@inbook{14890, author = {{Kuhlemann, Stefan and Sellmann, Meinolf and Tierney, Kevin}}, booktitle = {{Lecture Notes in Computer Science}}, isbn = {{9783030300470}}, issn = {{0302-9743}}, title = {{{Exploiting Counterfactuals for Scalable Stochastic Optimization}}}, doi = {{10.1007/978-3-030-30048-7_40}}, year = {{2019}}, } @article{14540, author = {{Schryen, Guido and Kliewer, Natalia and Borndörfer, Ralf and Koch, Thorsten}}, journal = {{OR News}}, pages = {{34--35}}, title = {{{High-Performance Business Computing – Parallel Algorithms and Implementations for Solving Problems in Operations Research and Data Analysis}}}, volume = {{65}}, year = {{2019}}, } @inproceedings{5675, abstract = {{When responding to natural disasters, professional relief units are often supported by many volunteers which are not affiliated to humanitarian organizations. The effective coordination of these volunteers is crucial to leverage their capabilities and to avoid conflicts with professional relief units. In this paper, we empirically identify key requirements that professional relief units pose on this coordination. Based on these requirements, we suggest a decision model. We computationally solve a real-world instance of the model and empirically validate the computed solution in interviews with practitioners. Our results show that the suggested model allows for solving volunteer coordination tasks of realistic size near-optimally within short time, with the determined solution being well accepted by practitioners. We also describe in this article how the suggested decision support model is integrated in the volunteer coordination system which we develop in joint cooperation with a disaster management authority and a software development company.}}, author = {{Rauchecker, Gerhard and Schryen, Guido}}, booktitle = {{Proceedings of the 15th International Conference on Information Systems for Crisis Response and Management}}, keywords = {{Coordination of spontaneous volunteers, volunteer coordination system, decision support, scheduling optimization model, linear programming}}, location = {{Rochester, NY, USA}}, title = {{{Decision Support for the Optimal Coordination of Spontaneous Volunteers in Disaster Relief}}}, year = {{2018}}, } @inproceedings{5681, author = {{Prester, Julian and Wagner, Gerit and Schryen, Guido}}, booktitle = {{Proceedings of the 2018 International Conference on Information Systems (ICIS 2018)}}, location = {{San Francisco, CA, USA}}, title = {{{Classifying the Ideational Impact of IS Review Articles: A Natural Language Processing Based Approach}}}, year = {{2018}}, } @book{6164, author = {{Schillinger, Rolf and Schryen, Guido}}, isbn = {{978-3-88246-374-3}}, publisher = {{University of Regensburg}}, title = {{{Security in Highly Connected IT Systems – Results of the Bavarian Research Alliance FORSEC}}}, doi = {{10.5283/epub.36264}}, year = {{2018}}, } @article{5586, abstract = {{The need to protect resources against attackers is reflected by huge information security investments of firms worldwide. In the presence of budget constraints and a diverse set of assets to protect, organizations have to decide in which IT security measures to invest, how to evaluate those investment decisions, and how to learn from past decisions to optimize future security investment actions. While the academic literature has provided valuable insights into these issues, there is a lack of empirical contributions. To address this lack, we conduct a theory-based exploratory multiple case study. Our case study reveals that (1) firms? investments in information security are largely driven by external environmental and industry-related factors, (2) firms do not implement standardized decision processes, (3) the security process is perceived to impact the business process in a disturbing way, (4) both the implementation of evaluation processes and the application of metrics are hardly existent and (5) learning activities mainly occur at an ad-hoc basis.}}, author = {{Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}}, journal = {{Computers & Security}}, keywords = {{Information Security Investments, Multiple Case Study, Organizations, Single Loop Learning, Double Loop Learning}}, pages = {{807 -- 823}}, publisher = {{Elsevier}}, title = {{{Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning}}}, volume = {{77}}, year = {{2018}}, } @inproceedings{5600, author = {{Schuster, Richard and Wagner, Gerit and Schryen, Guido}}, booktitle = {{Proceedings of the 2018 International Conference on Information Systems (ICIS 2018)}}, location = {{San Francisco, CA, USA}}, title = {{{Information Systems Design Science Research and Cumulative Knowledge Development: An Exploratory Study}}}, year = {{2018}}, } @inbook{14856, author = {{Hallmann, Corinna and Burmeister, Sascha Christian and Wissing, Michaela and Suhl, Leena}}, booktitle = {{Communications in Computer and Information Science}}, isbn = {{9783319962702}}, issn = {{1865-0929}}, title = {{{Heuristics and Simulation for Water Tank Optimization}}}, doi = {{10.1007/978-3-319-96271-9_5}}, year = {{2018}}, } @inbook{14861, author = {{Hallmann, Corinna and Kuhlemann, Stefan}}, booktitle = {{Operations Research Proceedings}}, isbn = {{9783319899190}}, issn = {{0721-5924}}, title = {{{Model Generator for Water Distribution Systems}}}, doi = {{10.1007/978-3-319-89920-6_34}}, year = {{2018}}, } @inproceedings{5692, abstract = {{We consider Max-min Share (MmS) fair allocations of indivisible chores (items with negative utilities). We show that allocation of chores and classical allocation of goods (items with positive utilities) have some fundamental connections but also differences which prevent a straightforward application of algorithms for goods in the chores setting and viceversa. We prove that an MmS allocation does not need to exist for chores and computing an MmS allocation - if it exists - is strongly NP-hard. In view of these non-existence and complexity results, we present a polynomial-time 2-approximation algorithm for MmS fairness for chores. We then introduce a new fairness concept called optimal MmS that represents the best possible allocation in terms of MmS that is guaranteed to exist. We use connections to parallel machine scheduling to give (1) a polynomial-time approximation scheme for computing an optimal MmS allocation when the number of agents is fixed and (2) an effective and efficient heuristic with an ex-post worst-case analysis.}}, author = {{Aziz, Haris and Rauchecker, Gerhard and Schryen, Guido and Walsh, Toby}}, booktitle = {{Thirty-First AAAI Conference on Artificial Intelligence (AAAI-17)}}, location = {{San Francisco, CA, USA}}, number = {{1}}, pages = {{1--7}}, title = {{{Algorithms for Max-Min Share Fair Allocation of Indivisible Chores}}}, volume = {{31}}, year = {{2017}}, } @inproceedings{5594, abstract = {{Design science is a fundamental research stream that contends its position in the information systems discipline. While ongoing debates address the relative importance of design science contributions in the information systems community, insights into the scientific impact of design science research (DSR) are missing and this lack of understanding arguably poses challenges to an informed discourse. To identify the most influential papers and those factors that explain their scientific impact, this paper presents an exploratory study of the scientific impact of DSR papers published in the AIS Senior Scholars' Basket of Journals. We uncover the current DSR landscape by taking stock of influential papers and theories and develop a model to explain the scientific impact of DSR papers. Our findings show that scientific impact is significantly explained by theorization and novelty. We discuss how the implications of our work can be projected on the overarching discourse on DSR.