On this page, all publications that were written in cooperation with our institute are listed. Publications that have been written before the author was employed at our institute can be found at the authors' employee page.


Hauck, F.J. and Heß, A. 2024. Linearizability and state-machine replication: Is it a match?
Bradatsch, L., Hermann, A. and Kargl, F. 2024. Attribute Threat Analysis and Risk Assessment for ABAC and TBAC Systems. In Proceedings of the 21st International Conference on Security and Cryptography (Jul. 2024), 26–39.
Schillings, C., Meißner, E., Erb, B., Bendig, E., Schultchen, D., Pollatos, O. and others 2024. Effects of a Chatbot-Based Intervention on Stress and Health-Related Parameters in a Stressed Sample: Randomized Controlled Trial. JMIR Mental Health. 11, 1 (May 2024), e50454.
Mehdi, M., Hauck, F.J., Pryss, R. and Schlee, W. 2024. Mobile health solutions for Tinnitus. Textbook on Tinnitus (Mar. 2024), 723–738.
Modern mobile devices are mainstream and ubiquitous devices. The widespread adoption of mobile devices has resulted in surge of mobile applications (apps) hosted on marketplaces (app stores) of several mobile platforms. Besides other benefits, these apps are also applied in healthcare-related and medical use, for instance, in case of tinnitus, where tinnitus disorder is associated with the perception of ringing sound without external sound source. In particular, for tinnitus, these apps allow provision of tinnitus-related relief, self-help, and general management. The collective aim of this chapter is to foster and report on Mobile Health (mHealth) solutions, in particular mobile apps within the tinnitus context. First, this chapter provides an up-to-date overview of existing mHealth apps available for major mobile platforms. Second, this chapter provides deep insights into quality and effectiveness of said mobile apps for tinnitus treatment and management. Finally, this chapter provides discussions in relation to the tinnitus-related mHealth apps.
Hauck, F.J. and Heß, A. 2024. Linearizability and state-machine replication. Workshop on Resilient Oper. - Byz. Fault Tol. and State-Machine Repl. – ROBUST (Mar. 2024).
Heß, A. and Hauck, F.J. 2024. A framework for consensus-agnostic state-machine replication based on threshold signatures. Workshop on Resilient Oper. - Byz. Fault Tol. and State-Machine Repl. – ROBUST (Mar. 2024).


Volpert, S., Erb, B., Eisenhart, G., Seybold, D., Wesner, S. and Domaschka, J. 2023. A Methodology and Framework to Determine the Isolation Capabilities of Virtualisation Technologies. Proceedings of the 2023 ACM/SPEC International Conference on Performance Engineering (Coimbra, Portugal, Apr. 2023), 149–160.
The capability to isolate system resources is an essential characteristic of virtualisation technologies and is therefore important for research and industry alike. It allows the co-location of experiments and workloads, the partitioning of system resources and enables multi-tenant business models such as cloud computing. Poor isolation among tenants bears the risk of noisy-neighbour and contention effects which negatively impacts all of those use-cases. These effects describe the negative impact of one tenant onto another by utilising shared resources. Both industry and research provide many different concepts and technologies to realise isolation. Yet, the isolation capabilities of all these different approaches are not well understood; nor is there an established way to measure the quality of their isolation capabilities. Such an understanding, however, is of uttermost importance in practice to elaborately decide on a suited implementation. Hence, in this work, we present a novel methodology to measure the isolation capabilities of virtualisation technologies for system resources, that fulfils all requirements to benchmarking including reliability. It relies on an immutable approach, based on Experiment-as-Code. The complete process holistically includes everything from bare metal resource provisioning to the actual experiment enactment.The results determined by this methodology help in the decision for a virtualisation technology regarding its capability to isolate given resources. Such results are presented here as a closing example in order to validate the proposed methodology.
Köstler, J., Reiser, H.P., Hauck, F.J. and Habiger, G. 2023. Fluidity: location-awareness in replicated state machines. 38th ACM/SIGAPP Symp. on Appl. Comp. – SAC (Mar. 2023).
In planetary-scale replication systems, the overall response delay is greatly influenced by the geographical distances between client and server nodes. Current systems define the replica locations statically during startup time. However, the selected locations might be suboptimal for the clients, and the client request origin distribution may change over time, so a different replica placement may provide lower overall request latencies. In this work, we propose a locationaware replicated state machine that is able to adapt the geographic location of its replicas dynamically during runtime to locations geographically closer to client request origins. Our prototype is able to observe emerging optimization potentials and to reduce the overall request latency for the majority of clients by adapting its replica locations to the time-dependent optimum placement during real-world use case evaluations, whereby the absolute performance gain is dependent on the respective usage scenario.
Schillings, C., Meißner, E., Erb, B., Schultchen, D., Bendig, E. and Pollatos, O. 2023. A chatbot-based intervention with ELME to improve stress and health-related parameters in a stressed sample: Study protocol of a randomised controlled trial. Frontiers in Digital Health. 5, (Mar. 2023), 14.
Background: Stress levels in the general population had already been increasing in recent years, and have subsequently been exacerbated by the global pandemic. One approach for innovative online-based interventions are “chatbots” – computer programs that can simulate a text-based interaction with human users via a conversational interface. Research on the efficacy of chatbot-based interventions in the context of mental health is sparse. The present study is designed to investigate the effects of a three-week chatbot-based intervention with the chatbot ELME, aiming to reduce stress and to improve various health-related parameters in a stressed sample. Methods: In this multicenter, two-armed randomised controlled trial with a parallel design, a three-week chatbot-based intervention group including two daily interactive intervention sessions via smartphone (á 10-20 min.) is compared to a treatment-as-usual control group. A total of 130 adult participants with a medium to high stress levels will be recruited in Germany. Assessments will take place pre-intervention, post-intervention (after three weeks), and follow-up (after six weeks). The primary outcome is perceived stress. Secondary outcomes include self-reported interoceptive accuracy, mindfulness, anxiety, depression, personality, emotion regulation, psychological well-being, stress mindset, intervention credibility and expectancies, affinity for technology, and attitudes towards artificial intelligence. During the intervention, participants undergo ecological momentary assessments. Furthermore, satisfaction with the intervention, the usability of the chatbot, potential negative effects of the intervention, adherence, potential dropout reasons, and open feedback questions regarding the chatbot are assessed post-intervention. Discussion: To the best of our knowledge, this is the first chatbot-based intervention addressing interoception, as well as in the context with the target variables stress and mindfulness. The design of the present study and the usability of the chatbot were successfully tested in a previous feasibility study. To counteract a low adherence of the chatbot-based intervention, a high guidance by the chatbot, short sessions, individual and flexible time points of the intervention units and the ecological momentary assessments, reminder messages, and the opportunity to postpone single units were implemented.
Bradatsch, L., Miroshkin, O. and Kargl, F. 2023. ZTSFC: A Service Function Chaining-Enabled Zero Trust Architecture. IEEE Access. 11, (2023), 125307–125327.
Recently, zero trust security has received notable attention in the security community. However, while many networks use monitoring and security functions like firewalls, their integration in the design of zero trust architectures remains largely unaddressed. In this article, we contribute with respect to this aspect a novel network security architecture called Zero Trust Service Function Chaining (ZTSFC). With ZTSFC, we achieve three main improvements over zero trust architectures: (1) the zero trust components can directly integrate other monitoring and security functions into their access decisions, (2) an efficient flow of information between zero trust components, monitoring, and security functions are achieved, and (3) ZTSFC improves the performance with respect to hardware load and user experience. As proof of concept, we implemented a publicly available ZTSFC prototype based on HTTPS and the policy language ALFA. Using this prototype, we demonstrate the achievement of all three improvements in representative use cases. In addition, our performance evaluation compares ZTSFC with a regular zero trust network without ZTSFC. The results indicate that ZTSFC can reduce CPU usage by 25% for specific monitoring and security functions in certain scenarios. Overall, we also observed a 30% decrease in the time it takes to access services with ZTSFC.
Bradatsch, L., Miroshkin, O., Trkulja, N. and Kargl, F. 2023. Zero Trust Score-based Network-level Access Control in Enterprise Networks. 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (2023), 1–7.
Zero Trust security has recently gained attention in enterprise network security. One of its key ideas is making network-level access decisions based on trust scores. However, score-based access control in the enterprise domain still lacks essential elements in our understanding, and in this paper, we contribute with respect to three crucial aspects. First, we provide a comprehensive list of 29 trust attributes that can be used to calculate a trust score. By introducing a novel mathematical approach, we demonstrate how to quantify these attributes. Second, we describe a dynamic risk-based method to calculate the trust threshold the trust score must meet for permitted access. Third, we introduce a novel trust algorithm based on Subjective Logic that incorporates the first two contributions and offers fine-grained decision possibilities. We discuss how this algorithm shows a higher expressiveness compared to a lightweight additive trust algorithm. Performance-wise, a prototype of the Subjective Logic-based approach showed similar calculation times for mak- ing an access decision as the additive approach. In addition, the dynamic threshold calculation showed only 7% increased decision-making times compared to a static threshold.
Heß, A. and Hauck, F.J. 2023. Towards a Cloud Service for State-Machine Replication. Tagungsband des FG-BS Frühjahrstreffens 2023 (Bonn - Germany, 2023).
State-machine replication (SMR) is a well-known technique to achieve fault tolerance for services that require high availability and fast recovery times. While the concept of SMR has been extensively investigated, there are still missing building blocks to provide a generic offer, which automatically serves applications with SMR technology in the cloud. In this work, we introduce a cloud service architecture that enables automatic deployment of service applications based on customer-friendly service parameters, which are mapped onto an internal configuration that comprises the number of replicas, tolerable failures, and the consensus algorithm, amongst other aspects. The deployed service configuration is masked to large extent with the use of threshold signatures. As a consequence, a reconfiguration in the cloud deployment does not affect the client-side code. We conclude the paper by discussing open engineering questions that need to be addressed in order to provide a productive cloud offer.
Kargl, F., Trkulja, N., Hermann, A., Sommer, F., Ferraz de Lucena, A.R., Kiening, A. and Japs, S. 2023. Securing Cooperative Intersection Management through Subjective Trust Networks. 2023 IEEE 97th Vehicular Technology Conference (VTC2023-Spring) (2023), 1–7.
Connected, Cooperative, and Autonomous Mobility (CCAM) will take intelligent transportation to a new level of complexity. CCAM systems can be thought of as complex Systems-of-Systems (SoSs). They pose new challenges to security as consequences of vulnerabilities or attacks become much harder to assess. In this paper, we propose the use of a specific type of a trust model, called subjective trust network, to model and assess trustworthiness of data and nodes in an automotive SoS. Given the complexity of the topic, we illustrate the application of subjective trust networks on a specific example, namely Cooperative Intersection Management (CIM). To this end, we introduce the CIM use-case and show how it can be modelled as a subjective trust network. We then analyze how such trust models can be useful both for design time and run-time analysis, and how they would allow us a more precise quantitative assessment of trust in automotive SoSs. Finally, we also discuss the open research problems and practical challenges that need to be addressed before such trust models can be applied in practice.
Hermann, A., Wolf, M., Trkulja, N., Jemaa, I.B., Bkakria, A. and Kargl, F. 2023. Privacy of Smart Traffic Lights Systems. 2023 IEEE Vehicular Networking Conference (VNC) (2023), 17–24.
Smart traffic lights systems (STLSs) are a promising approach to improve traffic efficiency at intersections. They rely on the information sent by vehicles via C2X communication (like in cooperative awareness messages (CAMs)) at the managed intersection. While there exists a large body of work on privacy-enhancing technologies (PETs) for cooperative Intelligent Transport Systems (cITS) in general, such PETs like changing pseudonyms often impact the performance of cITS applications. This paper analyzes the extent to which different PETs affect the performance of two types of STLSs, a phase-based and a reservation-based STLS. These are implemented in SUMO and combined with four different PETs. Through extensive simulations we then investigate the impact of those PETs on STLS performance metrics like time loss, waiting time, fuel consumption, and average velocity. Our analysis shows that the impact of PETs on performance varies greatly depending on the type of STLS. Finally, we propose a hybrid STLS which is a combination of the two STLS types as a potential solution for limiting the negative impact of PETs on performance.
Pampel, B., Standl, B., Hildebrand, C., Hauck, F.J., Ulbrich, M. and Paech, B. 2023. Neue Einblicke in den Berufswahlprozess von Informatiklehrkräften. Informatikunterricht zwischen Aktualität und Zeitlosigkeit – INFOS (2023).
Mit der Einführung bzw. dem Ausbau des seit Jahren geforderten Pflichtfaches Informatik entsteht noch mehr Bedarf an qualifizierten Lehrkräften. Auch wenn Maßnahmen zur Nachqualifizierung von bestehenden Lehrkräften einen wichtigen Beitrag zur Deckung des Bedarfs leisten, muss gleichzeitig die Anzahl der Absolvent:innen aus lehramtsbezogenen Informatik-Studiengängen gesteigert werden. Allerdings zeigen die Zahlen, dass es noch immer zu wenig Studienanfänger:innen und noch weniger Absolvent:innen im Lehramt Informatik gibt. Um Maßnahmen zur Stärkung der Lehramtsausbildung im Fach Informatik gezielt auszurichten, muss der Berufswahlprozess erneut in den Blick genommen werden. Die wenigen bisher dazu durchgeführten Untersuchungen haben hier verschiedene Fragen offengelassen bzw. aufgrund der noch nicht ausreichenden Datenlage teils nur mit Vermutungen beantworten können. Der vorliegende Artikel widmet sich der Auswertung einer landesweit in Baden-Württemberg durchgeführten Umfrage unter aktiven Lehramtsstudierenden der Informatik mit erfreulich hoher Rücklaufquote. Es werden neue Erkenntnisse zur Reihenfolge von Teilentscheidungen für das Lehramtsstudium bzw. für die Fächer vorgestellt und der Anteil an Fachwechsler:innen betrachtet. Es wird unterschieden zwischen Studierenden, die während der Schulzeit keinen, einen als nicht gut bewerteten oder als gut bewerteten Informatikunterricht hatten. Darüber hinaus werden Motive der Berufs- bzw. Studiengangswahl in den Blick genommen und der Frage nach Unterschieden zwischen männlichen und weiblichen Studierenden nachgegangen.
Trkulja, N., Hermann, A., Petrovska, A., Kiening, A., Ferraz de Lucena, A.R. and Kargl, F. 2023. In-vehicle trust assessment framework. 21th escar Europe : The World’s Leading Automotive Cyber Security Conference (Hamburg, 15. - 16.11.2023) (2023).
Today’s vehicles run various safety-critical applications requiring data input from diverse in-vehicle components. Adaptive Cruise Control (ACC), for example, can rely on the data input from components such as lidar, radar, GNSS, and cameras. Malicious manipulation of any of this data compromises the data integrity and can result in safety incidents or accidents on the road. Security mechanisms like intrusion detection can be in place; however, they can not reliably assess the consequences of attacks on a system level or for arbitrary subsystems. In this paper, we present a Trust Assessment Framework (TAF) that allows an in-vehicle application in a complex System-of-Systems to assess whether it can trust the integrity of its input data.The TAF assesses the trustworthiness of every component in the data flow chain based on collected evidence. We explain this concept with the example of ACC and show case two ossible implementations of the TAF inside a vehicle.
Kargl, F., Erb, B. and Bösch, C. 2023. Defining Privacy. Digital Phenotyping and Mobile Sensing: New Developments in Psychoinformatics. C. Montag and H. Baumeister, eds. Springer International Publishing. 461–463.


