Dominik Meißner

Background: Software agents are computer-programs that conduct conversations with a human. The present study evaluates the feasibility of the software agent “SISU” aiming to uplift psychological wellbeing. Methods: Within a one-group pretest-posttest trial, N = 30 German-speaking participants were recruited. Assessments took place before (t1), during (t2) and after (t3) the intervention. The ability of SISU to guide participants through the intervention, acceptability, and negative effects were investigated. Data analyses are based on intention-to-treat principles. Linear mixed models will be used to investigate short-term changes over time in mood, depression, anxiety. Intervention: The intervention consists of two sessions. Each session comprises writing tasks on autobiographical negative life events and an Acceptance- and Commitment Therapy-based exercise respectively. Participants interact with the software agent on two consecutive days for about 30 min each. Results: All participants completed all sessions within two days. User experience was positive, with all subscales of the user experience questionnaire (UEQ) M > 0.8. Participants experienced their writings as highly self-relevant and personal. However, 57% of the participants reported at least one negative effect attributed to the intervention. Results on linear mixed models indicate an increase in anxiety over time (β = 1.33, p = .001). Qualitative User Feedback revealed that the best thing about SISU was its innovativeness (13%) and anonymity (13%). As worst thing about SISU participants indicated that the conversational style of SISU often felt unnatural (73%). Conclusion: SISU successfully guided participants through the two-day intervention. Moreover, SISU has the potential to enter the inner world of participants. However, intervention contents have the potential to evoke negative effects in individuals. Expectable short-term symptom deterioration due to writing about negative autobiographical life events could not be prevented by acceptance and commitment therapy-based exercises. Hence, results suggest a revision of intervention contents as well as of the conversational style of SISU. The good adherence rate indicates the useful and acceptable format of SISU as a mental health chatbot. Overall, little is known about the effectiveness of software agents in the context of psychological wellbeing. Results of the present trial underline that the innovative technology bears the potential of SISU to act as therapeutic agent but should not be used with its current intervention content. Trial-registration: The Trial is registered at the WHO International Clinical Trials Registry Platform via the German Clinical Studies Register (DRKS): DRKS00014933 (date of registration: 20.06.2018). Link: https://www.drks.de/drks_web/navigate.do?navigationId=trial.HTML&TRIAL_ID=DRKS00014933.

Empirical sciences and in particular psychology suffer a methodological crisis due to the non-reproducibility of results, and in rare cases, questionable research practices. Pre-registered studies and the publication of raw data sets have emerged as effective countermeasures. However, this approach represents only a conceptual procedure and may in some cases exacerbate privacy issues associated with data publications. We establish a novel, privacy-enhanced workflow for pre-registered studies. We also introduce PeQES, a corresponding platform that technically enforces the appropriate execution while at the same time protecting the participants' data from unauthorized use or data repurposing. Our PeQES prototype proves the overall feasibility of our privacy-enhanced workflow while introducing only a negligible performance overhead for data acquisition and data analysis of an actual study. Using trusted computing mechanisms, PeQES is the first platform to enable privacy-enhanced studies, to ensure the integrity of study protocols, and to safeguard the confidentiality of participants' data at the same time.

Modern single page web applications require client-side executions of application logic, including critical functionality such as client-side cryptography. Existing mechanisms such as TLS and Subresource Integrity secure the communication and provide external resource integrity. However, the browser is unaware of modifications to the client-side application as provided by the server and the user remains vulnerable against malicious modifications carried out on the server side. Our solution makes such modifications transparent and empowers the browser to validate the integrity of a web application based on a publicly verifiable log. Our Web Application Integrity Transparency (WAIT) approach requires (1) an extension for browsers for local integrity validations, (2) a custom HTTP header for web servers that host the application, and (3) public log servers that serve the verifiable logs. With WAIT, the browser can disallow the execution of undisclosed application changes. Also, web application providers cannot dispute their authorship for published modifications anymore. Although our approach cannot prevent every conceivable attack on client-side web application integrity, it introduces a novel sense of transparency for users and an increased level of accountability for application providers particularly effective against targeted insider attacks.

Stream-based graph systems continuously ingest graph-changing events via an established input stream, performing the required computation on the corresponding graph. While there are various benchmarking and evaluation approaches for traditional, batch-oriented graph processing systems, there are no common procedures for evaluating stream-based graph systems. We, therefore, present GraphTides, a generic framework which includes the definition of an appropriate system model, an exploration of the parameter space, suitable workloads, and computations required for evaluating such systems. Furthermore, we propose a methodology and provide an architecture for running experimental evaluations. With our framework, we hope to systematically support system development, performance measurements, engineering, and comparisons of stream-based graph systems.