}}, author = {{Wagner, Gerit and Prester, Julian and Schryen, Guido}}, booktitle = {{38th International Conference on Information Systems}}, location = {{Seoul, South Korea}}, title = {{{Exploring the Scientific Impact of Information Systems Design Science Research: A Scientometric Study}}}, year = {{2017}}, } @article{5626, author = {{Schryen, Guido and Hristova, Diana}}, journal = {{Smart Data Radar (Deutsche Bank)}}, title = {{{High-Performance Business Computing - Effizienzsteigerung durch Parallelisierung}}}, year = {{2017}}, } @article{5633, abstract = {{Literature reviews (LRs) are recognized for their increasing impact in the information systems literature. Methodologists have drawn attention to the question of how we can leverage the value of LRs to preserve and generate knowledge. The panelists who participated in the discussion of ?Standalone Literature Reviews in IS Research: What Can Be Learnt from the Past and Other Fields?? at ICIS 2016 in Dublin acknowledged this significant issue and debated a) what the IS field can learn from other fields and where IS-specific challenges occur, b) how the IS field should move forward to foster the genre of LRs, and c) what best practices are to train doctoral IS students in publishing LRs. This article reports the key takeaways of this panel discussion. Guidance for IS scholars is provided on how to conduct LRs that contribute to the cumulative knowledge development within and across the IS field to best prepare the next generation of IS scholars.}}, author = {{Schryen, Guido and Benlian, Alexander and Rowe, Frantz and Shirley, Gregor and Larsen, Kai and Petter, Stacie and Par{\'e}, Guy and Wagner, Gerit and Haag, Steffi and Yasasin, Emrah}}, issn = {{1529-3181}}, journal = {{Communications of the AIS}}, keywords = {{Literature Review, Review Methodology, Research Methodology, Doctoral Training}}, pages = {{557 -- 569}}, publisher = {{Association for Information Systems (AIS)}}, title = {{{Literature Reviews in IS Research: What Can Be Learnt from the Past and Other Fields?}}}, volume = {{40}}, year = {{2017}}, } @article{5671, abstract = {{Multi-attribute value theory (MAVT)-based recommender systems have been proposed for dealing with issues of existing recommender systems, such as the cold-start problem and changing preferences. However, as we argue in this paper, existing MAVT-based methods for measuring attribute importance weights do not fit the shopping tasks for which recommender systems are typically used. These methods assume well-trained decision makers who are willing to invest time and cognitive effort, and who are familiar with the attributes describing the available alternatives and the ranges of these attribute levels. Yet, recommender systems are most often used by consumers who are usually not familiar with the available attributes and ranges and who wish to save time and effort. Against this background, we develop a new method, based on a product configuration process, which is tailored to the characteristics of these particular decision makers. We empirically compare our method to SWING, ranking-based conjoint analysis and TRADEOFF in a between-subjects laboratory experiment with 153 participants. Results indicate that our proposed method performs better than TRADEOFF and CONJOINT and at least as well as SWING in terms of recommendation accuracy, better than SWING and TRADEOFF and at least as well as CONJOINT in terms of cognitive load, and that participants were faster with our method than with any other method. We conclude that our method is a promising option to help support consumers' decision processes in e-commerce shopping tasks.}}, author = {{Scholz, Michael and Dorner, Verena and Schryen, Guido and Benlian, Alexander}}, journal = {{European Journal of Operational Research}}, keywords = {{E-Commerce, Recommender System, Attribute Weights, Configuration System, Decision Support}}, number = {{1}}, pages = {{205 -- 215}}, publisher = {{Elsevier}}, title = {{{A configuration-based recommender system for supporting e-commerce decisions}}}, volume = {{259}}, year = {{2017}}, } @inbook{14857, author = {{Beckschäfer, Michaela and Malberg, Simon and Tierney, Kevin and Weskamp, Christoph}}, booktitle = {{Lecture Notes in Computer Science}}, isbn = {{9783319684956}}, issn = {{0302-9743}}, title = {{{Simulating Storage Policies for an Automated Grid-Based Warehouse System}}}, doi = {{10.1007/978-3-319-68496-3_31}}, year = {{2017}}, } @article{5676, author = {{Rauchecker, Gerhard and Schryen, Guido}}, journal = {{Im Einsatz}}, pages = {{44--46}}, publisher = {{Stumpf & Kossendey}}, title = {{{Projekt KUBAS: Koordination ungebundener Vor-Ort-Helfer}}}, volume = {{23}}, year = {{2016}}, } @inproceedings{5595, author = {{Wagner, Gerit and Prester, Julian and Roche, Maria and Benlian, Alexander and Schryen, Guido}}, booktitle = {{International Conference on Information Systems}}, title = {{{Factors Affecting the Scientific Impact of Literature Reviews: A Scientometric Study}}}, year = {{2016}}, } @article{5617, abstract = {{CAPTCHAs are challenge-response tests that aim at preventing unwanted machines, including bots, from accessing web services while providing easy access for humans. Recent advances in artificial-intelligence based attacks show that the level of security provided by many state-of-the-art text-based CAPTCHAs is declining. At the same time, techniques for distorting and obscuring the text, which are used to maintain the level of security, make text-based CAPTCHAs diffcult to solve for humans, and thereby further degrade usability. The need for developing alternative types of CAPTCHAs which improve both, the current security and usability levels, has been emphasized by several researchers. With this study, we contribute to research through (1) the development of two new face recognition CAPTCHAs (Farett-Gender and Farett-Gender&Age), (2) the security analysis of both procedures, and (3) the provision of empirical evidence that one of the suggested CAPTCHAs (Farett-Gender) is similar to Google's reCAPTCHA and better than KCAPTCHA concerning effectiveness (error rates), superior to both regarding learnability and satisfaction but not effciency.}}, author = {{Schryen, Guido and Wagner, Gerit and Schlegel, Alexander}}, journal = {{Computers & Security}}, keywords = {{CAPTCHA, Usability, Facial features, Gender classiffcation, Age classification, Face recognition reverse Turing test}}, number = {{July}}, pages = {{95--116}}, publisher = {{Elsevier}}, title = {{{Development of two novel face-recognition CAPTCHAs: a security and usability study}}}, volume = {{60}}, year = {{2016}}, } @inproceedings{5678, abstract = {{Many academic disciplines - including information systems, computer science, and operations management - face scheduling problems as important decision making tasks. Since many scheduling problems are NP-hard in the strong sense, there is a need for developing solution heuristics. For scheduling problems with setup times on unrelated parallel machines, there is limited research on solution methods and to the best of our knowledge, parallel computer architectures have not yet been taken advantage of. We address this gap by proposing and implementing a new solution heuristic and by testing different parallelization strategies. In our computational experiments, we show that our heuristic calculates near-optimal solutions even for large instances and that computing time can be reduced substantially by our parallelization approach.