Kleber, S. and Kargl, F. 2022. Refining Network Message Segmentation with Principal Component Analysis. Proceedings of the tenth annual IEEE Conference on Communications and Network Security (Austin, TX, USA, Oct. 2022).
Reverse engineering of undocumented protocols is a common task in security analyses of networked services. The communication itself, captured in traffic traces, contains much of the necessary information to perform such a protocol reverse engineering. The comprehension of the format of unknown messages is of particular interest for binary protocols that are not human-readable. One major challenge is to discover probable fields in a message as the basis for further analyses. Given a set of messages, split into segments of bytes by an existing segmenter, we propose a method to refine the approximation of the field inference. We use principle component analysis (PCA) to discover linearly correlated variance between sets of message segments. We relocate the boundaries of the initial coarse segmentation to more accurately match with the true fields. We perform different evaluations of our method to show its benefit for the message format inference and subsequent analysis tasks from literature that depend on the message format. We can achieve a median improvement of the message format accuracy across different real-world protocols by up to 100 %.
Kleber, S., Stute, M., Hollick, M. and Kargl, F. 2022. Network Message Field Type Classification and Recognition for Unknown Binary Protocols. Proceedings of the DSN Workshop on Data-Centric Dependability and Security (Baltimore, Maryland, USA, Jun. 2022).
Reverse engineering of unknown network protocols based on recorded traffic traces enables security analyses and debugging of undocumented network services. In particular for binary protocols, existing approaches (1) lack comprehensive methods to classify or determine the data type of a discovered segment in a message, e.,g., a number, timestamp, or network address, that would allow for a semantic interpretation and (2) have strong assumptions that prevent analysis of lower-layer protocols often found in IoT or mobile systems. In this paper, we propose the first generic method for analyzing unknown messages from binary protocols to reveal the data types in message fields. To this end, we split messages into segments of bytes and use their vector interpretation to calculate similarities. These can be used to create clusters of segments with the same type and, moreover, to recognize specific data types based on the clusters' characteristics. Our extensive evaluation shows that our method provides precise classification in most cases and a data-type-recognition precision of up to 100% at reasonable recall, improving the state-of-the-art by a factor between 1.3 and 3.7 in realistic scenarios. We open-source our implementation to facilitate follow-up works.
Bauer, A., Leznik, M., Iqbal, M.S., Seybold, D., Trubin, I., Erb, B., Domaschka, J. and Jamshidi, P. 2022. SPEC Research — Introducing the Predictive Data Analytics Working Group. Companion of the 2022 ACM/SPEC International Conference on Performance Engineering (Bejing, China, 2022), 13–14.
The research field of data analytics has grown significantly with the increase of gathered and available data. Accordingly, a large number of tools, metrics, and best practices have been proposed to make sense of this vast amount of data. To this end, benchmarking and standardization are needed to understand the proposed approaches better and continuously improve them. For this purpose, numerous associations and committees exist. One of them is SPEC (Standard Performance Evaluation Corporation), a non-profit corporation for the standardization and benchmarking of performance and energy evaluations. This paper gives an overview of the recently established SPEC RG Predictive Data Analytics Working Group. The mission of this group is to foster interaction between industry and academia by contributing research to the standardization and benchmarking of various aspects of data analytics.
Bradatsch, L., Haeberle, M., Steinert, B., Kargl, F. and Menth, M. 2022. Secure Service Function Chaining in the Context of Zero Trust Security. 2022 IEEE 47th Conference on Local Computer Networks (LCN) (2022), 123–131. (acceptance rate: 24%)
Service Function Chaining (SFC) enables dynamic steering of traffic through a set of service functions based on classification of packets, allowing network operators fine-grained and flexible control of packet flows. New paradigms like Zero Trust (ZT) pose additional requirements to the security of network architectures. This includes client authentication, confidentiality, and integrity throughout the whole network, while also being able to perform operations on the unencrypted payload of packets. However, these requirements are only partially addressed in existing SFC literature. Therefore, we first present a comprehensive analysis of the security requirements for SFC architectures. Based on this analysis, we propose a concept towards the fulfillment of the requirements while maintaining the flexibility of SFC. In addition, we provide and evaluate a proof of concept implementation, and discuss the implications of the design choices.
Kargl, F., Krontiris, I., Weimerskirch, A., Williams, I. and Trkulja, N. 2022. Privacy Protection of Automated and Self-Driving Vehicles (Dagstuhl Seminar 22042). Dagstuhl Reports. 12, 1 (2022), 83–100.
This report documents the program and the outcomes of Dagstuhl Seminar 22042 "Privacy Protection of Automated and Self-Driving Vehicles". The Seminar reviewed existing privacy-enhancing technologies, standards, tools, and frameworks for protecting personal information in the context of automated and self-driving vehicles (AVs). We specifically focused on where such existing techniques clash with requirements of an AV and its data processing and identified the major road blockers on the way to deployment of privacy protection in AVs from a legal, technical, business and ethical perspective. Therefore, the seminar took an interdisciplinary approach involving autonomous and connected driving, privacy protection, and legal data protection experts. This report summarizes the discussions and findings during the seminar, includes the abstracts of talks, and includes a report from the working groups.
Berger, C., Reiser, H.P., Hauck, F.J., Held, F. and Domaschka, J. 2022. Automatic integration of BFT state-machine replication into IoT systems. CoRR. abs/2207.00500, (2022).
Byzantine fault tolerance (BFT) can preserve the availability and integrity of IoT systems where single components may suffer from random data corruption or attacks that can expose them to malicious behavior. While state-of-the-art BFT state-machine replication (SMR) libraries are often tailored to fit a standard request-response interaction model with dedicated client-server roles, in our design, we employ an IoT-fit interaction model that assumes a loosly-coupled, event-driven interaction between arbitrarily wired IoT components. In this paper, we explore the possibility of automating and streamlining the complete process of integrating BFT SMR into a component-based IoT execution environment. Our main goal is providing simplicity for the developer: We strive to decouple the specification of a logical application architecture from the difficulty of incorporating BFT replication mechanisms into it. Thus, our contributions address the automated configuration, re-wiring and deployment of IoT components, and their replicas, within a component-based, event-driven IoT platform.
Berger, C., Reiser, H.P., Hauck, F.J., Held, F. and Domaschka, J. 2022. Automatic integration of BFT state-machine replication into IoT systems. 18th Eur. Dep. Comp. Conf. – EDCC (2022), 1–8.
Byzantine fault tolerance (BFT) can preserve the availability and integrity of IoT systems where single components may suffer from random data corruption or attacks that can expose them to malicious behavior. While state-of-the-art BFT state-machine replication (SMR) libraries are often tailored to fit a standard request-response interaction model with dedicated client-server roles, in our design, we employ an IoT-fit interaction model that assumes a loosly-coupled, event-driven interaction between arbitrarily wired IoT components.In this paper, we explore the possibility of automating and streamlining the complete process of integrating BFT SMR into a component-based IoT execution environment. Our main goal is providing simplicity for the developer: We strive to decouple the specification of a logical application architecture from the difficulty of incorporating BFT replication mechanisms into it. Thus, our contributions address the automated configuration, rewiring and deployment of IoT components, and their replicas, within a component-based, event-driven IoT platform.
Berger, C., Eichhammer, P., Reiser, H.P., Domaschka, J., Hauck, F.J. and Habiger, G. 2022. A survey on resilience in the IoT: taxonomy, classification, and discussion of resilience mechanisms. ACM Comp. Surv. 54, 7 (2022), 147:1-147:39.
Internet-of-Things (IoT) ecosystems tend to grow both in scale and complexity, as they consist of a variety of heterogeneous devices that span over multiple architectural IoT layers (e.g., cloud, edge, sensors). Further, IoT systems increasingly demand the resilient operability of services, as they become part of critical infrastructures. This leads to a broad variety of research works that aim to increase the resilience of these systems. In this article, we create a systematization of knowledge about existing scientific efforts of making IoT systems resilient. In particular, we first discuss the taxonomy and classification of resilience and resilience mechanisms and subsequently survey state-of-the-art resilience mechanisms that have been proposed by research work and are applicable to IoT. As part of the survey, we also discuss questions that focus on the practical aspects of resilience, e.g., which constraints resilience mechanisms impose on developers when designing resilient systems by incorporating a specific mechanism into IoT systems.


