und Donnerstag ganztags
Dienstag und Freitag nur vormittags besetzt.

Anfahrt