}}, author = {{Rauchecker, Gerhard and Schryen, Guido}}, booktitle = {{Australasian Conference on Information Systems}}, keywords = {{scheduling, decision support, heuristic, high performance computing, parallel algorithms}}, pages = {{1--13}}, title = {{{High-Performance Computing for Scheduling Decision Support: A Parallel Depth-First Search Heuristic}}}, year = {{2015}}, } @article{5679, abstract = {{Cloud computing promises the flexible delivery of computing services in a pay-as-you-go manner. It allows customers to easily scale their infrastructure and save on the overall cost of operation. However Cloud service offerings can only thrive if customers are satisfied with service performance. Allow-ing instantaneous access and flexible scaling while maintaining the service levels and offering competitive prices poses a significant challenge to Cloud Computing providers. Furthermore services will remain available in the long run only if this business generates a stable revenue stream. To address these challenges we introduce novel policy-based service admission control mod-els that aim at maximizing the revenue of Cloud providers while taking in-formational uncertainty regarding resource requirements into account. Our evaluation shows that policy-based approaches statistically significantly out-perform first come first serve approaches, which are still state of the art. Furthermore the results give insights in how and to what extent uncertainty has a negative impact on revenue.}}, author = {{Püschel, Tim and Schryen, Guido and Hristova, Diana and Neumann, Dirk}}, journal = {{European Journal of Operational Research}}, keywords = {{admission control, informational uncertainty, revenue management, cloud computing}}, number = {{2}}, pages = {{637--647}}, publisher = {{Elsevier}}, title = {{{Revenue Management for Cloud Computing Providers: Decision Models for Service Admission Control under Non-probabilistic Uncertainty}}}, volume = {{244}}, year = {{2015}}, } @inproceedings{5541, author = {{Yasasin, Emrah and Schryen, Guido}}, booktitle = {{23rd European Conference on Information Systems (ECIS 2015)}}, title = {{{Requirements for IT Security Metrics - An Argumentation Theory Based Approach}}}, year = {{2015}}, } @inproceedings{5588, abstract = {{The protection of information technology (IT) has become and is predicted to remain a key economic challenge for organizations. While research on IT security investment is fast growing, it lacks a theoretical basis for structuring research, explaining economic-technological phenomena and guide future research. We address this shortcoming by suggesting a new theoretical model emerging from a multi-theoretical perspective adopt-ing the Resource-Based View and the Organizational Learning Theory. The joint appli-cation of these theories allows to conceptualize in one theoretical model the organiza-tional learning effects that occur when the protection of organizational resources through IT security countermeasures develops over time. We use this model of IT security invest-ments to synthesize findings of a large body of literature and to derive research gaps. We also discuss managerial implications of (closing) these gaps by providing practical ex-amples.}}, author = {{Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}}, booktitle = {{International Conference on Information Systems}}, keywords = {{Information Security, Investment, Literature review, Resource-based View, Organi-zational Learning Theory, Multi-theoretical Perspective}}, title = {{{A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory}}}, year = {{2015}}, } @inproceedings{5589, author = {{Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}}, booktitle = {{23rd European Conference on Information Systems (ECIS 2015)}}, title = {{{IT Security Investments Through the Lens of the Resource-Based View: A new Theoretical Model and Literature Review}}}, year = {{2015}}, } @inproceedings{5590, abstract = {{Nowadays, providing employees with failure-free access to various systems, applications and services is a crucial factor for organizations? success as disturbances potentially inhibit smooth workflows and thereby harm productivity. However, it is a challenging task to assign access rights to employees? accounts within a satisfying time frame. In addition, the management of multiple accounts and identities can be very onerous and time consuming for the responsible administrator and therefore expensive for the organization. In order to meet these challenges, firms decide to invest in introducing an Identity and Access Management System (IAMS) that supports the organization by using policies to assign permissions to accounts, groups, and roles. In practice, since various versions of IAMSs exist, it is a challenging task to decide upon introduction of an IAMS. The following study proposes a first attempt of a decision support model for practitioners which considers four alternatives: Introduction of an IAMS with Role-based Access Control RBAC) or without and no introduction of IAMS again with or without RBAC. To underpin the practical applicability of the proposed model, we parametrize and operationalize it based on a real world use case using input from an expert interview.}}, author = {{Weishäupl, Eva and Kunz, Michael and Yasasin, Emrah and Wagner, Gerit and Prester, Julian and Schryen, Guido and Pernul, Günther}}, booktitle = {{2nd International Workshop on Security in highly connected IT Systems (SHCIS?15)}}, keywords = {{Identity and Access Management, Economic Decision Making, Information Systems, Information Security Investment, Decision Theory}}, title = {{{Towards an Economic Approach to Identity and Access Management Systems Using Decision Theory}}}, year = {{2015}}, } @article{5616, author = {{Schryen, Guido and Weishäupl, Eva}}, journal = {{Managementkompass}}, number = {{2}}, pages = {{17--18}}, publisher = {{Frankfurt Business Media, Der F.A.Z.-Fachverlag}}, title = {{{IT-Sicherheit: Ökonomisch Planen und Bewerten}}}, year = {{2015}}, } @inproceedings{5618, abstract = {{Literature reviews play an important role in the development of knowledge. Yet, we observe a lack of theoretical underpinning of and epistemological insights into how literature reviews can contribute to knowledge creation and have actually contributed in the IS discipline. To address these theoretical and empirical research gaps, we suggest a novel epistemological model of literature reviews. This model allows us to align different contributions of literature reviews with their underlying knowledge conversions - thereby building a bridge between the previously largely unconnected fields of literature reviews and epistemology. We evaluate the appropriateness of the model by conducting an empirical analysis of 173 IS literature reviews which were published in 39 pertinent IS journals between 2000 and 2014. Based on this analysis, we derive an epistemological taxonomy of IS literature reviews, which complements previously suggested typologies.}}, author = {{Schryen, Guido and Wagner, Gerit and Benlian, Alexander}}, booktitle = {{International Conference on Information Systems (ICIS)}}, keywords = {{Literature review, Research methods/methodology, Theory of knowledge}}, title = {{{Theory of Knowledge for Literature Reviews: An Epistemological Model, Taxonomy and Empirical Analysis of IS Literature}}}, year = {{2015}}, } @article{5622, author = {{Schryen, Guido and Rauchecker, Gerhard and Comes, Martina}}, journal = {{Business & Information Systems Engineering (BISE)}}, number = {{4}}, pages = {{243--259}}, publisher = {{Springer}}, title = {{{Resource Planning in Disaster Response - Decision Support Models and Methodologies}}}, volume = {{57}}, year = {{2015}}, } @article{5634, author = {{Schryen, Guido}}, journal = {{Communications of the AIS}}, number = {{Art 12}}, pages = {{286--325}}, publisher = {{Association for Information Systems (AIS); Association for Computing Machinery (ACM)}}, title = {{{Writing qualitative IS literature reviews ? Guidelines for synthesis, interpretation and guidance of research}}}, volume = {{37}}, year = {{2015}}, } @inproceedings{5672, author = {{Rauchecker, Gerhard and Yasasin, Emrah and Schryen, Guido}}, booktitle = {{11th International Conference on Trust, Privacy, and Security in Digital Business (TRUSTBUS)}}, title = {{{A Decision Support System for IT Security