Herbert, C., Marschin, V., Erb, B., Meißner, E., Aufheimer, M. and Boesch, C. 2021. Are you willing to self-disclose for science? Effects of Privacy Awareness (PA) and Trust in Privacy (TIP) on self-disclosure of personal and health data in online scientific studies -an experimental study. Frontiers in Big Data. (Dec. 2021). [accepted for publication]
Digital interactions via the internet have become the norm rather than the exception in our global society. Concerns have been raised about human-centered privacy and the often unreflected self-disclosure behavior of internet users. This study on human-centered privacy follows two major aims: first, investigate the willingness of university students as digital natives to self-disclose private data and information from psychological domains including their person, social and academic life, their mental health as well as their health behavior habits when taking part as a volunteer in a scientific online survey. Second, examine to what extent the participants’ self-disclosure behavior can be modulated by experimental induction of Privacy Awareness (PA) or Trust in Privacy (TIP) or a combination of both (PA and TIP). In addition, the role of human factors such as personality traits, gender or mental health (e.g., self-reported depressive symptoms) on self-disclosure behavior was explored and the influence of PA and TIP induction were considered. Participants were randomly assigned to four experimental groups. In group A (n = 50, 7 males), privacy awareness (PA) was induced implicitly by the inclusion of privacy concern items. In group B (n = 43, 6 males), trust in privacy (TIP) was experimentally induced by buzzwords and by visual TIP primes promising safe data storage. Group C (n = 79, 12 males) received both, PA and TIP induction, while group D (n = 55, 9 males) served as control group. Participants had the choice to answer the survey items by agreeing to one of a number of possible answers including the options to refrain from self-disclosure by choosing the response options “don’t know” or “no answer”. Self-disclosure among participants was high irrespective of experimental group and irrespective of psychological domains of the information provided. The results of this study suggest that willingness of volunteers to self-disclose private data in a scientific online study cannot simply be overruled or changed by any of the chosen experimental privacy manipulations. The present results extend the previous literature on human-centered privacy and despite limitations can give important insights into self-disclosure behavior of young people and the privacy paradox.
Erb, B., Bösch, C., Herbert, C., Kargl, F. and Montag, C. 2021. Emerging Privacy Issues in Times of Open Science. (Jun. 2021). PsyArXiv Preprint
The open science movement has taken up the important challenge to increase transparency of statistical analyses, to facilitate reproducibility of studies, and to enhance reusability of data sets. To counter the replication crisis in the psychological and related sciences, the movement also urges researchers to publish their primary data sets alongside their articles. While such data publications represent a desirable improvement in terms of transparency and are also helpful for future research (e.g., subsequent meta-analyses or replication studies), we argue that such a procedure can worsen existing privacy issues that are insufficiently considered so far in this context. Recent advances in de-anonymization and re-identification techniques render privacy protection increasingly difficult, as prevalent anonymization mechanisms for handling participants' data might no longer be adequate. When exploiting publicly shared primary data sets, data from multiple studies can be linked with contextual data and eventually, participants can be de-anonymized. Such attacks can either re-identify specific individuals of interest, or they can be used to de-anonymize entire participant cohorts. The threat of de-anonymization attacks can endanger the perceived confidentiality of responses by participants, and ultimately, lower the overall trust of potential participants into the research process due to privacy concerns.
Genitsaridi, E., Dode, A., Qirjazi, B., Mehdi, M., Pryss, R., Probst, T., Reichert, M., Hauck, F.J. and Hall, D.A. 2021. An Albanian translation of a questionnaire for self-reported tinnitus assessment. Int. J. of Audiology. (Jun. 2021), 1–6.
To our knowledge, there is no published study investigating the characteristics of people experiencing tinnitus in Albania. Such a study would be important, providing the basis for further research in this region and contributing to a wider understanding of tinnitus heterogeneity across different geographic locations. The main objective of this study was to develop an Albanian translation of a standardised questionnaire for tinnitus research, namely the European School for Interdisciplinary Tinnitus Research-Screening Questionnaire (ESIT-SQ). A secondary objective was to assess its applicability and usefulness by conducting an exploratory survey on a small sample of the Albanian tinnitus population.Design and study sample Three translators were recruited to create the Albanian ESIT-SQ translation following good practice guidelines. Using this questionnaire, data from 107 patients attending otolaryngology clinics in Albania were collected.Results Participants reporting various degrees of tinnitus symptom severity had distinct phenotypic characteristics. Application of a random forest approach on this preliminary dataset showed that self-reported hearing difficulty, and tinnitus duration, pitch and temporal manifestation were important variables for predicting tinnitus symptom severity.Conclusions Our study provided an Albanian translation of the ESIT-SQ and demonstrated that it is a useful tool for tinnitus profiling and subgrouping.
Mödinger, D., Lorenz, J.-H. and Hauck, F.J. 2021. Statistical privacy-preserving message broadcast for peer-to-peer networks. PLOS ONE. 16, 5 (May 2021), 1–24.
Privacy concerns are widely discussed in research and society in general. For the public infrastructure of financial blockchains, this discussion encompasses the privacy of the originator of a transaction broadcasted on the underlying peer-to-peer network. Adaptive diffusion is an approach to expose an alternative source of a message to attackers. However, this approach assumes an unsuitable attacker model and a non-realistic network model for current peer-to-peer networks on the Internet. We transform adaptive diffusion into a new statistical privacy-preserving broadcast protocol for realistic current networks. We model a class of unstructured peer-to-peer networks as organically growing graphs and provide models for other classes of such networks. We show that the distribution of shortest paths can be modelled using a normal distribution N ( μ , σ 2 ). We determine statistical estimators for μ, σ via multivariate models. The model behaves logarithmic over the number of nodes n and proportional to an inverse exponential over the number of added edges per node k. These results facilitate the computation of optimal forwarding probabilities during the dissemination phase for maximum privacy, with participants having only limited information about network topology.
Köstler, J., Reiser, H.P., Habiger, G. and Hauck, F.J. 2021. SmartStream: towards Byzantine resilient data streaming. 36th Ann. ACM Symp. on Appl. Comp. – SAC (Virtual Event, Republic of Korea, Mar. 2021), 213–222.
Data streaming platforms connect heterogeneous services through the publish-subscribe paradigm. Currently available platforms provide protection against crash faults, but are not resistant against Byzantine faults like arbitrary hardware faults and intrusions. State machine replication can provide this protection, but the higher resource requirements and the more elaborated communication primitives usually result in a higher overall complexity and a non-negligible performance degradation. This is especially true for data streaming if the default textbook approach of integrating the service into a replicated state machine is followed without further adaptions. The standard state management with state logs and snapshots and without any partitioning scheme limits both performance and scalability in a way those systems become unusable in practice. That is why we propose SmartStream, a topic-based Byzantine fault-tolerant data streaming platform that harmonizes the competing concepts of both systems and leverages the specific characteristics of data streaming, namely the append-only semantics of the application state and its partitionable structure. We show its effectiveness in a prototype implementation and evaluate its performance. The evaluation results show a moderate drop in system throughput when compared to state-of-the-art data streaming platforms like Apache Kafka, but reasonable overall performance considering the stronger resilience guarantees.
Mödinger, D., Heß, A. and Hauck, F.J. 2021. Arbitrary Length k-Anonymous Dining-Cryptographers Communication. CoRR. abs/2103.17091, (Mar. 2021).
Dining-cryptographers networks (DCN) can achieve information-theoretical privacy. Unfortunately, they are not well suited for peer-to-peer networks as they are used in blockchain applications to disseminate transactions and blocks among par- ticipants. In previous but preliminary work, we proposed a three- phase approach with an initial phase based on a DCN with a group size of k while later phases take care of the actual broadcast within a peer-to-peer network. This paper describes our DCN protocol in detail and adds a performance evaluation powered by our proof-of-concept implementation. Our contributions are (i) an extension of the DCN protocol by von Ahn for fair delivery of arbitrarily long messages sent by potentially multiple senders, (ii) a privacy and security analysis of this extension, (iii) various performance optimisation especially for best-case operation, and (iv) a performance evaluation. The latter uses a latency of 100 ms and a bandwidth limit of 50 Mbit s−1 between participants. The interquartile range of the largest test of the highly secured version took 35s ± 1.25s for a full run. All tests of the optimized common-case mode show the dissemination of a message within 0.5s ± 0.1s. These results compare favourably to previously established protocols for k-anonymous transmission of fixed size messages, outperforming the original protocol for messages as small as 2 KiB.
Bradatsch, L., Kargl, F. and Miroshkin, O. 2021. Zero Trust Service Function Chaining. Conference on Networked Systems 2021 (NetSys 2021) (2021).
Meißner, E., Kargl, F. and Erb, B. 2021. WAIT: Protecting the Integrity of Web Applications with Binary-Equivalent Transparency. Proceedings of the 36th Annual ACM Symposium on Applied Computing (Virtual Event, Republic of Korea, 2021), 1950–1953. (acceptance rate: 29%)
Modern single page web applications require client-side executions of application logic, including critical functionality such as client-side cryptography. Existing mechanisms such as TLS and Subresource Integrity secure the communication and provide external resource integrity. However, the browser is unaware of modifications to the client-side application as provided by the server and the user remains vulnerable against malicious modifications carried out on the server side. Our solution makes such modifications transparent and empowers the browser to validate the integrity of a web application based on a publicly verifiable log. Our Web Application Integrity Transparency (WAIT) approach requires (1) an extension for browsers for local integrity validations, (2) a custom HTTP header for web servers that host the application, and (3) public log servers that serve the verifiable logs. With WAIT, the browser can disallow the execution of undisclosed application changes. Also, web application providers cannot dispute their authorship for published modifications anymore. Although our approach cannot prevent every conceivable attack on client-side web application integrity, it introduces a novel sense of transparency for users and an increased level of accountability for application providers particularly effective against targeted insider attacks.
Mödinger, D., Lorenz, J.-H. and Hauck, F.J. 2021. Statistical privacy-preserving message dissemination for peer-to-peer networks. CoRR. abs/2102.01615, (2021).
Concerns for the privacy of communication is widely discussed in research and overall society. For the public financial infrastructure of blockchains, this discussion encompasses the privacy of transaction data and its broadcasting throughout the network. To tackle this problem, we transform a discrete-time protocol for contact networks over infinite trees into a computer network protocol for peer-to-peer networks. Peer-to-peer networks are modeled as organically growing graphs. We show that the distribution of shortest paths in such a network can be modeled using a normal distribution (μ,σ2). We determine statistical estimators for μ,σ via multivariate models. The model behaves logarithmic over the number of nodes n and proportional to an inverse exponential over the number of added edges k. These results facilitate the computation of optimal forwarding probabilities during the dissemination phase for optimal privacy in a limited information environment.
Mödinger, D., Dispan, J. and Hauck, F.J. 2021. Shared-Dining: Broadcasting Secret Shares using Dining-Cryptographers Groups. CoRR. abs/2104.03032, (2021).
A k-anonymous broadcast can be implemented using a small group of dining cryptographers to first share the message, followed by a flooding phase started by group members. Members have little incentive to forward the message in a timely manner, as forwarding incurs costs, or they may even profit from keeping the message. In worst case, this leaves the true originator as the only sender, rendering the dining-cryptographers phase useless and compromising their privacy. We present a novel approach using a modified dining-cryptographers protocol to distributed shares of an (n,k)-Shamir's secret sharing scheme. Finally, all group members broadcast their received share through the network, allowing any recipient of k shares to reconstruct the message, enforcing anonymity. If less than k group members broadcast their shares, the message cannot be decoded thus preventing privacy breaches for the originator. Our system provides (n-|attackers|)-anonymity for up to k-1 attackers and has little performance impact on dissemination. We show these results in a security analysis and performance evaluation based on a proof-of-concept prototype. Throughput rates between 10 and 100 kB/s are enough for many real applications with high privacy requirements, e.g., financial blockchain system.
Mödinger, D., Dispan, J. and Hauck, F.J. 2021. Shared-Dining: Broadcasting Secret Shares Using Dining-Cryptographers Groups. Distributed Applications and Interoperable Systems – DAIS (2021), 83–98.
We introduce a combination of Shamir's secret sharing and dining-cryptographers networks, which provides (n-|attackers|))-anonymity for up to k-1 attackers and has manageable performance impact on dissemination. A k-anonymous broadcast can be implemented using a small group of dining cryptographers to first share the message, followed by a flooding phase started by group members. Members have little incentive to forward the message in a timely manner, as forwarding incurs costs, or they may even profit from keeping the message. In worst case, this leaves the true originator as the only sender, rendering the dining-cryptographers phase useless and compromising their privacy. We present a novel approach using a modified dining-cryptographers protocol to distributed shares of an (n, k)-Shamir's secret sharing scheme. All group members broadcast their received share through the network, allowing any recipient of k shares to reconstruct the message, enforcing anonymity. If less than k group members broadcast their shares, the message cannot be decoded thus preventing privacy breaches for the originator. We demonstrate the privacy and performance results in a security analysis and performance evaluation based on a proof-of-concept prototype. Throughput rates between 10 and 100 kB/s are enough for many real applications with high privacy requirements, e.g., financial blockchain system.
Meißner, E., Engelmann, F., Kargl, F. and Erb, B. 2021. PeQES: A Platform for Privacy-Enhanced Quantitative Empirical Studies. Proceedings of the 36th Annual ACM Symposium on Applied Computing (Virtual Event, Republic of Korea, 2021), 1226–1234. (acceptance rate: 29%)
Empirical sciences and in particular psychology suffer a methodological crisis due to the non-reproducibility of results, and in rare cases, questionable research practices. Pre-registered studies and the publication of raw data sets have emerged as effective countermeasures. However, this approach represents only a conceptual procedure and may in some cases exacerbate privacy issues associated with data publications. We establish a novel, privacy-enhanced workflow for pre-registered studies. We also introduce PeQES, a corresponding platform that technically enforces the appropriate execution while at the same time protecting the participants' data from unauthorized use or data repurposing. Our PeQES prototype proves the overall feasibility of our privacy-enhanced workflow while introducing only a negligible performance overhead for data acquisition and data analysis of an actual study. Using trusted computing mechanisms, PeQES is the first platform to enable privacy-enhanced studies, to ensure the integrity of study protocols, and to safeguard the confidentiality of participants' data at the same time.
Heß, A., Hauck, F.J., Mödinger, D., Pietron, J., Tichy, M. and Domaschka, J. 2021. Morpheus: A Degradation Framework for Resilient IoT Systems. STAF Workshops (Virtual Event, Bergen - Norway, 2021), 105–114.
Graceful degradation is an established concept to improve the resilience of systems, especially when other resilience mechanisms have failed. Its implementation is often heavily tied to the application code and, thus, cumbersome and error prone. As IoT systems get not only ubiquitous but also critical, reliable graceful degradation would be ideal. In this paper, we present the Morpheus framework that provides a TypeScript-internal DSL to enable a systematic development of degradable IoT systems. The design of the framework is based on the concept of separation of concerns by providing distinct yet linked languages to specify hierarchical components and their connections; the components’ operating modes and transfer functions between them; as well as state machines for the specification of the components’ behaviour in each operating mode. The operating modes for each component serve as degradation levels. Automatic degradation of a component is triggered in case of failures of connected components. With recovery from underlying failures, the component is automatically upgraded back to a higher level. We illustrate our framework using a simplified prototype of an entrance barrier of a parking garage
Al-Momani, A., Wuyts, K., Sion, L., Kargl, F., Joosen, W., Erb, B. and Bösch, C. 2021. Land of the Lost: Privacy Patterns’ Forgotten Properties: Enhancing Selection-Support for Privacy Patterns. Proceedings of the 36th Annual ACM Symposium on Applied Computing (Virtual Event, Republic of Korea, 2021), 1217–1225. (acceptance rate: 29%)
Privacy patterns describe core aspects of privacy-enhancing solutions to recurring problems and can, therefore, be instrumental to the privacy-by-design paradigm. However, the privacy patterns domain is still evolving. While the main focus is currently put on compiling and structuring high-quality privacy patterns in catalogs, the support for developers to select suitable privacy patterns is still limited. Privacy patterns selection-support means, in essence, the quick and easy scoping of a collection of patterns to the most applicable ones based on a set of predefined criteria. To evaluate patterns against these criteria, a thorough understanding of the privacy patterns landscape is required. In this paper, (i) we show that there is currently a lack of extensive support for privacy patterns selection due to the insufficient understanding of pattern properties, (ii) we propose additional properties that need to be analyzed and can serve as a first step towards a robust selection criteria, (iii) we analyze and present the properties for 70 privacy patterns, and (iv) we discuss a potential approach of how such a selection-support method can be realized.
Bendig, E., Erb, B., Meißner, E., Bauereiß, N. and Baumeister, H. 2021. Feasibility of a Software agent providing a brief Intervention for Self-help to Uplift psychological wellbeing (“SISU”). A single-group pretest-posttest trial investigating the potential of SISU to act as therapeutic agent. Internet Interventions. 24, (2021), 100377.
Background: Software agents are computer-programs that conduct conversations with a human. The present study evaluates the feasibility of the software agent “SISU” aiming to uplift psychological wellbeing. Methods: Within a one-group pretest-posttest trial, N = 30 German-speaking participants were recruited. Assessments took place before (t1), during (t2) and after (t3) the intervention. The ability of SISU to guide participants through the intervention, acceptability, and negative effects were investigated. Data analyses are based on intention-to-treat principles. Linear mixed models will be used to investigate short-term changes over time in mood, depression, anxiety. Intervention: The intervention consists of two sessions. Each session comprises writing tasks on autobiographical negative life events and an Acceptance- and Commitment Therapy-based exercise respectively. Participants interact with the software agent on two consecutive days for about 30 min each. Results: All participants completed all sessions within two days. User experience was positive, with all subscales of the user experience questionnaire (UEQ) M > 0.8. Participants experienced their writings as highly self-relevant and personal. However, 57% of the participants reported at least one negative effect attributed to the intervention. Results on linear mixed models indicate an increase in anxiety over time (β = 1.33, p = .001). Qualitative User Feedback revealed that the best thing about SISU was its innovativeness (13%) and anonymity (13%). As worst thing about SISU participants indicated that the conversational style of SISU often felt unnatural (73%). Conclusion: SISU successfully guided participants through the two-day intervention. Moreover, SISU has the potential to enter the inner world of participants. However, intervention contents have the potential to evoke negative effects in individuals. Expectable short-term symptom deterioration due to writing about negative autobiographical life events could not be prevented by acceptance and commitment therapy-based exercises. Hence, results suggest a revision of intervention contents as well as of the conversational style of SISU. The good adherence rate indicates the useful and acceptable format of SISU as a mental health chatbot. Overall, little is known about the effectiveness of software agents in the context of psychological wellbeing. Results of the present trial underline that the innovative technology bears the potential of SISU to act as therapeutic agent but should not be used with its current intervention content. Trial-registration: The Trial is registered at the WHO International Clinical Trials Registry Platform via the German Clinical Studies Register (DRKS): DRKS00014933 (date of registration: 20.06.2018). Link:
Dode, A., Mehdi, M., Pryss, R., Schlee, W., Probst, T., Reichert, M., Hauck, F.J. and Winter, M. 2021. Chapter 9: Using a visual analog scale (VAS) to measure tinnitus-related distress and loudness: investigating correlations using the Mini-TQ results of participants from the TrackYourTinnitus platform. Tinnitus: an interdisciplinary approach towards individualized treatment; Results from the European Graduate School for Interdisciplinary Tinnitus Research. Elsevier. 171–190.
ntroduction: Tinnitus, a perception of ringing and buzzing sound in the ear, has not been completely understood yet. It is well known that tinnitus-related distress and loudness can change over time. However, proper comparability for the data collection approaches requires further focused studies. In this context, technology such as the use of mobile devices may be a promising approach. Repeated assessments of tinnitus-related distress and loudness in Ecological Momentary Assessment (EMA) studies require a short assessment, and a Visual Analogic Scale (VAS) is often used in this context. Yet, their comparability with psychometric questionnaires remains unclear and thus was the focus of this study. Research goals: The evaluation of the appropriateness of VAS in measuring tinnitus-related distress and loudness is pursued in this paper. Methods: The Mini Tinnitus Questionnaire (Mini-TQ) measured tinnitus-related distress once. Tinnitus-related distress and tinnitus loudness were measured repeatedly using VAS on a daily basis during 7 days in the TrackYourTinnitus (TYT) smartphone app and were summarized per day using mean and median results. Then, correlations between summarized VAS tinnitus-related distress and summarized VAS tinnitus loudness, on the one side, and Mini-TQ, on the other side, were calculated. Results: Correlations between Mini-TQ and VAS tinnitus-related distress ranged between r = 0.36 and r = 0.52, while correlations between Mini-TQ and VAS tinnitus loudness ranged between r = 0.25 and r = 0.36. The more time difference between the Mini-TQ and the VAS assessments is, the lower the correlations between them. Mean and median VAS values per day resulted in similar correlations. Conclusions: Mobile-based VAS seems to be an appropriate approach to utilize daily measurements of tinnitus-related distress.
Mödinger, D.J. 2021. Broadcast privacy for blockchains. Faculty of Engineering, Computer Science and Psychology, Ulm University. Dissertation.
Kröll, T., Kleber, S., Kargl, F., Hollick, M. and Classen, J. 2021. ARIstoteles - Dissecting Apple’s Baseband Interface. Proceedings of the European Symposium on Research in Computer Security (2021).
Wireless chips and interfaces expose a substantial remote attack surface. As of today, most cellular baseband security research is performed on the Android ecosystem, leaving a huge gap on Apple devices. With iOS jailbreaks, last-generation wireless chips become fairly accessible for performance and security research. Yet, iPhones were never intended to be used as a research platform, and chips and interfaces are undocumented. One protocol to interface with such chips is Apple Remote Invocation (ARI), which interacts with the central phone component CommCenter and multiple user-space daemons, thereby posing a Remote Code Execution (RCE) attack surface. We are the first to reverse-engineer and fuzz-test the ARI interface on iOS. Our Ghidra scripts automatically generate a Wireshark dissector, called ARIstoteles, by parsing closed-source iOS libraries for this undocumented protocol. Moreover, we compare the quality of the dissector to fully-automated approaches based on static trace analysis. Finally, we fuzz the ARI interface based on our reverse-engineering results. The fuzzing results indicate that ARI does not only lack public security research but also has not been well-tested by Apple. By releasing ARIstoteles open-source, we also aim to facilitate similar research in the future.
Berger, C., Eichhammer, P., Reiser, H.P., Domaschka, J., Hauck, F.J. and Habiger, G. 2021. A Survey on Resilience in the IoT: Taxonomy, Classification and Discussion of Resilience Mechanisms. CoRR. abs/2109.02328, (2021).
Internet-of-Things (IoT) ecosystems tend to grow both in scale and complexity as they consist of a variety of heterogeneous devices, which span over multiple architectural IoT layers (e.g., cloud, edge, sensors). Further, IoT systems increasingly demand the resilient operability of services as they become part of critical infrastructures. This leads to a broad variety of research works that aim to increase the resilience of these systems. In this paper, we create a systematization of knowledge about existing scientific efforts of making IoT systems resilient. In particular, we first discuss the taxonomy and classification of resilience and resilience mechanisms and subsequently survey state-of-the-art resilience mechanisms that have been proposed by research work and are applicable to IoT. As part of the survey, we also discuss questions that focus on the practical aspects of resilience, e.g., which constraints resilience mechanisms impose on developers when designing resilient systems by incorporating a specific mechanism into IoT systems.