Event sourcing is increasingly used and implemented in event-based systems for maintaining the evolution of application state. However, unbounded event logs are impracticable for many systems, as it is difficult to align scalability requirements and long-term runtime behavior with the corresponding storage requirements. To this end, we explore the design space of log pruning approaches suitable for event-sourced systems. Furthermore, we survey specific log pruning mechanisms for event-sourced logs. In a brief evaluation, we point out the trade-offs when applying pruning to event logs and highlight the applicability of log pruning to event-sourced systems.

Distributed event-sourced systems adopt a fairly new architectural style for data-intensive applications that maintains the full history of the application state. However, the performance implications of such systems are not yet well explored, let alone how the performance of these systems can be improved. A central issue is the lack of systematic performance engineering approaches that take into account the specific characteristics of these systems. To address this problem, we suggest a methodology for performance engineering and performance analysis of distributed event-sourced systems based on specific measurements and subsequent, targeted optimizations. The methodology blends in well into existing software engineering processes and helps developers to identify bottlenecks and to resolve performance issues. Using our structured approach, we improved an existing event-sourced system prototype and increased its performance considerably.

State changes over time are inherent characteristics of stateful applications. So far, there are almost no attempts to make the past application history programmatically accessible or even modifiable. This is primarily due to the complexity of temporal changes and a difficult alignment with prevalent programming primitives and persistence strategies. Retroactive computing enables powerful capabilities though, including computations and predictions of alternate application timelines, post-hoc bug fixes, or retroactive state explorations. We propose an event-driven programming model that is oriented towards serverless computing and applies retroaction to the event sourcing paradigm. Our model is deliberately restrictive, but therefore keeps the complexity of retroactive operations in check. We introduce retro-λ, a runtime platform that implements the model and provides retroactive capabilites to its applications. While retro-λ only shows negligible performance overheads compared to similar solutions for running regular applications, it enables its users to execute retroactive computations on the application histories as part of its programming model.

Stateful applications are based on the state they hold and how it changes over time. This history of state changes is usually discarded as the application progresses. By building on concepts from event processing and storing the application history we envision a novel programming paradigm that supports retroaction. Retroactive computing introduces new opportunities for a developer to access and even modify an application timeline. By enabling the exploration of alternative scenarios, retroactive computing establishes powerful new ways to debug systems and introduces new approaches to solve problems. Initial work has shown the practicality and possibilities of this new programming paradigm and introduces further research questions and challenges.

Several data-intensive applications take streams of events as a continuous input and internally map events onto a dynamic, graph-based data model which is then used for processing. The differences between event processing, graph computing, as well as batch processing and near-realtime processing yield a number of specific requirements for computing platforms that try to unify theses approaches. By combining an altered actor model, an event-sourced persistence layer, and a vertex-based, asynchronous programming model, we propose a distributed computing platform that supports event-driven, graph-based applications in a single platform. Our Chronograph platform concept enables online and offline computations on event-driven, history-aware graphs and supports different processing models on the evolving graph.

An increasing number of distributed, event-based systems adopt an architectural style called event sourcing, in which entities keep their entire history in an event log. Event sourcing enables data lineage and allows entities to rebuild any previous state. Restoring previous application states is a straight-forward task in event-sourced systems with a global and totally ordered event log. However, the extraction of causally consistent snapshots from distributed, individual event logs is rendered non-trivial due to causal relationships between communicating entities. High dynamicity of entities increases the complexity of such reconstructions even more. We present approaches for retrospective and global state extraction of event-sourced applications based on distributed event logs. We provide an overview on historical approaches towards distributed debugging and breakpointing, which are closely related to event log-based state reconstruction. We then introduce and evaluate our approach for non-local state extraction from distributed event logs, which is specifically adapted for dynamic and asynchronous event-sourced systems.

In large-scale disaster scenarios, efficient triage management is a major challenge for emergency services. Rescue forces traditionally respond to such incidents with a paper-based triage system, but technical solutions can potentially achieve improved usability and data availability. We develop a triage management system based on commodity hardware and software components to verify this claim. We use a single-hop, ad-hoc network architecture with multi-master replication, a tablet-based device setup, and a mobile application for emergency services. We study our system in cooperation with regional emergency services and report on experiences from a field exercise. We show that state-of-the-art commodity technology provides the means necessary to implement a triage management system compatible with existing emergency service procedures, while introducing additional benefits. This work highlights that powerful real-world ad-hoc networking applications do not require unreasonable development effort, as existing tools from distributed systems, such as replicating NoSQL databases, can be used successfully.

We have a collection of Java programming tasks as part of our introduction to computer networks course. In these programming tasks students are instructed to implement network applications matching a strict set of rules. The goal of this project is to implement a rule-based testing framework to aid the grading of such programming tasks and providing immediate feedback to students whether their implementation is correct or not.