Incident Management}}}, year = {{2014}}, } @article{5686, author = {{Fink, Andreas and Kliewer, Natalia and Mattfeld, Dirk and Mönch, Lars and Rothlauf, Franz and Schryen, Guido and Suhl, Leena and Voß, Stefan}}, journal = {{Business & Information Systems Engineering (BISE)}}, number = {{1}}, pages = {{17--24}}, publisher = {{Gabler}}, title = {{{Model-based Decision Support in Manufacturing and Service Networks}}}, volume = {{6}}, year = {{2014}}, } @article{5687, author = {{Fink, Andreas and Kliewer, Natalia and Mattfeld, Dirk and Mönch, Lars and Rothlauf, Franz and Schryen, Guido and Suhl, Lena and Voß, Stefan}}, journal = {{Wirtschaftsinformatik}}, number = {{1}}, pages = {{21--29}}, publisher = {{Gabler}}, title = {{{Modellbasierte Entscheidungsunterstützung in Produktions- und Service-Netzwerken}}}, volume = {{56}}, year = {{2014}}, } @techreport{6197, author = {{Schryen, Guido}}, title = {{{The Epistemological Impact of Literature Reviews in Information Systems Research}}}, year = {{2014}}, } @inproceedings{5573, author = {{Yasasin, Emrah and Rauchecker, Gerhard and Prester, Julian and Schryen, Guido}}, booktitle = {{1st Workshop on Security in highly connected IT systems (SHCIS 14)}}, title = {{{A Fuzzy Security Investment Decision Support Model for Highly Distributed Systems}}}, year = {{2014}}, } @article{5585, author = {{Wex, Felix and Schryen, Guido and Feuerriegel, Stefan and Neumann, Dirk}}, journal = {{European Journal of Operational Research}}, publisher = {{Elsevier}}, title = {{{Emergency Response in Natural Disaster Management: Allocation and Scheduling of Rescue Units}}}, year = {{2014}}, } @article{5614, abstract = {{Natural disasters, including earthquakes, Tsunamis, floods, hurricanes, and volcanic eruptions, have caused tremendous harm and continue to threaten millions of humans and various infrastructure capabilities each year. In their efforts to take countermeasures against the threats posed by future natural disasters, the United Nations formulated the ?Hyogo Framework for Action?, which aims at assessing and reducing risk. This framework and a global review of disaster reduction initiatives of the United Nations acknowledge the need for information systems research contributions in addressing major challenges of natural disaster management. In this paper, we provide a review of the literature with regard to how information systems research has addressed risk assessment and reduction in natural disaster management. Based on the review we identify research gaps that are centered around the need for acquiring general knowledge on how to design IS artifacts for risk assessment and reduction. In order to close these gaps in further research, we develop a research agenda that follows the IS design science paradigm.}}, author = {{Schryen, Guido and Wex, Felix}}, journal = {{International Journal of Information Systems for Crisis Response and Management (IJISCRAM)}}, keywords = {{Natural Disaster Management, Risk Reduction, Hyogo Framework, IS Design Science, Literature review}}, number = {{1}}, title = {{{Risk Reduction in Natural Disaster Management Through Information Systems: A Literature review and an IS design science research agenda}}}, volume = {{6}}, year = {{2014}}, } @article{5627, author = {{Schryen, Guido and Hristova, Diana}}, journal = {{OR -Spectrum}}, number = {{1}}, pages = {{1--48}}, publisher = {{Springer}}, title = {{{Duality in fuzzy linear programming: A survey}}}, volume = {{37}}, year = {{2014}}, } @article{5636, author = {{Schryen, Guido}}, journal = {{Communications of the AIS}}, title = {{{Writing qualitative IS literature reviews ? Guidelines for synthesis, interpretation and guidance of research}}}, year = {{2014}}, } @article{5682, author = {{de Meer, Hermann and Diener, Michael and Herkenhöner, Ralph and Kucera, Markus and Niedermeier, Michael and Reisser, Andreas and Schryen, Guido and Vetter, Michael and Waas, Thomas and Yasasin, Emrah}}, journal = {{PIK - Praxis der Informationsverarbeitung und Kommunikation}}, number = {{3}}, pages = {{153--159}}, publisher = {{de Gruyter}}, title = {{{Sicherheitsherausforderungen in hochverteilten Systemen}}}, volume = {{36}}, year = {{2013}}, } @article{6166, author = {{Wex, Felix and Schryen, Guido}}, journal = {{Blick in die Wissenschaft}}, number = {{28}}, pages = {{27--32}}, title = {{{Effektiver Einsatz von Rettungskräften bei Naturkatastrophen - Modelle und Verfahren zur Entscheidungsunterstützung}}}, year = {{2013}}, } @article{5575, author = {{Wex, Felix and Schryen, Guido and Neumann, Dirk}}, journal = {{International Journal of Information Systems for Crisis Response and Management}}, number = {{4}}, pages = {{63--80}}, publisher = {{IGI Publ.}}, title = {{{Assignments of Collaborative Rescue Units during Emergency Response}}}, volume = {{5}}, year = {{2013}}, } @inproceedings{5576, author = {{Wex, Felix and Schryen, Guido and Neumann, Dirk}}, booktitle = {{Proceedings of the 46th Hawaii International Conference on System Science}}, title = {{{Decision Modeling for Assignments of Collaborative Rescue Units during Emergency Response}}}, year = {{2013}}, } @article{5637, author = {{Schryen, Guido}}, journal = {{European Journal of Information Systems (EJIS)}}, number = {{2}}, pages = {{139--169}}, title = {{{Revisiting IS Business Value Research: What we already know, what we still need to know, and how we can get there}}}, volume = {{22}}, year = {{2013}}, } @inproceedings{5680, author = {{Püschel, Tim and Schryen, Guido and Hristova, Diana and Neumann, Dirk}}, booktitle = {{European Conference on Information Systems}}, title = {{{Cloud Service Revenue Management}}}, year = {{2012}}, } @inproceedings{5683, author = {{Lang, Fabian and Schryen, Guido and Fink, Andreas}}, booktitle = {{International Conference on Information Systems}}, title = {{{Elicitating, modeling, and processing uncertain human preferences for software agents in electronic negotiations: An empirical study}}}, year = {{2012}}, } @article{5688, author = {{Bodenstein, Christian and Schryen, Guido and Neumann, Dirk}}, journal = {{European Journal of Operational Research : EJOR}}, number = {{1}}, pages = {{157--167}}, publisher = {{Elsevier}}, title = {{{Energy-Aware Workload Management Models for Operating Cost Reduction in Data Centers}}}, volume = {{222}}, year = {{2012}}, } @article{5578, author = {{Wex, Felix and Schryen, Guido and Neumann, Dirk}}, journal = {{International Journal of Information Systems for Crisis Response and Management}}, number = {{3}}, pages = {{23--41}}, publisher = {{IGI Publ.}}, title = {{{A Fuzzy Decision Support Model for Natural Disaster Response under Informational Uncertainty}}}, volume = {{4}}, year = {{2012}}, } @inproceedings{5579, author = {{Wex, Felix and Schryen, Guido and Neumann, Dirk}}, booktitle = {{International Conference on Information Systems for Crisis Response and Management (ISCRAM) 2012}}, title = {{{Operational Emergency Response under Informational Uncertainty: A Fuzzy Optimization Model for Scheduling and Allocating Rescue Units}}}, year = {{2012}}, } @inproceedings{5615, author = {{Schryen, Guido and Wex, Felix}}, booktitle = {{45th Hawaii International Conference on System Sciences}}, title = {{{IS Design Thinking in Disaster Management Research}}}, year = {{2012}}, } @article{5638, author = {{Schryen, Guido}}, journal = {{Die Zeit}}, title = {{{Profis im Netz: Soziale Netzwerke könnten in Unternehmen viel mehr Nutzen stiften - woran hakt es?, in: Die Zeit (12.04.2012)}}}, year = {{2012}}, } @article{5639, author = {{Schryen, Guido}}, journal = {{IM Information Management & Consulting}}, publisher = {{Information Multimedia Communication imc}}, title = {{{Soziale Netzwerke in Unternehmenskontexten - Potentiale und Anforderungen, in: Information Management & Consulting, to appear}}}, year = {{2012}}, } @inproceedings{5684, author = {{Lang, Fabian and Schryen, Guido and Fink, Andreas}}, booktitle = {{Proceedings of the 2011 International Conference on Information Systems (ICIS 2011)}}, title = {{{Automated Negotiations Under Uncertain Preferences}}}, year = {{2011}}, } @inproceedings{5689, author = {{Bodenstein, Christian and Schryen, Guido and Neumann, Dirk}}, booktitle = {{Proceedings of the 19th European Conference on Information Systems (ECIS 2011)}}, title = {{{Reducing Datacenter Energy Usage through Efficient Job Allocation}}}, year = {{2011}}, } @inproceedings{5581, author = {{Wex, Felix and Schryen, Guido and Neumann, Dirk}}, booktitle = {{Proceedings of the 8th International Conference on Information Systems for Crisis Response and Management (ISCRAM 2011)}}, title = {{{Intelligent Decision Support for Centralized Coordination during Emergency Response}}}, year = {{2011}}, } @inproceedings{5619, author = {{Schryen, Guido and Volkamer, Melanie and Ries, Sebastian}}, booktitle = {{Proceedings of the 26th Annual ACM Symposium on Applied Computing}}, title = {{{A formal approach towards measuring trust in distributed systems}}}, year = {{2011}}, } @article{5640, author = {{Schryen, Guido}}, journal = {{Communications of the ACM (CACM)}}, number = {{No. 5}}, pages = {{130--139}}, publisher = {{Association for Computing Machinery}}, title = {{{Is open source security a myth? What do vulnerability and patch data say?}}}, volume = {{Vol. 54}}, year = {{2011}}, } @inproceedings{5641, author = {{Schryen, Guido}}, booktitle = {{IS Capabilities Change, and IS Innovation, Proceedings of the 19th European Conference on Information Systems (ECIS 2011), Helsinki}}, title = {{{Seeking the VALUE in IS Business Value Research - An Agenda for investigating Synergies Between Socio-organizational Change, IS Capabilities Change, and IS Innovation}}}, year = {{2011}}, } @inproceedings{5685, abstract = {{In double-sided markets for computing resources an optimal allocation schedule among job offers and requests subject to relevant capacity constraints can be determined. With increasing storage demands and emerging storage services the question how to schedule storage jobs becomes more and more interesting. Since such scheduling problems are often in the class NP-complete an exact computation is not feasible in practice. On the other hand an approximation to the optimal solution can easily be found by means of using heuristics. The problem with this attempt is that the suggested solution may not be exactly optimal and is thus less satisfying. Considering the two above mentioned solution approaches one can clearly find a trade-off between the optimality of the solution and the efficiency to get to a solution at all. This work proposes to apply and combine heuristics in optimization to gain from both of their benefits while reducing the problematic aspects. Following this method it is assumed to get closer to the optimal solution in a shorter time compared to a full optimization.}}, author = {{Finkbeiner, Josef and Bodenstein, Christian and Schryen, Guido and Neumann, Dirk}}, booktitle = {{18th European Conference on Information Systems (ECIS 2010)}}, keywords = {{Decision Support System, Algorithms, Optimization, Market Engineering}}, title = {{{Applying heuristic methods for job scheduling in storage markets}}}, year = {{2010}}, } @inproceedings{5690, abstract = {{In a world, where more and more businesses seem to trade in an online market, the supply of online services to supply the ever-growing demand could quickly reach its capacity limits. Online service providers may find themselves maxed out at peak operation levels during high-traffic timeslots but too little demand during low-traffic timeslots, although the latter is becoming less frequent. At this point not only deciding which user is allocated what level of service becomes essential, but also the magnitude of the service provided, can be controlled by pricing. Pricing is an important factor when efficient and acceptable allocation of resources between individuals must be reached. Without prices, transferring or sharing goods would be impossible. In sharing information, pricing a product however is not as simple as relatively pricing an apple or a pear. Often the costs, and hence the prices are simply unknown. Backed by this scenario, the online services market could be combined with the market design mechanism of diamonds. For this we propose an ultimatum pricing strategy which effectively allows for valuations to be accounted for, but no longer a necessity when pricing in grid, cloud or other online computing environments.}}, author = {{Bodenstein, Christian and Schryen, Guido and Neumann, Dirk}}, booktitle = {{18th European Conference on Information Systems (ECIS 2010)}}, keywords = {{Posted Price, Ultimatum Game, Energy Efficiency, Mechanism Design}}, title = {{{From "Take-it-or-leave-it" offers to "Take-it-or-be-left-out" Ultimatum - A trade mechanism for Online Services}}}, year = {{2010}}, } @inproceedings{5598, abstract = {{Emerging digital environments and infrastructures, such as distributed services and computing services, have generated new options of communication, information sharing, and resource utilization in past years. Different distributed trust concepts are applied to increase trust in such systems. However, these concepts yield to rather complex architectures which make it difficult to determine which component or system needs to be trusted. This paper presents a novel trust measurement method for distributed systems which enables the t identification of weak points in the overall system architecture. The measurement method includes the specification of a formal trust language and its representation by means of propositional logic formulas. The applicability of the proposed concepts is demonstrated by conducting a case study on the Internet voting system that was used in the 2007 parliamentary elections in Estonia.}}, author = {{Volkamer, Melanie and Schryen, Guido}}, booktitle = {{Proceedings of the 23rd Bled eConference}}, keywords = {{distributed trust concepts, measuring etrust, Internet voting}}, title = {{{Measuring eTrust in distributed systems - General Concept and Application to Internet Voting}}}, year = {{2010}}, } @inproceedings{5631, abstract = {{While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments and the development of models is still weak. Addressing this research gap, this paper presents the first comprehensive empirical investigation of published vulnerabilities and patches of 17 widely deployed open source and closed source software packages, including operating systems, database systems, web browsers, email clients, and office systems. The empirical analysis uses comprehensive vulnerability data contained in the NIST National Vulnerability Database and a newly compiled data set of vulnerability patches. The results suggest that it is not the particular software development style that determines the severity of vulnerabilities and vendors? patching behavior, but rather the specific application type and the policy of the particular development community, respectively.}}, author = {{Schryen, Guido and Eliot, Rich}}, booktitle = {{43rd Annual Hawaii International Conference on System Sciences}}, title = {{{Increasing software security through open source or closed source development? Empirics suggest that we have asked the wrong question}}}, year = {{2010}}, } @inproceedings{5632, abstract = {{Enduring doubts about the value of IS investments reveal that IS researchers have not fully managed to identify and to explain the economic benefits of IS. Three research tasks are essential requisites on the path towards addressing this criticism: the synthesis of knowledge, the identification of lack of knowledge, and the proposition of paths for closing knowledge gaps. This paper considers each of these tasks by a) synthesizing key research findings based on a comprehensive literature review, b) identifying and unfolding key limitations of current research, and c) applying a decision-theoretic perspective, which opens new horizons to IS business value research and shows paths for overcoming the limitations. The adoption of this perspective results in a decision-theoretic foundation of IS business value research and includes the proposition of a consistent terminology and a research model that frames further research.