Mödinger, D., Lorenz, J.-H., van der Heijden, R.W. and Hauck, F.J. 2020. Unobtrusive monitoring: Statistical dissemination latency estimation in Bitcoin’s peer-to-peer network. PLOS ONE. 15, 12 (Dec. 2020), 1–21.
The cryptocurrency system Bitcoin uses a peer-to-peer network to distribute new transactions to all participants. For risk estimation and usability aspects of Bitcoin applications, it is necessary to know the time required to disseminate a transaction within the network. Unfortunately, this time is not immediately obvious and hard to acquire. Measuring the dissemination latency requires many connections into the Bitcoin network, wasting network resources. Some third parties operate that way and publish large scale measurements. Relying on these measurements introduces a dependency and requires additional trust. This work describes how to unobtrusively acquire reliable estimates of the dissemination latencies for transactions without involving a third party. The dissemination latency is modelled with a lognormal distribution, and we estimate their parameters using a Bayesian model that can be updated dynamically. Our approach provides reliable estimates even when using only eight connections, the minimum connection number used by the default Bitcoin client. We provide an implementation of our approach as well as datasets for modelling and evaluation. Our approach, while slightly underestimating the latency distribution, is largely congruent with observed dissemination latencies.
Mehdi, M., Stach, M., Riha, C., Neff, P., Dode, A., Pryss, R., Schlee, W., Reichert, M. and Hauck, F.J. 2020. Smartphone and Mobile Health Apps for Tinnitus: Systematic Identification, Analysis, and Assessment. JMIR Mhealth Uhealth. 8, 8 (Aug. 2020).
Background: Modern smartphones contain sophisticated high-end hardware features, offering high computational capabilities at extremely manageable costs and have undoubtedly become an integral part in users' daily life. Additionally, smartphones offer a well-established ecosystem that is easily discoverable and accessible via the marketplaces of differing mobile platforms, thus encouraging the development of many smartphone apps. Such apps are not exclusively used for entertainment purposes but are also commonplace in health care and medical use. A variety of those health and medical apps exist within the context of tinnitus, a phantom sound perception in the absence of any physical external source. Objective: In this paper, we shed light on existing smartphone apps addressing tinnitus by providing an up-to-date overview. Methods: Based on PRISMA guidelines, we systematically searched and identified existing smartphone apps on the most prominent app markets, namely Google Play Store and Apple App Store. In addition, we applied the Mobile App Rating Scale (MARS) to evaluate and assess the apps in terms of their general quality and in-depth user experience. Results: Our systematic search and screening of smartphone apps yielded a total of 34 apps (34 Android apps, 26 iOS apps). The mean MARS scores (out of 5) ranged between 2.65-4.60. The Tinnitus Peace smartphone app had the lowest score (mean 2.65, SD 0.20), and Sanvello—Stress and Anxiety Help had the highest MARS score (mean 4.60, SD 0.10). The interrater agreement was substantial (Fleiss κ=0.74), the internal consistency was excellent (Cronbach α=.95), and the interrater reliability was found to be both high and excellent—Guttman λ6=0.94 and intraclass correlation, ICC(2,k) 0.94 (95% CI 0.91-0.97), respectively. Conclusions: This work demonstrated that there exists a plethora of smartphone apps for tinnitus. All of the apps received MARS scores higher than 2, suggesting that they all have some technical functional value. However, nearly all identified apps were lacking in terms of scientific evidence, suggesting the need for stringent clinical validation of smartphone apps in future. To the best of our knowledge, this work is the first to systematically identify and evaluate smartphone apps within the context of tinnitus.
Mehdi, M., Hennig, L., Diemer, F., Dode, A., Pryss, R., Schlee, W., Reichert, M. and Hauck, F.J. 2020. Towards Mobile-Based Preprocessing Pipeline for Electroencephalography (EEG) Analyses: The Case of Tinnitus. 9th EAI Int. Conf. on Wireless Mobile Comm. & Healthcare - MobiHealth (2020), 67–86.
Recent developments in Brain-Computer Interfaces (BCI)—technologies to collect brain imaging data—allow recording of Electroencephalography (EEG) data outside of a laboratory setting by means of mobile EEG systems. Brain imaging has been pivotal in understanding the neurobiological correlates of human behavior in many complex disorders. This is also the case for tinnitus, a disorder that causes phantom noise sensations in the ears in absence of any sound source. As studies have shown that tinnitus is also influenced by complexities in non-auditory brain areas, mobile EEG can be a viable solution in better understanding the influencing factors causing tinnitus. Mobile EEG will become even more useful, if real-time EEG analysis in mobile experimental environments is enabled, e.g., as an immediate feedback to physicians and patients or in undeveloped areas where a laboratory setup is unfeasible. The volume and complexity of brain imaging data have made preprocessing a pertinent step in the process of analysis, e.g., for data cleaning and artifact removal. We introduce the first smartphone-based preprocessing pipeline for real-time EEG analysis. More specifically, we present a mobile app with a rudimentary EEG preprocessing pipeline and evaluate the app and its resource consumption underpinning the feasibility of smartphones for EEG preprocessing. Our proposed approach will allow researchers to collect brain imaging data of tinnitus and other patients in real-world environments and everyday situations, thereby collecting evidence for previously unknown facts about tinnitus and other conditions.
Mehdi, M., Diemer, F., Hennig, L., Dode, A., Pryss, R., Schlee, W., Reichert, M. and Hauck, F.J. 2020. TinnituSense: a Mobile Electroencephalography (EEG) Smartphone App for Tinnitus Research. 17th EAI Int. Conf. on Wireless Mobile & Ubiq. Comp. - MobiQuitous (2020), 252–261.
Tinnitus is a disorder or symptom that causes phantom noise sensation in the ears without presence of any external sound source. Tinnitus is understood as a problem caused by underlying damage in the inner-ear. However, recent studies have shown that tinnitus is also influenced by complexities in non-auditory brain areas. Among different brain-imaging techniques, mobile Electroencephalography (EEG) can be a viable solution in better understanding the influencing factors in the brain causing tinnitus, but real-time analysis of EEG in real-world environments is faced by unique challenges and limitations. We present the first pure smartphone-based solution to acquire and analyze EEG data in real time and in everyday settings, as well as in any other scenario which does not allow large setups. More specifically, we propose TinnituSense a smartphone app for EEG recordings and visualization, and evaluate this app to claim the feasibility of our approach. On one hand, the proposed approach will open the opportunities to perform brain-imaging in real-world environment. On the other hand, the developed app will allow tinnitus researchers to collect evidence for new facts regarding tinnitus with the help of ambulatory brain-imaging data.
Mehdi, M., Riha, C., Neff, P., Dode, A., Pryss, R., Schlee, W., Reichert, M. and Hauck, F.J. 2020. Smartphone Apps in the Context of Tinnitus: Systematic Review. Sensors. 20, 6 (2020), 1725.
martphones containing sophisticated high-end hardware and offering high computational capabilities at extremely manageable costs have become mainstream and an integral part of users’ lives. Widespread adoption of smartphone devices has encouraged the development of many smartphone applications, resulting in a well-established ecosystem, which is easily discoverable and accessible via respective marketplaces of differing mobile platforms. These smartphone applications are no longer exclusively limited to entertainment purposes but are increasingly established in the scientific and medical field. In the context of tinnitus, the ringing in the ear, these smartphone apps range from relief, management, self-help, all the way to interfacing external sensors to better understand the phenomenon. In this paper, we aim to bring forth the smartphone applications in and around tinnitus. Based on the PRISMA guidelines, we systematically analyze and investigate the current state of smartphone apps, that are directly applied in the context of tinnitus. In particular, we explore Google Scholar, CiteSeerX, Microsoft Academics, Semantic Scholar for the identification of scientific contributions. Additionally, we search and explore Google’s Play and Apple’s App Stores to identify relevant smartphone apps and their respective properties. This review work gives (1) an up-to-date overview of existing apps, and (2) lists and discusses scientific literature pertaining to the smartphone apps used within the context of tinnitus.
Habiger, G., Hauck, F.J., Reiser, H.P. and Köstler, J. 2020. Self-optimising Application-agnostic Multithreading for Replicated State Machines. Int. Symp. on Rel. Distr. Sys. – SRDS (2020), 165–174.
State-machine replication (SMR) is a well-known approach for fault-tolerant services demanding fast recovery. It is not easy, however, to parallelise SMR in order to exploit modern multicore architectures. Two main approaches have been extensively studied; one focusing on request-level concurrency using prior knowledge, the other utilising application-agnostic and lock-level deterministic scheduling. We show that significant performance improvements for the latter approach require deterministic scheduler configurations to be dynamically adapted to the current application load during runtime. First, we summarise current research on parallel SMR execution. Second, an analysis of obstacles in lock-level deterministic multithreading approaches shows how static scheduler configurations can lead to poor performance when load on the system varies over time. Third, we present a simple yet effective automatic adaptation solution, which provides significantly better overall system behaviour compared to static configurations. This is demonstrated by evaluations using a full system setup.
Mödinger, D., Fröhlich, N. and Hauck, F.J. 2020. Pixy: A Privacy-Increasing Group Creation Scheme. 9th Int. Conf. on Netw., Comm. & Comp. – ICNCC (Tokyo, Japan, 2020), 118–124.
Modern peer-to-peer networks provide a lot of value. However, as the networks handle more and more sensitive data, e.g. in cryptocurrencies, privacy becomes an issue. Several approaches to provide efficient privacy to network participants rely on group formation with little or no regard to the privacy impact of how groups are created. Group creation is often based on random selection, which can easily be highjacked by attackers. We propose Pixy, an extensible, component-based scheme to increase privacy during group formation stages beyond current approaches. Our scheme provides a two-stage setup for group formation. First, a selection based on personal and network-wide collaboration lists reduces the attack surface for group initiators. Second, a testing phase based on cryptographic puzzles and, for suitable contexts, CAPTCHAs sort out Sybil attackers. We show that this scheme improves the current state of privacy in group-creation processes.
Kleber, S., Heijden, R.W. van der and Kargl, F. 2020. Message Type Identification of Binary Network Protocols using Continuous Segment Similarity. Proceedings of the Conference on Computer Communications (2020).
Protocol reverse engineering based on traffic traces infers the behavior of unknown network protocols by analyzing observable network messages. To perform correct deduction of message semantics or behavior analysis, accurate message type identification is an essential first step. However, identifying message types is particularly difficult for binary protocols, whose structural features are hidden in their densely packed data representation. In this paper, we leverage the intrinsic structural features of binary protocols and propose an accurate method for discriminating message types. Our approach uses a continuous similarity measure by comparing feature vectors where vector elements correspond to the fields in a message, rather than discrete byte values. This enables a better recognition of structural patterns, which remain hidden when only exact value matches are considered. We combine Hirschberg alignment with DBSCAN as cluster algorithm to yield a novel inference mechanism. By applying novel autoconfiguration schemes, we do not require manually configured parameters for the analysis of an unknown protocol, as required by earlier approaches. Results of our evaluations show that our approach has considerable advantages in message type identification result quality but also execution performance over previous approaches.
Tichy, M., Pietron, J., Mödinger, D., Juhnke, K. and Hauck, F.J. 2020. Experiences with an Internal DSL in the IoT Domain. 4th Int. Worshp. on Model-Driv. Eng. for IoT – MDE4IoT (2020), 22–34.
Modeling the architecture and behavior of embedded systems has long been a success story in the engineering of embedded systems due to the positive effects on quality and productivity, e.g., by declara- tive specifications, by enabling formal analyses, and by the generation of optimized code. These benefits, however, can only be reaped with extensive investments in specialized languages and tools which typically come with a closed and highly restrictive ecosystem. In this paper, we report our experiences while building an internal domain-specific language for IoT systems. We present our modeling language realized in Type- Script and integrated into the TypeScript/JavaScript ecosystem. The modeling language supports the declarative specification and execution of components, connectors, and state machines. We also provide a simple state space exploration to enable quality assurance techniques like test case generation and model checking. The language is illustrated by a running example with IoT devices. We believe that our solution lies at a sweet spot of providing a declarative modeling experience while reaping benefits from modern programming languages and their ecosystem to boost productivity
Mehdi, M., Dode, A., Pryss, R., Schlee, W., Reichert, M. and Hauck, F.J. 2020. Contemporary Review of Smartphone Apps for Tinnitus Management and Treatment. Brain Sciences. 10, 11 (2020).
Tinnitus is a complex and heterogeneous psycho-physiological disorder responsible for causing a phantom ringing or buzzing sound albeit the absence of an external sound source. It has a direct influence on affecting the quality of life of its sufferers. Despite being around for a while, there has not been a cure for tinnitus, and the usual course of action for its treatment involves use of tinnitus retaining and sound therapy, or Cognitive Behavioral Therapy (CBT). One positive aspect about these therapies is that they can be administered face-to-face as well as delivered via internet or smartphone. Smartphones are especially helpful as they are highly personalized devices, and offer a well-established ecosystem of apps, accessible via respective marketplaces of differing mobile platforms. Note that current therapeutic treatments such as CBT have shown to be effective in suppressing the tinnitus symptoms when administered face-to-face, their effectiveness when being delivered using smartphones is not known so far. A quick search on the prominent market places of popular mobile platforms (Android and iOS) yielded roughly 250 smartphone apps offering tinnitus-related therapies and tinnitus management. As this number is expected to steadily increase due to high interest in smartphone app development, a contemporary review of such apps is crucial. In this paper, we aim to review scientific studies validating the smartphone apps, particularly to test their effectiveness in tinnitus management and treatment. We use the PRISMA guidelines for identification of studies on major scientific literature sources and delineate the outcomes of identified studies.
Mödinger, D. and Hauck, F.J. 2020. 3P3: Strong Flexible Privacy for Broadcasts. 19th IEEE Int. Conf. on Trust, Sec. & Priv. in Comp. & Comm. – TrustCom (2020), 1630–1637.
Privacy concerns have reached the mainstream discourse in society and already had a significant impact on research and technology. Cryptocurrencies have adopted many transaction-level privacy mechanisms to provide privacy in the persisted blockchain. Unfortunately, these are insufficient as network-level attacks can also provide privacy-breaking insights into transactions and their origins. We proposed k-Dining Cryptographers and topological methods as a basis for a privacy-preserving broadcast protocol. In this work, we present 3P3, a three-phase privacy-preserving broadcast protocol. We transformed our approach to a stronger attacker model so that it provides strong base privacy against global attackers and malicious nodes and additional privacy against common attackers, e.g., botnets. Further, we provide mechanisms to transmit almost arbitrarily long messages, reduce overhead for zero-message rounds, a more extensive analysis, and simulation results of our enhanced protocol. Our simulations show the dissemination of a message to all nodes within 1000ms in 99.9% of instances. These results hold for all network sizes, including networks of up to 10,000 participants. Bandwidth estimates also show practical applicability with usual group sizes of 10 to 30 participants.