The deployment process of web applications has changed a lot over the recent years. Manual administration of infrastructure has been streamlined by provisioning tools, such as Ansible, and application deployment has been revolutionized by DevOps practices and orchestration systems, such as Kubernetes. However, these advances often hide a lot of complexity and require a lot of expertise to apply correctly. As part of this work, you should research and compare different approaches to deploy a typical modern three-tier web application (e.g., Vue, Node.js, PostgreSQL). Furthermore, a demo application should be deployed using the researched continuous integration and continuous delivery methods, with special consideration of monitoring, backups, and application upgrades.

As part of our ongoing research, we are currently building a platform for secure statistical analysis based on SGX. The current prototype relies on a very simple statistics language, which we are planning to extend in the future. The goal of this project is to port an existing statistics language interpreter, such as PSPP, to the Rust programming language. Rust features a rich type system and can guarantee memory-safety and thread-safety during compile time, which makes it a great candidate for building safe and fast programming language interpreters. nom is a parser combinators library written in Rust that allows to build safe parsers without compromising on speed or memory consumption. This library can be used as a starting point to implement the parser.

In human science research, maintaining the privacy of research participant is of utmost importance as studies often collect highly sensitive data about individuals. However, most universal guidelines such as the APA code of conduct only state very broad requirements such as a "primary obligation [to] take reasonable precautions to protect confidential information". Additionally, the prevalence of other forms of research misconduct such as authorship fraud raises the question whether research participants can trust researchers to properly handle their data. To increase trust and improve the privacy of research participants, we propose a system that enforces rigorous privacy guarantees on research results. In this thesis, we focus on identifying possible privacy mechanisms which could be applied to statistical analyses as part of social science research and yield strong - and ideally easy to understand - privacy guarantees.

Web clients can not determine whether they have been delivered the same version of a web application as the rest of the world, which allows a web server to deliver manipulated content to specific users, allowing them to bypass implemented functionality or inject other malicious behavior. For example, a malicious web application provider who offers a web application with end-to-end encryption functionality can deliver a manipulated implementation of the encryption mechanism to targeted users and obtain access to otherwise unreadable messages or secret keys. The thesis introduces a concept to authenticate web applications and thus prevent covert attacks by web application providers through different resource versions on individual users. Previous work has created more transparency in resource management, but still allows the use of different resource versions, violates privacy, or is based on a trust model without verification possibilities. The developed concept is based on a verifiable trust model, where all users accept only the same resource version, forcing web application providers to offer the correct web application or increasing the risk for malicious web operators of detecting their manipulated resources. Two different approaches for the verifiable trust model were designed based on available mechanisms and implemented and evaluated in proof-of-concept prototypes. By using the developed concept, web application providers are able to deliver an authenticated web application and thus provide functionality to all users in a trustworthy manner, while at the same time increasing the probability to catch malicious web application providers.

Gemeinsam mit Abteilungen aus der Psychologie wird am Institut für Verteilte Systeme ein programmierbarer Chatbot entwickelt, der insbesondere für Studien und Experimente eingesetzt werden soll. Der derzeitige Prototyp erfordert eine Programmierung der Zustandsautomaten des Bots in Java. Dies ist vor allem für Personen ohne Programmierhintergrund eine große Hürde bei der Gestaltung von Dialog-Skripten. In dieser Abschlussarbeit soll hierfür eine webbasierte Oberfläche entwickelt werden, die eine grafische Erstellung von Chatbot-basierten Studien ermöglicht. Im Rahmen der Arbeit soll zunächst ein überblick über bestehende Tools und Formate erarbeitet werden. Anschließend soll der Funktionsumfang des Bots in einer interaktiven Web-Anwendung abgebildet werden. Die so modellierten Dialoge sollen schließlich in code-basierte Zustandsautomaten zur Ausführung in der Bot-Plattform trans-formiert werden.

Blockchain technology allows for decentralized, distributed, and secure ledgers that store records (e.g., transactions). Popular blockchain-based systems such as Bitcoin and Etherum have emerged as so-called crypto-currencies. As the ledger maintains the full history of transactions, interactions within the system are always persisted. In this work, the student is asked to design and implement online and offline transaction analyses based on Chronograph, a data processing platform for evolving graphs developed at our Institute. Therefore, different blockchain-based systems should be surveyed and appropriate analysis mechanisms should be conducted.

Retroactive computing enables programmatical access to the history of an application. This offers a variety of capabilities, such as computations and predictions of alternate application timelines, post-hoc bug fixes, and retroactive state explorations. Reads and writes of the application state have to be tracked and persisted in order to support retroaction. This is fairly simple for a single-writer append-only log, but entails various issues in a distributed setting. This thesis/project should explore different approaches for a distributed dependency tracking, including a prototypical implementation based on an existing platform prototype and an evaluation of the resulting artifacts.