}}, author = {{Schryen, Guido and Bodenstein, Christian}}, booktitle = {{Proceedings of the 18th European Conference on Information Systems (ECIS 2010)}}, keywords = {{Decision theory, IT value, IS assessment, IS evaluation}}, title = {{{A decision-theoretic foundation of IS business value research}}}, year = {{2010}}, } @inproceedings{5642, abstract = {{This paper presents a fuzzy set based decision support model for taking uncertainty into account when making security investment decisions for distributed systems. The proposed model is complementary to robabilistic approaches and useful in situations where probabilistic information is either unavailable or not appropriate to reliably predict future conditions. We ?rst present the speci?cation of a formal security language that allows to specify under which conditions a distributed system is protected against security violations. We show that each term of the security language can be transformed into an equivalent propositional logic term. Then we use propositional logic terms to de?ne a fuzzy set based decision model. This optimization model incorporates uncertainty with regard to the impact of investments on the achieved security levels of components of the distributed system. The model also accounts for budget and security constraints, in order to be applicable in practice.}}, author = {{Schryen, Guido}}, booktitle = {{Sicherheit 2010 : Sicherheit, Schutz und Zuverl{\"a}ssigkeit ; Konferenzband der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f{\"u}r Informatik e.V. (GI), 5. - 7. Oktober 2010 in Berlin}}, editor = {{C. Freiling, Felix}}, pages = {{289--304}}, publisher = {{Gesellschaft für Informatik}}, title = {{{A Fuzzy Model for IT Security Investments}}}, volume = {{170}}, year = {{2010}}, } @inproceedings{5643, abstract = {{Enduring doubts about the value of IS investments reveal that IS researchers have not fully managed to identify and to explain the economic benefits of IS. This paper assumes that literature reviews, which represent a powerful instrument for the identification and synthesis of knowledge, have not tapped their full potential to address this issue due to deficiencies in methodology. The analysis of 18 literature reviews published in pertinent academic outlets during the past 20 years shows such deficiencies. Two of the most critical weaknesses identified are (1) the lack of theory use in most reviews and (2) a weak linkage of reviews, resulting in little progress in theory and framework development. The systematic identification of these weaknesses and the extraction of promising methodological examples from past literature are the main contributions of this work, which supports the composition of more effective literature reviews in future research.}}, author = {{Schryen, Guido}}, booktitle = {{Proceedings of the First Scandinavian Conference on Information Systems (SCIS)}}, keywords = {{Literature review, Business value, Information systems, Methodology, Theory}}, title = {{{An Analysis of Literature Reviews on IS Business Value: How Deficiencies in Methodology and Theory Use Resulted in Limited Effectiveness}}}, year = {{2010}}, } @article{5644, abstract = {{The economic relevance of information systems has been studied for many years and has attracted an abundance of research papers. However, the ?productivity paradoxon? of the 90s, Carr?s widely recognized paper ?IT doesn?t matter?, and several studies that do not find a positive correlation between IS investments and economic performance reveal long-lasting difficulties for IS researchers to explain ?IS business value?. Business executives and researchers also continue to question the value of IS investments. This raises the question of whether literature reviews have tapped their potential to address the concerns by covering key research areas of IS business value and preserving their key findings. In order to address this question, this paper identifies and describes 12 key research areas, and synthesizes what literature reviews published in pertinent academic outlets have done to preserve knowledge. The analysis of 22 literature reviews shows that some crucial areas have not been (sufficiently) covered. They provide fertile areas for future literature reviews. As this work is based on the results of more than 200 research papers, it is capable of drawing a comprehensive picture of the current state-of-the-art in IS business value research.}}, author = {{Schryen, Guido}}, journal = {{Business \& Information Systems Engineering (BISE)}}, keywords = {{Business value, Information systems, Literature review, Meta review}}, number = {{4}}, pages = {{225--237}}, publisher = {{Springer}}, title = {{{Preserving knowledge on IS business value: what literature reviews have done}}}, volume = {{52}}, year = {{2010}}, } @article{5645, abstract = {{The economic relevance of information systems has been studied for many years and has attracted an abundance of research papers. However, the ?productivity paradoxon? of the 1990s, Carr?s widely recognized paper ?IT doesn?t matter?, and several studies that do not find a positive correlation between IS investments and economic performance reveal long-lasting difficulties for IS researchers to explain ?IS business value?. Business executives and researchers also continue to question the value of IS investments. This raises the question of whether literature reviews have tapped their potential to address the concerns by covering key research areas of IS business value and preserving their key findings. In order to address this question, this paper identifies and describes 12 key research areas, and synthesizes what literature reviews published in pertinent academic outlets have done to preserve knowledge. The analysis of 22 literature reviews shows that some crucial areas have not been (sufficiently) covered. They provide fertile areas for future literature reviews. As this work is based on the results of more than 200 research papers, it is capable of drawing a comprehensive picture of the current state-of-the-art in IS business value research.}}, author = {{Schryen, Guido}}, journal = {{Wirtschaftsinformatik}}, number = {{4}}, pages = {{225--237}}, publisher = {{Gabler; Springer}}, title = {{{Ökonomischer Wert von Informationssystemen - Beitrag von Literatur-Reviews zum Wissenserhalt ( = Preserving Knowledge on IS Business Value. What Literature Reviews Have Done)}}}, volume = {{52}}, year = {{2010}}, } @inproceedings{5597, abstract = {{Der Beitrag diskutiert die kontroversen Ans{\"a}tze ? Verifizierung versus Evaluation/Zertifizierung ? zur Sicherung elektronischer Wahlen mit Wahlger{\"a}ten. Dabei spielt das Urteils des Bundesverfassungsgerichts [BVG099] eine zentrale Rolle. Hierin wird entschieden, dass die Zertifizierung des Wahlger{\"a}tes nicht ausreicht und es werden Verifizierungsfunktionen gefordert, die den W{\"a}hlern die M{\"o}glichkeit geben sich von der Integrit{\"a}t des Wahlergebnisses zu {\"u}berzeugen. Der Beitrag zeigt auf, dass auch mit der Implementierung entsprechender Verifizierungsfunktionen nicht auf Zertifizierung verzichtet werden kann, da an ein Wahlger{\"a}t auch andere Anforderungen wie etwa hinsichtlich des Wahlgeheimnisses gestellt werden. Es wird au{\ss}erdem die Frage diskutiert, warum der Zertifizierung hinsichtlich dieser zus{\"a}tzlichen Anforderungen vertraut werden kann, w{\"a}hrend dies nicht der Fall bei der Integrit{\"a}tsanforderung ist.