Domaschka, J., Berger, C., Reiser, H.P., Eichhammer, P., Griesinger, F., Pietron, J., Tichy, M., Hauck, F.J. and Habiger, G. 2019. SORRIR: a resilient self-organizing middleware for IoT applications. Proc. of 6th Int. Worksh. on Middlew. and App. for the Internet of Things (M4IoT) (Davis, CA, Dec. 2019), 13–16.
Kleber, S. and Kargl, F. 2019. Poster: Network Message Field Type Recognition. Proceedings of the 26th Conference on Computer and Communications Security (London, UK, Nov. 2019), 2581–2583.
Mehdi, M., Schwager, D., Pryss, R., Schlee, W., Reichert, M. and Hauck, F.J. 2019. Towards automated smart mobile crowdsensing for tinnitus research. Proc. of the 32nd Int. Symp. on Comp.-Based Medical Sys. (CBMS). IEEE.
Tinnitus is a disorder that is not entirely understood, and many of its correlations are still unknown. On the other hand, smartphones became ubiquitous. Their modern versions provide high computational capabilities, reasonable battery size, and a bunch of embedded high-quality sensors, combined with an accepted user interface and an application ecosystem. For tinnitus, as for many other health problems, there are a number of apps trying to help patients, therapists, and researchers to get insights into personal characteristics but also into scientific correlations as such. In this paper, we present the first approach to an app in this context, called TinnituSense that does automatic sensing of related characteristics and enables correlations to the current condition of the patient by a combined participatory sensing, e.g., a questionnaire. For tinnitus, there is a strong hypothesis that weather conditions have some influence. Our proof-of-concept implementation records weather-related sensor data and correlates them to the standard Tinnitus Handicap Inventory (THI) questionnaire. Thus, TinnituSense enables therapists and researchers to collect evidence for unknown facts, as this is the first opportunity to correlate weather to patient conditions on a larger scale. Our concept as such is limited neither to tinnitus nor to built-in sensors, e.g., in the tinnitus domain, we are experimenting with mobile EEG sensors. TinnituSense is faced with several challenges of which we already solved principle architecture, sensor management, and energy consumption.
Eichhammer, P., Berger, C., Reiser, H.P., Domaschka, J., Hauck, F.J., Habiger, G., Griesinger, F. and Pietron, J. 2019. Towards a robust, self-organizing IoT platform for secure and dependable service execution. Tagungsband des FB-SYS Herbsttreffens 2019 (Osnabrück, 2019).
Bendig, E., Erb, B., Schulze-Thuesing, L. and Baumeister, H. 2019. The Next Generation: Chatbots in Clinical Psychology and Psychotherapy to Foster Mental Health – A Scoping Review. Verhaltenstherapie. 29, 4 (2019), 266–280.
Background and Purpose: The present age of digitalization brings with it progress and new possibilities for health care in general and clinical psychology/psychotherapy in particular. Internet- and mobile-based interventions (IMIs) have often been evaluated. A fully automated version of IMIs are chatbots. Chatbots are automated computer programs that are able to hold, e.g., a script-based conversation with a human being. Chatbots could contribute to the extension of health care services. The aim of this review is to conceptualize the scope and to work out the current state of the art of chatbots fostering mental health. Methods: The present article is a scoping review on chatbots in clinical psychology and psychotherapy. Studies that utilized chatbots to foster mental health were included. Results: The technology of chatbots is still experimental in nature. Studies are most often pilot studies by nature. The field lacks high-quality evidence derived from randomized controlled studies. Results with regard to practicability, feasibility, and acceptance of chatbots to foster mental health are promising but not yet directly transferable to psychotherapeutic contexts. ­Discussion: The rapidly increasing research on chatbots in the field of clinical psychology and psychotherapy requires corrective measures. Issues like effectiveness, sustainability, and especially safety and subsequent tests of technology are elements that should be instituted as a corrective for future funding programs of chatbots in clinical psychology and psychotherapy.
Habiger, G. and Hauck, F.J. 2019. Systems support for efficient state-machine replication. Tagungsband des FB-SYS Herbsttreffens 2019 (Osnabrück, 2019).
Kargl, F., van der Heijden, R.W., Erb, B. and Bösch, C. 2019. Privacy in mobile sensing. Digital Phenotyping and Mobile Sensing. H. Baumeister and C. Montag, eds. Springer. 3–12.
In this chapter, we discuss the privacy implications of mobile sensing and modern psycho-social sciences. We aim to raise awareness of the multifaceted nature of privacy, describing the legal, technical and applied aspects in some detail. Not only since the European GDPR, these aspects lead to a broad spectrum of challenges of which data processors cannot be absolved by a simple consent form from their users. Instead appropriate technical and organizational measures should be put in place through a proper privacy engineering process. Throughout the chapter, we illustrate the importance of privacy protection through a set of examples and also technical approaches to address these challenges. We conclude this chapter with an outlook on privacy in mobile sensing, digital phenotyping and, psychoinformatics.
Kopp, H., Mödinger, D., Hauck, F.J. and Kargl, F. 2019. Cryptographic design of PriCloud, a privacy-preserving decentralized storage with remuneration. IEEE Trans. on Dep. and Sec. Comp. 18, 4 (2019), 1908–1919.
Over the last years, demand for file hosting has sky-rocketed due to cost reductions and availability of services. However, centralized providers have a negative impact on the privacy of their users, since they are able to read and collect various data about their users and even link it to their identity via their payments. On the other hand, decentralized storage solutions like GNUnet suffer from a lack of participation by providers, since there is no feasible business model. We propose PriCloud, a decentralized storage system which allows users to pay their storage providers without sacrificing their privacy by employing anonymous storage smart contracts and private payments on a blockchain. We are able to provide privacy to the users and storage providers, and unlinkability between users and files. Our system offers decentralized file storage including strong privacy guarantees and built-in remuneration for storage providers.
Nägele, D., Hauser, C.B., Bradatsch, L. and Wesner, S. 2019. bwNetFlow: A Customizable Multi-Tenant Flow Processing Platform for Transit Providers. 2019 IEEE/ACM Innovating the Network for Data-Intensive Science (INDIS) (2019), 9–16.
Bradatsch, L. 2019. Anomaly detection based on traffic records. International Conference on Networked Systems (2019).


Habiger, G., Hauck, F.J., Köstler, J. and Reiser, H.P. 2018. Resource-Efficient State-Machine Replication with Multithreading and Vertical Scaling. Proc. of the 14th Eur. Dep. Comp. Conf. (EDCC) (Iaşi, Romania, Sep. 2018).
State-machine replication (SMR) enables transparent and delayless masking of node faults. It can tolerate crash faults and malicious misbehavior, but usually comes with high resource costs, not only by requiring multiple active replicas, but also by providing the replicas with enough resources for the expected peak load. This paper presents a vertical resource-scaling solution for SMR systems in virtualized environments, which can dynamically adapt the number of available cores to current load. In similar approaches, benefits of CPU core scaling are usually small due to the inherent sequential execution of SMR systems in order to achieve determinism. In our approach, we utilize sophisticated deterministic multithreading to avoid this bottleneck and experimentally demonstrate that core scaling then allows SMR systems to effectively tailor resources to service load, dramatically reducing service provider costs.
Mödinger, D., Kopp, H., Kargl, F. and Hauck, F.J. 2018. A Flexible Network Approach to Privacy of Blockchain Transactions. 38th IEEE Int. Conf. on Distrib. Comp. Sys. (Vienna, Jul. 2018), 1486–1491.
For preserving privacy, blockchains can be equipped with dedicated mechanisms to anonymize participants. How- ever, these mechanism often take only the abstraction layer of blockchains into account whereas observations of the underlying network traffic can reveal the originator of a transaction request. Previous solutions either provide topological privacy that can be broken by attackers controlling a large number of nodes, or offer strong and cryptographic privacy but are inefficient up to practical unusability. Further, there is no flexible way to trade privacy against efficiency to adjust to practical needs. We propose a novel approach that combines existing mechanisms to have quantifiable and adjustable cryptographic privacy which is further improved by augmented statistical measures that prevent frequent attacks with lower resources. This approach achieves flexibility for privacy and efficency requirements of different blockchain use cases.
Mödinger, D., Kopp, H., Kargl, F. and Hauck, F.J. 2018. Towards Enhanced Network Privacy for Blockchains. Short research statement for the DSN Workshop on Byzantine Consensus and Resilient Blockchains (BCRB) (Luxemburg, Jun. 2018).
Privacy aspects of blockchains have gained attention as the log of transactions can be view by any interested party. Privacy mechanisms applied to the ledger can be undermined by attackers on the network level, resulting in deanonymization of the transaction senders. We discuss current approaches to this problem, e.g. Dandelion, sketch our own approach to provide even stronger privacy mechanisms and discuss the challenges and open questions for further research in this area.
Schlee, W. et al. 2018. Innovations in doctoral training and research on Tinnitus: the European School on Interdisciplinary Tinnitus Research (ESIT) perspective. Frontiers in Aging Neuroscience. 9, (Jan. 2018), 447.
Tinnitus is a common medical condition which interfaces many different disciplines, yet it is not a priority for any individual discipline. A change in its scientific understanding and clinical management requires a shift toward multidisciplinary cooperation, not only in research but also in training. The European School for Interdisciplinary Tinnitus research (ESIT) brings together a unique multidisciplinary consortium of clinical practitioners, academic researchers, commercial partners, patient organizations, and public health experts to conduct innovative research and train the next generation of tinnitus researchers. ESIT supports fundamental science and clinical research projects in order to: (1) advancing new treatment solutions for tinnitus, (2) improving existing treatment paradigms, (3) developing innovative research methods, (4) performing genetic studies on, (5) collecting epidemiological data to create new knowledge about prevalence and risk factors, (6) establishing a pan-European data resource. All research projects involve inter-sectoral partnerships through practical training, quite unlike anything that can be offered by any single university alone. Likewise, the postgraduate training curriculum fosters a deep knowledge about tinnitus whilst nurturing transferable competencies in personal qualities and approaches needed to be an effective researcher, knowledge of the standards, requirements and professionalism to do research, and skills to work with others and to ensure the wider impact of research. ESIT is the seed for future generations of creative, entrepreneurial, and innovative researchers, trained to master the upcoming challenges in the tinnitus field, to implement sustained changes in prevention and clinical management of tinnitus, and to shape doctoral education in tinnitus for the future.
Meißner, E. 2018. Towards Time Travel in Distributed Event-Sourced Systems. Proceedings of the 12th ACM International Conference on Distributed and Event-Based Systems (Hamilton, New Zealand, 2018), 266–269. Doctoral Symposium
Stateful applications are based on the state they hold and how it changes over time. This history of state changes is usually discarded as the application progresses. By building on concepts from event processing and storing the application history we envision a novel programming paradigm that supports retroaction. Retroactive computing introduces new opportunities for a developer to access and even modify an application timeline. By enabling the exploration of alternative scenarios, retroactive computing establishes powerful new ways to debug systems and introduces new approaches to solve problems. Initial work has shown the practicality and possibilities of this new programming paradigm and introduces further research questions and challenges.
Agrawal, K., Mehdi, M., Reichert, M., Hauck, F.J., Schlee, W., Probst, T. and Pryss, R. 2018. Towards incentive management mechanisms in the context of crowdsensing technologies based on TrackYour Tinnitus insights. Proc. of the 15th Int. Conf. on Mobile Sys. and Perv. Comp. (MobiSPC) (Gran Canaria, 2018).
The increased use of mobile devices has led to an improvement in the public health care through participatory interventions. For example, patients were empowered to contribute in treatment processes with the help of mobile crowdsourcing and crowdsensing technologies. However, when using the latter technologies, one prominent challenge constitutes a continuous user engagement. Incentive management techniques can help to tackle this challenge by motivating users through rewards and recognition in exchange of task completion. For this purpose, we aim at developing a conceptual framework that can be integrated with existing mHealth mobile crowdsourcing and crowdsensing platforms. The development of this framework is based on insights we obtained from the TrackYourTinnitus (TYT) mobile crowdsensing platform. TYT, in turn, pursues the goal to reveal insights to the moment-to-moment variability of patients suffering from tinnitus. The work at hands presents evaluated data of TYT and illustrates how the results drive the idea of a conceptual framework for an incentive management in this context. Our results indicate that a proper incentive management should play an important role in the context of any mHealth platform that incorporates the idea of the crowd.
Lukaseder, T., Maile, L., Erb, B. and Kargl, F. 2018. SDN-Assisted Network-Based Mitigation of Slow DDoS Attacks. Proceedings of the 14th EAI International Conference on Security and Privacy in Communication Networks. (Singapore, 2018), 102–121.
Slow-running attacks against network applications are often not easy to detect, as the attackers behave according to the specification. The servers of many network applications are not prepared for such attacks, either due to missing countermeasures or because their default configurations ignores such attacks. The pressure to secure network services against such attacks is shifting more and more from the service operators to the network operators of the servers under attack. Recent technologies such as software-defined networking offer the flexibility and extensibility to analyze and influence network flows without the assistance of the target operator. Based on our previous work on a network-based mitigation, we have extended a framework to detect and mitigate slow-running DDoS attacks within the network infrastructure, but without requiring access to servers under attack. We developed and evaluated several identification schemes to identify attackers in the network solely based on network traffic information. We showed that by measuring the packet rate and the uniformity of the packet distances, a reliable identificator can be built, given a training period of the deployment network.
Meißner, E., Erb, B., Kargl, F. and Tichy, M. 2018. retro-λ: An Event-sourced Platform for Serverless Applications with Retroactive Computing Support. Proceedings of the 12th ACM International Conference on Distributed and Event-based Systems (Hamilton, New Zealand, 2018), 76–87. (acceptance rate: 39%)
State changes over time are inherent characteristics of stateful applications. So far, there are almost no attempts to make the past application history programmatically accessible or even modifiable. This is primarily due to the complexity of temporal changes and a difficult alignment with prevalent programming primitives and persistence strategies. Retroactive computing enables powerful capabilities though, including computations and predictions of alternate application timelines, post-hoc bug fixes, or retroactive state explorations. We propose an event-driven programming model that is oriented towards serverless computing and applies retroaction to the event sourcing paradigm. Our model is deliberately restrictive, but therefore keeps the complexity of retroactive operations in check. We introduce retro-λ, a runtime platform that implements the model and provides retroactive capabilites to its applications. While retro-λ only shows negligible performance overheads compared to similar solutions for running regular applications, it enables its users to execute retroactive computations on the application histories as part of its programming model.
Mehdi, M., Mühlmeier, G., Agrawal, K., Pryss, R., Schlee, W. and Hauck, F.J. 2018. Referenceable mobile crowdsensing architecture . Proc. of the 1st Int. Worksh. on Serv. for Mobile Data Coll. (MoDaC) (Gran Canaria, 2018).
Smartphones have become an integral part in life of users, mainly because over the course of recent years, they have become extremely mainstream, cheap, flexible, and they pack high-end hardware that offers high computational capabilities. Many, if not all of today’s smartphones are equipped with sophisticated sensors which enable smart mobile sensing. The programmable nature of these sensors in the smartphones enable a wide array of possibilities to achieve user-centric or environmental sensing. Even though there have been different approaches proposed to develop a smartphone app, platform, design frameworks, APIs, and even application-specific architectures, there is a lack of generalised referenceable architecture in the literature. In this paper, we propose a generic reference architecture, which can be derived to create more concrete mobile sensing or mobile app architectures. Furthermore, we realise the proposed reference architecture in a healthcare use case, specifically in the context of applying smart mobile sensing to support tinnitus research.
Meißner, E., Erb, B. and Kargl, F. 2018. Performance Engineering in Distributed Event-sourced Systems. Proceedings of the 12th ACM International Conference on Distributed and Event-based Systems (Hamilton, New Zealand, 2018), 242–245. (acceptance rate: 39%)
Distributed event-sourced systems adopt a fairly new architectural style for data-intensive applications that maintains the full history of the application state. However, the performance implications of such systems are not yet well explored, let alone how the performance of these systems can be improved. A central issue is the lack of systematic performance engineering approaches that take into account the specific characteristics of these systems. To address this problem, we suggest a methodology for performance engineering and performance analysis of distributed event-sourced systems based on specific measurements and subsequent, targeted optimizations. The methodology blends in well into existing software engineering processes and helps developers to identify bottlenecks and to resolve performance issues. Using our structured approach, we improved an existing event-sourced system prototype and increased its performance considerably.
Erb, B., Meißner, E., Ogger, F. and Kargl, F. 2018. Log Pruning in Distributed Event-sourced Systems. Proceedings of the 12th ACM International Conference on Distributed and Event-based Systems (Hamilton, New Zealand, 2018), 230–233. (acceptance rate: 39%)
Event sourcing is increasingly used and implemented in event-based systems for maintaining the evolution of application state. However, unbounded event logs are impracticable for many systems, as it is difficult to align scalability requirements and long-term runtime behavior with the corresponding storage requirements. To this end, we explore the design space of log pruning approaches suitable for event-sourced systems. Furthermore, we survey specific log pruning mechanisms for event-sourced logs. In a brief evaluation, we point out the trade-offs when applying pruning to event logs and highlight the applicability of log pruning to event-sourced systems.
Erb, B., Meißner, E., Kargl, F., Steer, B.A., Cuadrado, F., Margan, D. and Pietzuch, P. 2018. Graphtides: A Framework for Evaluating Stream-Based Graph Processing Platforms. Proceedings of the 1st ACM SIGMOD Joint International Workshop on Graph Data Management Experiences & Systems (GRADES) and Network Data Analytics (NDA) (Houston, Texas, 2018). (acceptance rate: 38%)
Stream-based graph systems continuously ingest graph-changing events via an established input stream, performing the required computation on the corresponding graph. While there are various benchmarking and evaluation approaches for traditional, batch-oriented graph processing systems, there are no common procedures for evaluating stream-based graph systems. We, therefore, present GraphTides, a generic framework which includes the definition of an appropriate system model, an exploration of the parameter space, suitable workloads, and computations required for evaluating such systems. Furthermore, we propose a methodology and provide an architecture for running experimental evaluations. With our framework, we hope to systematically support system development, performance measurements, engineering, and comparisons of stream-based graph systems.
Lukaseder, T., Stölze, K., Kleber, S., Erb, B. and Kargl, F. 2018. An SDN-based Approach for Defending Against Reflective DDoS Attacks. 2018 IEEE 43th Conference on Local Computer Networks (2018). (acceptance rate: 28%)
Distributed Reflective Denial of Service (DRDoS) attacks are an immanent threat to Internet services. The potential scale of such attacks became apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel services built upon UDP increase the need for automated mitigation mechanisms that react to attacks without prior knowledge of the actual application protocols used. With the flexibility that software-defined networks offer, we developed a new approach for defending against DRDoS attacks; it not only protects against arbitrary DRDoS attacks but is also transparent for the attack target and can be used without assistance of the target host operator. The approach provides a robust mitigation system which is protocol-agnostic and effective in the defense against DRDoS attacks.
Kopp, H.J.G. 2018. A privacy-preserving decentralized storage with payments based on a blockchain. Faculty of Engineering, Computer Science and Psychology, Ulm University. Dissertation.