}}, author = {{Volkamer, Melanie and Schryen, Guido and Langer, Lucie and Schmidt, Axel and Buchmann, Johannes}}, booktitle = {{Workshop Elektronische Wahlen, elektronische Teilhabe, Societyware, 39th GI-Jahrestagung}}, title = {{{Elektronische Wahlen: Verifizierung vs. Zertifizierung}}}, year = {{2009}}, } @article{5621, abstract = {{Remote voting through the Internet provides convenience and access to the electorate. At the same time, the security concerns facing any distributed application are magnified when the task is so crucial to democratic society. In addition, some of the electoral process loses transparency when it is encapsulated in information technology. In this paper, we examine the public record of three recent elections that used Internet voting. Our specific goal is to identify any potential flaws that security experts would recognize, but may have not been identified in the rush to implement technology. To do this, we present a multiple exploratory case study, looking at elections conducted between 2006 and 2007 in Estonia, Netherlands, and Switzerland. These elections were selected as particularly interesting and accessible, and each presents its own technical and security challenges. The electoral environment, technical design and process for each election are described, including reconstruction of details which are implied but not specified within the source material. We found that all three elections warrant significant concern about voter security, verifiability, and transparency. Usability, our fourth area of focus, seems to have been well-addressed in these elections. While our analysis is based on public documents and previously published reports, and therefore lacking access to any confidential materials held by electoral officials, this comparative analysis provides interesting insight and consistent questions across all these cases. Effective review of Internet voting requires an aggressive stance towards identifying potential security and operational flaws, and we encourage the use of third party reviews with critical technology skills during design, programming, and voting to reduce the changes of failure or fraud that would undermine public confidence.}}, author = {{Schryen, Guido and Rich, Eliot}}, journal = {{IEEE Transactions on Information Forensics \& Security}}, keywords = {{e-voting, Internet voting, Internet election, security, verifiability, RIES, Estonia, Neuch{\^a}tel}}, number = {{4 Part}}, pages = {{729--744}}, publisher = {{IEEE}}, title = {{{Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland}}}, volume = {{4}}, year = {{2009}}, } @inproceedings{5625, abstract = {{The increasing availability and deployment of open source software in personal and commercial environments makes open source software highly appealing for hackers, and others who are interested in exploiting software vulnerabilities. This deployment has resulted in a debate ?full of religion? on the security of open source software compared to that of closed source software. However, beyond such arguments, only little quantitative analysis on this research issue has taken place. We discuss the state-of-the-art of the security debate and identify shortcomings. Based on these, we propose new metrics, which allows to answer the question to what extent the review process of open source and closed source development has helped to fix vulnerabilities. We illustrate the application of some of these metrics in a case study on OpenOffice (open source software) vs. Microsoft Office (closed source software).}}, author = {{Schryen, Guido and Kadura, Rouven}}, booktitle = {{24th Annual ACM Symposium on Applied Computing}}, keywords = {{Open source software, Closed source software, Security, Metrics}}, title = {{{Open Source vs. Closed Source Software: Towards Measuring Security}}}, year = {{2009}}, } @inproceedings{5646, abstract = {{While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments is still weak. Addressing this research gap, this paper presents a comprehensive empirical investigation of the patching behavior of software vendors/communities of widely deployed open source and closed source software packages, including operating systems, database systems, web browsers, email clients, and office systems. As the value of any empirical study relies on the quality of data available, this paper also discusses in detail data issues, explains to what extent the empirical analysis can be based on vulnerability data contained in the NIST National Vulnerability Database, and shows how data on vulnerability patches was collected by the author to support this study. The results of the analysis suggest that it is not the particular software development style that determines patching behavior, but rather the policy of the particular software vendor.}}, author = {{Schryen, Guido}}, booktitle = {{5th International Conference on IT Security Incident Management \& IT Forensics}}, title = {{{A comprehensive and comparative analysis of the patching behavior of open source and closed source software vendors}}}, year = {{2009}}, } @inproceedings{5647, abstract = {{Reviewing literature on open source and closed source security reveals that the discussion is often determined by biased attitudes toward one of these development styles. The discussion specifically lacks appropriate metrics, methodology and hard data. This paper contributes to solving this problem by analyzing and comparing published vulnerabilities of eight open source software and nine closed source software packages, all of which are widely deployed. Thereby, it provides an extensive empirical analysis of vulnerabilities in terms of mean time between vulnerability disclosures, the development of disclosure over time, and the severity of vulnerabilities, and allows for validating models provided in the literature. The investigation reveals that (a) the mean time between vulnerability disclosures was lower for open source software in half of the cases, while the other cases show no differences, (b) in contrast to literature assumption, 14 out of 17 software packages showed a significant linear or piecewise linear correlation between time and the number of published vulnerabilities, and (c) regarding the severity of vulnerabilities, no significant differences were found between open source and closed source.}}, author = {{Schryen, Guido}}, booktitle = {{15th Americas Conference on Information Systems}}, keywords = {{Vulnerabilities, security, open source software, closed source software, empirical comparison}}, title = {{{Security of open source and closed source software: An empirical comparison of published vulnerabilities}}}, year = {{2009}}, } @article{5648, author = {{Schryen, Guido}}, journal = {{Linux Technical Review}}, number = {{7}}, publisher = {{Linux New Media AG}}, title = {{{Effektivität und Effizienz von Anti-Spam-Maßnahmen}}}, year = {{2008}}, } @inproceedings{5649, abstract = {{The Estonian parliamentary election in 2007 is regarded as a success story of large-scale Internet elections. I use this election in a single case study on practical security to show that low quality of security and its management does not necessarily prevent large-scale Internet elections from being conducted. I also provide research propositions with regard to future challenges for large-scale Internet elections.