Nikolov, V., Bonfert, S., Frasch, E. and Hauck, F.J. 2017. Scheduling interactive HPC applications. Proc. of the 8th Int. Real-Time Scheduling Open Problems Seminar (RTSOPS). 15–16.
Nikolov, V., Wesner, S., Frasch, E. and Hauck, F.J. 2017. A hierarchical scheduling model for dynamic soft-realtime systems. Proc. of the 29th Euromicro Conference on Real-Time Systems (ECRTS) (Dubrovnik, Croatia, Jun. 2017).
Erb, B., Meißner, E., Habiger, G., Pietron, J. and Kargl, F. 2017. Consistent Retrospective Snapshots in Distributed Event-sourced Systems. Conference on Networked Systems (NetSys’17) (Göttingen, Germany, Mar. 2017).
An increasing number of distributed, event-based systems adopt an architectural style called event sourcing, in which entities keep their entire history in an event log. Event sourcing enables data lineage and allows entities to rebuild any previous state. Restoring previous application states is a straight-forward task in event-sourced systems with a global and totally ordered event log. However, the extraction of causally consistent snapshots from distributed, individual event logs is rendered non-trivial due to causal relationships between communicating entities. High dynamicity of entities increases the complexity of such reconstructions even more. We present approaches for retrospective and global state extraction of event-sourced applications based on distributed event logs. We provide an overview on historical approaches towards distributed debugging and breakpointing, which are closely related to event log-based state reconstruction. We then introduce and evaluate our approach for non-local state extraction from distributed event logs, which is specifically adapted for dynamic and asynchronous event-sourced systems.
Kopp, H., Mödinger, D., Hauck, F.J., Kargl, F. and Bösch, C. 2017. Design of a Privacy-Preserving Decentralized File Storage with Financial Incentives. IEEE Sec. & Priv. on the Blockch. (aff. w/ EUROCRYPT) (Paris, 2017).
Surveys indicate that users are often afraid to entrust data to cloud storage providers, because these do not offer sufficient privacy. On the other hand, peer-2-peer–based privacy-preserving storage systems like Freenet suffer from a lack of contribution and storage capacity, since there is basically no incentive to contribute own storage capacity to other participants in the network. We address these contradicting requirements by a design which combines a distributed storage with a privacy-preserving blockchain-based payment system to create incentives for participation while maintaining user privacy. By following a Privacy-by-Design strategy integrating privacy throughout the whole system life cycle, we show that it is possible to achieve levels of privacy comparable to state-of-the-art distributed storage technologies, despite integrating a payment mechanism. Our results show that it is possible to combine storage contracts and payments in a privacy-preserving way. Further, our system design may serve as an inspiration for future similar architectures.
Erb, B., Meißner, E., Pietron, J. and Kargl, F. 2017. Chronograph: A Distributed Processing Platform for Online and Batch Computations on Event-sourced Graphs. Proceedings of the 11th ACM International Conference on Distributed and Event-Based Systems (Barcelona, Spain, 2017), 78–87. (acceptance rate: 37%)
Several data-intensive applications take streams of events as a continuous input and internally map events onto a dynamic, graph-based data model which is then used for processing. The differences between event processing, graph computing, as well as batch processing and near-realtime processing yield a number of specific requirements for computing platforms that try to unify theses approaches. By combining an altered actor model, an event-sourced persistence layer, and a vertex-based, asynchronous programming model, we propose a distributed computing platform that supports event-driven, graph-based applications in a single platform. Our Chronograph platform concept enables online and offline computations on event-driven, history-aware graphs and supports different processing models on the evolving graph.
Bradatsch, L., Lukaseder, T. and Kargl, F. 2017. A Testing Framework for High-Speed Network and Security Devices. 2017 IEEE 42nd Conference on Local Computer Networks (LCN) (2017), 506–509.


Seybold, D., Wagner, N., Erb, B. and Domaschka, J. 2016. Is elasticity of scalable databases a Myth? 2016 IEEE International Conference on Big Data (Big Data) (Dec. 2016), 2827–2836. (acceptance rate: 18.7%)
The age of cloud computing has introduced all the mechanisms needed to elastically scale distributed, cloud-enabled applications. At roughly the same time, NoSQL databases have been proclaimed as the scalable alternative to relational databases. Since then, NoSQL databases are a core component of many large-scale distributed applications. This paper evaluates the scalability and elasticity features of the three widely used NoSQL database systems Couchbase, Cassandra and MongoDB under various workloads and settings using throughput and latency as metrics. The numbers show that the three database systems have dramatically different baselines with respect to both metrics and also behave unexpected when scaling out. For instance, while Couchbase's throughput increases by 17% when scaled out from 1 to 4 nodes, MongoDB's throughput decreases by more than 50%. These surprising results show that not all tested NoSQL databases do scale as expected and even worse, in some cases scaling harms performances.
Erb, B. and Kargl, F. 2016. Chronograph: A Distributed Platform for Event-Sourced Graph Computing. Proceedings of the Posters and Demos Session of the 17th International Middleware Conference (Trento, Italy, Dec. 2016), 15–16.
Many data-driven applications require mechanisms for processing interconnected or graph-based data sets. Several platforms exist for offline processing of such data and fewer solutions address online computations on dynamic graphs. We combined a modified actor model, an event-sourced persistence layer, and a vertex-based, asynchronous programming model in order to unify event-driven and graph-based computations. Our distributed chronograph platform supports both near-realtime and batch computations on dynamic, event-driven graph topologies, and enables full history tracking of the evolving graphs over time.
Lukaseder, T., Bradatsch, L., Erb, B. and Kargl, F. 2016. Setting Up a High-Speed TCP Benchmarking Environment - Lessons Learned. 41st Conference on Local Computer Networks (Nov. 2016), 160–163. (acceptance rate: 33%)
There are many high-speed TCP variants with different congestion control algorithms, which are designed for specific settings or use cases. Distinct features of these algorithms are meant to optimize different aspects of network performance, and the choice of TCP variant strongly influences application performance. However, setting up tests to help with the decision of which variant to use can be problematic, as many systems are not designed to deal with high bandwidths, such as 10 Gbps or more. This paper provides an overview of pitfalls and challenges of realistic network analysis to help in the decision making process.
Hauck, F.J., Habiger, G. and Domaschka, J. 2016. UDS: a novel and flexible scheduling algorithm for deterministic multithreading. Proc. of the 35th Int. Symp. on Reliable Distrib. Sys. (SRDS) (Budapest, Hungry, Sep. 2016).
Hauck, F.J. and Domaschka, J. 2016. UDS: a unified approach to determinisitic multithreading. 36th Int. Conf. on Distrib. Comp. Sys. (ICDCS) (Nara, Japan, Jun. 2016).
Habiger, G., Hauck, F.J., Köstler, J. and Reiser, H.P. 2016. Vertikale Skalierung für aktiv replizierte Dienste in Cloud-Infrastrukturen.
Kraft, R., Erb, B., Mödinger, D. and Kargl, F. 2016. Using Conflict-free Replicated Data Types for Serverless Mobile Social Applications. Proceedings of the 8th ACM International Workshop on Hot Topics in Planet-scale mObile Computing and Online Social neTworking (Paderborn, Germany, 2016), 49–54.
A basic reason for backend systems in mobile application architectures is the centralized management of state. Mobile clients synchronize local states with the backend in order to maintain an up-to-date view of the application state. As not all mobile social applications require strong consistency guarantees, we survey an alternative approach using special data structures for mobile applications. These data structures only provide eventual consistency, but allow for conflict-free replication between peers. Our analysis collects the requirements of social mobile applications for being suitable for this approach. Based on exemplary mobile social applications, we also point out the benefits of serverless architecture or architectures with a thin backend layer.
Bösch, C., Erb, B., Kargl, F., Kopp, H. and Pfattheicher, S. 2016. Tales from the dark side: Privacy dark strategies and privacy dark patterns. Proceedings on Privacy Enhancing Technologies. 2016, 4 (2016), 237–254. (acceptance rate: 23,8% for volume 2016)
Privacy strategies and privacy patterns are fundamental concepts of the privacy-by-design engineering approach. While they support a privacy-aware development process for IT systems, the concepts used by malicious, privacy-threatening parties are generally less understood and known. We argue that understanding the “dark side”, namely how personal data is abused, is of equal importance. In this paper, we introduce the concept of privacy dark strategies and privacy dark patterns and present a framework that collects, documents, and analyzes such malicious concepts. In addition, we investigate from a psychological perspective why privacy dark strategies are effective. The resulting framework allows for a better understanding of these dark concepts, fosters awareness, and supports the development of countermeasures. We aim to contribute to an easier detection and successive removal of such approaches from the Internet to the benefit of its users.
Erb, B., Habiger, G. and Hauck, F.J. 2016. On the Potential of Event Sourcing for Retroactive Actor-based Programming. First Workshop on Programming Models and Languages for Distributed Computing (Rome, Italy, 2016), 1–5.
The actor model is an established programming model for distributed applications. Combining event sourcing with the actor model allows the reconstruction of previous states of an actor. When this event sourcing approach for actors is enhanced with additional causality information, novel types of actor-based, retroactive computations are possible. A globally consistent state of all actors can be reconstructed retrospectively. Even retroactive changes of actor behavior, state, or messaging are possible, with partial recomputations and projections of changes in the past. We believe that this approach may provide beneficial features to actor-based systems, including retroactive bugfixing of applications, decoupled asynchronous global state reconstruction for recovery, simulations, and exploration of distributed applications and algorithms.
Meißner, E., Erb, B., van der Heijden, R., Lange, K. and Kargl, F. 2016. Mobile triage management in disaster area networks using decentralized replication. Proceedings of the Eleventh ACM Workshop on Challenged Networks (2016), 7–12. (acceptance rate: 52%)
In large-scale disaster scenarios, efficient triage management is a major challenge for emergency services. Rescue forces traditionally respond to such incidents with a paper-based triage system, but technical solutions can potentially achieve improved usability and data availability. We develop a triage management system based on commodity hardware and software components to verify this claim. We use a single-hop, ad-hoc network architecture with multi-master replication, a tablet-based device setup, and a mobile application for emergency services. We study our system in cooperation with regional emergency services and report on experiences from a field exercise. We show that state-of-the-art commodity technology provides the means necessary to implement a triage management system compatible with existing emergency service procedures, while introducing additional benefits. This work highlights that powerful real-world ad-hoc networking applications do not require unreasonable development effort, as existing tools from distributed systems, such as replicating NoSQL databases, can be used successfully.
Kopp, H., Bösch, C. and Kargl, F. 2016. KopperCoin – A Distributed File Storage with Financial Incentives. Information Security Practice and Experience (Cham, 2016), 79–93.
One of the current problems of peer-to-peer-based file storage systems like Freenet is missing participation, especially of storage providers. Users are expected to contribute storage resources but may have little incentive to do so. In this paper we propose KopperCoin, a token system inspired by Bitcoin's blockchain which can be integrated into a peer-to-peer file storage system. In contrast to Bitcoin, KopperCoin does not rely on a proof of work (PoW) but instead on a proof of retrievability (PoR). Thus it is not computationally expensive and instead requires participants to contribute file storage to maintain the network. Participants can earn digital tokens by providing storage to other users, and by allowing other participants in the network to download files. These tokens serve as a payment mechanism. Thus we provide direct reward to participants contributing storage resources.
Nikolov, V. 2016. A hierarchical scheduling model for dynamic soft-realtime systems. Faculty of Engineering, Computer Science and Psychology, Ulm University. Dissertation.
Lukaseder, T., Bradatsch, L., Erb, B., Van Der Heijden, R.W. and Kargl, F. 2016. A comparison of TCP congestion control algorithms in 10G networks. 41st Conference on Local Computer Networks (2016), 706–714. (acceptance rate: 28%)
The increasing availability of 10G Ethernet network capabilities challenges existing transport layer protocols. As 10G connections gain momentum outside of backbone networks, the choice of appropriate TCP congestion control algorithms becomes even more relevant for networked applications running in environments such as data centers. Therefore, we provide an extensive overview of relevant TCP congestion control algorithms for high-speed environments leveraging 10G. We analyzed and evaluated six TCP variants using a physical network testbed, with a focus on the effects of propagation delay and significant drop rates. The results indicate that of the algorithms compared, BIC is most suitable when no legacy variant is present, CUBIC is suggested otherwise.


Nikolov, V., Hauck, F.J. and Schubert, L. 2015. Ein hierarchisches Scheduling-Modell für unbekannte Anwendungen mit schwankenden Ressourcenanforderungen. Echtzeit und Betriebssysteme (Boppard, Nov. 2015).
Nikolov, V., Hauck, F.J. and Wesner, S. 2015. Assembling a framework for unkown real-time applications with RTSJ. Proc. of the 13th Int. Workshop on Java Techn. for Real-time and Embedded Sys. (Paris, Oct. 2015).
Kächele, S. and Hauck, F.J. 2015. COSCAnet-FT: transparent network support for highly available cloud services. Proceedings of the International Conference of Networked Systems (NetSys) 2015 (Mar. 2015).
Erb, B. 2015. Towards Distributed Processing on Event-sourced Graphs. Ulm University. Doctoral Symposium
The processing of large-scale data sets and streaming data is challenging traditional computing platforms and lacks increasingly relevant features such as data lineage and inherent support for retrospective and predictive analytics. By combining concepts from event processing and graph computing, an Actor-related programming model, and an event-based, time-aware persistence approach into a unified distributed processing solution, we suggest a novel processing approach that embraces the idea of graph-based computing with built-in support for application history.
Frommel, J., Rogers, K., Brich, J., Besserer, D., Bradatsch, L., Ortinau, I., Schabenberger, R., Riemer, V., Schrader, C. and Weber, M. 2015. Integrated Questionnaires: Maintaining Presence in Game Environments for Self-Reported Data Acquisition. Proceedings of the 2015 Annual Symposium on Computer-Human Interaction in Play (London, United Kingdom, 2015), 359–368.
Research in human-computer interaction often requires the acquisition of self-reported data. Particularly concerning serious games, the interaction between the game and the user still holds many unknown aspects, partly due to the user's double role as player and learner. An easy way of collecting data consists of questionnaires, mostly employed in pen-and-paper or electronic form. In order to gather data points during game play, the player is interrupted, potentially causing unintentional side effects. We suggest an integration of questionnaires into games as game elements, in order to mitigate the effects of interruption. A serious game prototype with an integrated survey was implemented, and evaluated regarding its effects on the players' experience of presence.
Nikolov, V., Kempf, K., Hauck, F.J. and Rautenbach, D. 2015. Distributing the Complexity of Schedulability Tests. Proc. of the 21th IEEE Real-Time and Embedded Technology and Applications Symposium (2015).
Erb, B. and Kargl, F. 2015. A Conceptual Model for Event-sourced Graph Computing. Proceedings of the 9th ACM International Conference on Distributed Event-Based Systems (Oslo, Norway, 2015), 352–355.
Systems for highly interconnected application domains are increasingly taking advantage of graph-based computing platforms. Existing platforms employ a batch-oriented computing model and neglect near-realtime processing or temporal analysis. We suggest an extended conceptual model for event-driven computing on graphs. It takes into account the evolution of a graph and enables temporal analyses, processing on previous graph states, and retroactive modifications.


Nikolov, V., Kächele, S. and Hauck, F.J. 2014. CLOUDFARM: An Elastic Cloud Platform with Flexible and Adaptive Resource Management. In Proceedings of the IEEE/ACM 7th International Conference on Utility and Cloud Computing (UCC) (London, Dec. 2014).
Domaschka, J., Hauser, C.B. and Erb, B. 2014. Reliability and Availability Properties of Distributed Database Systems. 18th International Enterprise Distributed Object Computing Conference (Sep. 2014), 226–233. (acceptance rate: 22%)
Distributed database systems represent an essential component of modern enterprise application architectures. If the overall application needs to provide reliability and availability, the database has to guarantee these properties as well. Entailing non-functional database features such as replication, consistency, conflict management, and partitioning represent subsequent challenges for successfully designing and operating an available and reliable database system. In this document, we identify why these concepts are important for databases and classify their design options. Moreover, we survey how eleven modern database systems implement these reliability and availability properties.
Engelmann, F., Lukaseder, T., Erb, B., van der Heijden, R. and Kargl, F. 2014. Dynamic packet-filtering in high-speed networks using NetFPGAs. Third International Conference on Future Generation Communication Technologies (FGCT 2014) (Aug. 2014), 55–59.
Computational power for content filtering in high-speed networks reaches a limit, but many applications as intrusion detection systems rely on such processes. Especially signature based methods need extraction of header fields. Hence we created an parallel protocol-stack parser module on the NetFPGA 10G architecture with a framework for simple adaption to custom protocols. Our measurements prove that the appliance operates at 9.5 Gb/s with a delay in order of any active hop. The work provides the foundation to use for application specific projects in the NetFPGA context.
Erb, B., Kargl, F. and Domaschka, J. 2014. Concurrent Programming in Web Applications. it-Information Technology. 56, 3 (2014), 119–126.
Modern web applications are concurrently used by many users and provide increasingly interactive features. Multi-core processors, highly distributed backend architectures, and new web technologies force a reconsideration of approaches for concurrent programming in order to fulfil scalability demands and to implement modern web application features. We provide a survey on different concepts and techniques of concurrency inside web architectures and guide through viable concurrency alternatives for architects and developers.
Erb, B. and Kargl, F. 2014. Combining Discrete Event Simulations and Event Sourcing. Proceedings of the 7th International ICST Conference on Simulation Tools and Techniques (Lisbon, Portugal, 2014), 51–55.
Discrete event simulations (DES) represent the status quo for many different types of simulations. There are still open challenges, such as designing distributed simulation architectures, providing development and debugging support, or analyzing and evaluating simulation runs. In the area of scalable, distributed application architectures exists an architectural style called event sourcing, which shares the same inherent idea as DES. We believe that both approaches can benefit from each other and provide a comparison of both approaches. Next, we point out how event sourcing concepts can address DES issues. Finally, we suggest a hybrid architecture that allows to mutually execute simulations and real applications, enabling seamless transitions between both.


Kächele, S. and Hauck, F.J. 2013. COSCAnet: virtualized sockets for scalable and flexible PaaS applications. Proceedings of the 6th IEEE/ACM International Conference Utility and Cloud Computing UCC ’13 (USA, Dec. 2013).
Kächele, S., Spann, C., Hauck, F.J. and Domaschka, J. 2013. Beyond IaaS and PaaS: An Extended Cloud Taxonomy for Computation, Storage and Networking. Proceedings of the 6th IEEE/ACM International Conference Utility and Cloud Computing UCC ’13 (USA, Dec. 2013).
Schober, S., Brenner, S., Kapitza, R. and Hauck, F.J. 2013. Bandwidth prediction in the face of asymmetry. Proc. 13th Int. IFIP Conf. on Distrib. Appl. and Interop. Sys. (Florence, Italy, Jun. 2013).
Kächele, S. and Hauck, F.J. 2013. COSCA: a component-based and scalable PaaS platform. Frühjahrstreffen 2013 der Fachgruppe Betriebssysteme, Abstract.
Kächele, S. and Hauck, F.J. 2013. Component-based scalability for cloud applications. Proc of the 3rd Int. Workshop on Cloud Data and Platforms (Prague, Apr. 2013).
Kächele, S. and Hauck, F.J. 2013. COSCA: a PaaS platform for component-based applications. Poster Compendium of EuroSys 2013 Conference (2013).


Nikolov, V., Matousek, M., Rautenbach, D., Draque Penso, L. and Hauck, F.J. 2012. ARTOS: System Model and Optimization Algorithm. Technical Report #VS-R08-2012. Institute of Distributed Systems, University of Ulm.
Hauck, F.J., Kächele, S., Domaschka, J. and Spann, C. 2012. The COSCA PaaS platform: on the way to flexible and dependable cloud computing. Proc. of the 1st European Workshop on Dependable Cloud Computing (New York, NY, USA, 2012), 1:1-1:2.


Kächele, S., Domaschka, J., Schmidt, H. and Hauck, F.J. 2011. nOSGi: a POSIX-compliant native OSGi framework. 5th Int. Conf. on Communication System Software and Middleware (New York, NY, USA, 2011), 4:1-4:2.
Elsholz, J.-P., Fromm, A., Schober, S. and Hauck, F.J. 2011. A unified API for negotiation in multimedia middleware. Technical Report #VS-R19-2011. Institute of Distributed Systems, University of Ulm.
Kächele, S., Domaschka, J. and Hauck, F.J. 2011. <prt>COSCA</prt>: an easy-to-use component-based <prt>PaaS</prt> cloud system for common applications. 1st International Workshop on Cloud Computing Platforms (New York, NY, USA, 2011), 4:1-4:6.


Elsholz, J.-P., Seibel, E. and Hauck, F.J. 2010. RAPIX: a plug-in based RIA for multimedia communication. Technical Report #VS-R08-2010. Institute of Distributed Systems, University of Ulm.


Elsholz, J.-P., Schmidt, H., Schober, S., Hauck, F.J. and Kassler, A.J. 2009. <prt>Instant-X:</prt> Towards a Generic <prt>API</prt> for Multimedia Middleware. IEEE International Conference on Internet Multimedia Systems Architecture and Application (Bangalore, India, Dec. 2009).
The globalisation of our society leads to an increasing need for spontaneous communication. However, the development of such applications is a tedious and error-prone process. This results from the fact that in general only basic functionality is available in terms of protocol implementations and encoders/decoders. This leads to inflexible proprietary software systems implementing unavailable functionality on their own. In this work we introduce Instant-X, a novel component-based middleware platform for multimedia applications. Unlike related work, Instant-X provides a generic programming model with an API for essential tasks of multimedia applications with respect to signalling and data transmission. This API abstracts from concrete component implementations and thus allows replacing specific protocol implementations without changing the application code. Furthermore, Instant-X supports dynamic deployment, i.e., unavailable components can be automatically loaded at runtime. To show the feasibility of our approach we evaluated our Instant-X prototype regarding code complexity and performance.
Erb, B., Elsholz, J.-P. and Hauck, F.J. 2009. Semantic Mashup: Mashing up Information in the Todays World Wide Web - An Overview. Technical Report #VS-R08-2009. Institut für Verteilte Systeme, Universität Ulm.
Nikolov, V., Kapitza, R. and Hauck, F.J. 2009. Recoverable Class Loaders for a Fast Restart of Java Applications. Mobile Networks and Applications. 14, (2009), 53–64.
Schmidt, H., Elsholz, J.-P., Nikolov, V., Hauck, F.J. and Kapitza, R. 2009. OSGi4C: enabling OSGi for the cloud. Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE (New York, NY, USA, 2009), 15:1-15:12.
Elsholz, J.-P., Schmidt, H., Schober, S. and Hauck, F.J. 2009. Instant-X: SOA for Multimedia Communication in NGNs. Technical Report #VS-R11-2009. Institut für Verteilte Systeme, Universität Ulm.
Domaschka, J., Schmidt, H., Hauck, F.J., Kapitza, R. and Reiser, H.P. 2009. dOSGi: An architecture for instant replication. Proc. of the 39th Annual IEEE/IFIP Int. Conf. on Dependable Sys. and Netw., Supplemental Volume (2009).


Domaschka, J., Spann, C. and Hauck, F.J. 2008. Virtual Nodes: a re-configurable replication framework for highly-available grid services. Proceedings of the ACM/IFIP/USENIX Middleware’08 Conference Companion (2008), 107–109.
We present Virtual Nodes, a framework to provide fault-tolerance for grid applications by replicating them over multiple nodes. For the performance of replicated systems it is crucial that the application characteristics and load pattern are taken into account when the replication protocol is selected. For that reason Virtual Nodes offer a wide variety of configuration parameters that allow to fine-tune framework properties to optimise the overall system performance.
Elsholz, J.-P., Hauck, F.J. and Schmidt, H. 2008. Multimediale Datenübertragung. Technical Report #VS-R06-2008. Institut für Verteilte Systeme, Universität Ulm.
Domaschka, J., Bestfleisch, T., Hauck, F.J., Reiser, H.P. and Kapitza, R. 2008. Multithreading strategies for replicated objects. Proc. of the ACM/IFIP/USENIX 9th Int. Middleware Conf. (Berlin, Heidelberg, 2008), 104–123.
Schmidt, H., Elsholz, J.-P. and Hauck, F.J. 2008. Instant-X: a component-based middleware architecture for a generic multimedia API. Companion ’08: Proceedings of the ACM/IFIP/USENIX Middleware ’08 Conference Companion (New York, NY, USA, 2008), 90–92.
Schmidt, H., Aksoy, B., Hauck, F.J. and Kassler, A. 2008. How well does JXTA fit peer-to-peer SIP? IEEE International Conference on Communications–ICC (2008).


Schmidt, H., Dang, C.-T. and Hauck, F.J. 2007. Proxy-based security for the Session Initiation Protocol (SIP). 2nd International Conference on Systems and Networks Communications (Cap Esterel, France, Aug. 2007).
Guenkova-Luy, T., Schmidt, H., Schorr, A., Hauck, F.J. and Kassler, A. 2007. A Session-initiation-protocol-based middleware for multi-application management. IEEE International Conference on Communications (Glasgow, Jun. 2007).
Domaschka, J., Reiser, H.P. and Hauck, F.J. 2007. Towards generic and middleware-independent support for replicated, distributed objects. Proc of the 1st Workshop on Middleware-Application Interaction (New York, NY, USA, 2007), 43–48.
Domaschka, J., Schmied, A.I., Reiser, H.P. and Hauck, F.J. 2007. Revisiting deterministic multithreading strategies. Pro. of the 9th Int. Workshop on Java and Components for Parallelism, Distribution and Concurrency (2007).
Domaschka, J., Schmidt, H. and Hauck, F.J. 2007. Forschungstrends im Bereich Verteilter Systeme. Technical Report #VS-R07-2007. Institut für Verteilte Systeme, Universität Ulm.


Kapitza, R., Domaschka, J., Hauck, F.J. and Reiser, H.P. 2006. FORMI: Integrating Adaptive Fragmented Objects into Java RMI. IEEE Distributed Systems Online. 7, 10 (Oct. 2006).
Reiser, H.P., Hauck, F.J., Kapitza, R. and Schröder-Preikschat, W. 2006. Hypervisor-based redundant execution on a single physical host. Proc. Suppl. Vol. of the 6th European Dependable Comp. Conf. (EDCC). 67–68.
Reiser, H.P., Kapitza, R., Domaschka, J. and Hauck, F.J. 2006. Flexible und adaptive Replikation in verteilter objektbasierter Middleware. Technical Report #VS-R06-2006. Institut für Verteilte Systeme, Universität Ulm.
Reiser, H.P., Kapitza, R., Domaschka, J. and Hauck, F.J. 2006. Fault-tolerant replication based on fragmented objects. Proc. of the 6th IFIP WG 6.1 Int. Conf. on Distrib. Applications and Interoperable Sys. (Berlin, Heidelberg, 2006), 256–271.
Domaschka, J., Hauck, F.J., Reiser, H.P. and Kapitza, R. 2006. Deterministic Multithreading for Java-based Replicated Objects. Proc. of the 18th IASTED Int. Conf. on Parallel and Distributed Computing and Systems (2006), 516–521.
Reiser, H.P., Domaschka, J., Hauck, F.J., Kapitza, R. and Schröder-Preikschat, W. 2006. Consistent replication of multithreaded distributed objects. Proc. of the 25th IEEE Symp. on Reliable Distributed Systems (Washington, DC, USA, 2006), 257–266.


Kapitza, R., Kirstein, M., Schmidt, H. and Hauck, F.J. 2005. FORMI: An RMI extension for adaptive applications. Proc. of the 4th Workshop on Adaptive and Reflective Middleware (Grenoble, France, 2005).


Kapitza, R. and Hauck, F.J. 2003. DLS: a CORBA service for dynamic loading of code. Proc. of the Int. Symp. on Distrib. Obj. and Appl. - DOA (Dec. 2003).
Bindhammer, T., Schmied, A.I. and Hauck, F.J. 2003. Betriebssystem Linux, Proseminar im Sommersemester 2003. Technical Report #VS-R02-2003. Institut für Verteilte Systeme, Universität Ulm.
Schmied, A.I. and Hauck, F.J. 2003. Sicherheit in Verteilten Systemen, Hauptseminare im Sommersemester 2003. Technical Report #VS-R01-2003. Institut für Verteilte Systeme, Universität Ulm.
Reiser, H.P., Hauck, F.J., Kapitza, R. and Schmied, A.I. 2003. Integrating fragmented objects into a CORBA environment. Proc. of the Net.ObjectDAYS (Erfurt, Sep. 2003).

Secretary's Office

Marion Köhler
Lysha Lewis
Phone: +49 731 50-24140
available in the morning
Fax: +49 731 50-24142

Postal Address

Institute of Distributed Systems
Ulm University
Albert-Einstein-Allee 11
89081 Ulm

Visiting Address

Building O27, Room 349
89081 Ulm
Monday, Wednesday and Thursday all day
Tuesday and Friday mornings only.