}}, author = {{Schryen, Guido}}, booktitle = {{7th Workshop on e-Business (WEB 2008, AIS Special Interest Group on E-Business)}}, keywords = {{Internet voting, large-scale election, Estonian parliamen- tary election, security, security management}}, title = {{{Practical Security of Large-scale Elections: An Exploratory Case Study of Internet Voting in Estonia}}}, year = {{2008}}, } @techreport{6287, abstract = {{Spamming remains a form of Internet abuse, which burdens the Internet infrastructure, is generally regarded as an annoyance, and is said to cause a huge economic harm. Many technological, organizational, and legislative anti-spam measures have already been proposed and implemented, but have not led to any substantial decrease in the number of spam e-mails. We propose a scalable and flexible infrastructure framework that integrates several anti-spam measures and that features both a technological and an organizational facet. The key element of our infrastructure is a new organizational unit that reliably and transparently limits the number of e-mails that can be sent per day and per account. We also analyze the proposed framework in terms of its theoretical effectiveness, the required resources, and its limitations.}}, author = {{Schryen, Guido}}, keywords = {{Email, Infrastructure, Internet, Spam}}, title = {{{Preventing E-mail Spam: The Conceptualization and the Analysis of an Infrastructure Framework}}}, year = {{2007}}, } @inbook{5650, author = {{Schryen, Guido}}, booktitle = {{Proceedings of IPSI International Conference on Advances in the Internet, Processing, Systems, and Interdisciplinary Research}}, editor = {{Satesh, D. and Prabhakar, R.}}, pages = {{55--64}}, publisher = {{ICFAI University Press}}, title = {{{A Scalable and Flexible Infrastructure Framework For Addressing Spam}}}, year = {{2007}}, } @book{5651, author = {{Schryen, Guido}}, publisher = {{Springer}}, title = {{{Anti-Spam Measures: Analysis and Design}}}, year = {{2007}}, } @article{5652, abstract = {{More than half of world-wide e-mail traffic ? an estimated total of several billion e-mails per day ? consists of spam. This is becoming a considerable disturbance to telecommunications. Spam is also closely related to other kinds of cyber crime as it possibly contains malicious software or is pursuing some kind of fraudulent aim, such as phishing. Besides technical and organizational measures, many countries have introduced anti-spam legislation. However, today's world-wide legislative coverage of spam is heterogeneous, and its effectiveness is controversially discussed. This article describes important parameters by which anti-spam legislation can vary and gives an overview and analysis of world-wide anti-spam legislation, including the European Directive 2002/58/EC, the U.S. CANSPAM Act of 2003, and international cooperation, such as the London Action Plan. The article then proceeds to discuss the effectiveness of current laws, and it identifies problems resulting from the fact that an international phenomenon is being addressed by national legislation. Finally, the article presents suggestions for overcoming some of these problems.}}, author = {{Schryen, Guido}}, journal = {{Information and Communications Technology Law}}, number = {{1}}, pages = {{17--32}}, publisher = {{Taylor \& Francis}}, title = {{{Anti-spam legislation: An analysis of laws and their effectiveness}}}, volume = {{16}}, year = {{2007}}, } @inbook{5653, author = {{Schryen, Guido}}, booktitle = {{Spam: An Introduction}}, editor = {{Satesh, D. and Prabhakar, R.}}, pages = {{41--57}}, publisher = {{ICFAI University Press}}, title = {{{Approaches Addressing Spam}}}, year = {{2007}}, } @inproceedings{5654, abstract = {{Spamming remains a form of Internet abuse, which burdens the Internet infrastructure, is generally regarded as an annoyance, and is said to cause economic harm to the tune of about several billion US\$ per year. Many technological, organizational, and legislative anti-spam measures have already been proposed and implemented, but have not led to any substantial decrease in the number of spam e-mails. We propose here a new infrastructure framework that combines several anti-spam measures in a framework that features both a technological and an organizational facet. The key element of our infrastructure is a new organizational unit that reliably and transparently limits he number of e-mails that can be sent per day and per account. This paper first gives an overview of the framework, then it provides technological and organizational details of the infrastructure, the deployment of which depends to a large degree on its acceptance and propagation by the ICANN, the ISOC, and by large e-mail service providers. Finally, the paper discusses the limitations and drawbacks of the proposed framework.}}, author = {{Schryen, Guido}}, booktitle = {{40th Annual Hawaii International Conference on System Sciences}}, title = {{{Armed for the spam battle - a technological and organizational infrastructure framework}}}, year = {{2007}}, } @article{5655, abstract = {{Spam e-mails have become a serious technological and economic problem. Up to now, by deploying complementary anti-spam measures, we have been reasonably able to withstand spam e-mails and use the Internet for regular communication. However, if we are to avert the danger of losing the Internet e-mail service in its capacity as a valuable, free and worldwide medium of open communication, anti-spam activities should be performed more systematically than is currently the case regarding the mainly heuristic, anti-spam measures in place. A formal framework, within which the existing delivery routes that a spam e-mail may take, and anti-spam measures and their effectiveness can be investigated, will perhaps encourage a shift in methodology and pave the way for new, holistic anti-spam measures. This paper presents a model of the Internet e-mail infrastructure as a directed graph and a deterministic finite automaton and draws on automata theory to formally derive the spam delivery routes. The most important anti-spam measures are then described. Methods controlling only specific delivery routes are evaluated in terms of how effectively they cover the modeled e-mail infrastructure; methods operating independently of any particular routes receive a more general assessment.}}, author = {{Schryen, Guido}}, journal = {{The Journal of Information Systems Security (AIS Special Interest Group in Security)}}, keywords = {{e-mail, spam, e-mail infrastructure, anti-spam measures, spamming options}}, number = {{2}}, pages = {{66--90}}, title = {{{Do anti-spam measures effectively cover the e-mail communication network? A formal approach}}}, volume = {{3}}, year = {{2007}}, } @inbook{5656, author = {{Schryen, Guido}}, booktitle = {{Vom LAN zum Kommunikationsnetz - Systeme und Applikationen}}, editor = {{Schulte, Heinz}}, publisher = {{Interest-Verlag}}, title = {{{Location Based Services}}}, year = {{2007}}, } @inbook{5657, author = {{Schryen, Guido}}, booktitle = {{Vom LAN zum Kommunikationsnetz - Systeme und Applikationen, Edition 02/2007}}, editor = {{Schulte, Heinz}}, publisher = {{Interest-Verlag}}, title = {{{Spam-Emails}}}, volume = {{9/12}}, year = {{2007}}, } @article{5658, abstract = {{Email communication is encumbered with a mass of email messages which their recipients have neither requested nor require. Even worse, the impacts of these messages are far from being simply an annoyance, as they also involve economic damage. This manuscript examines the resource ?email addresses?, which is vital for any potential bulk mailer and spammer. Both a methodology and a honeypot conceptualization for implementing an empirical analysis of the usage of email addresses placed on the Internet are proposed here. Their objective is to assess, on a quantitative basis, the extent of the current harassment and its development over time. This ?framework? is intended to be extensible to measuring the effectiveness of address-obscuring techniques. The implementation of a pilot honeypot is described, which led to key findings, some of them being: (1) Web placements attract more than two-thirds (70\%) of all honeypot spam emails, followed by newsgroup placements (28.6\%) and newsletter subscriptions (1.4\%), (2) the proportions of spam relating to the email addresses? top-level domain can be statistically assumed to be uniformly distributed, (3) More than 43\% of addresses on the web have been abused, whereas about 27\% was the case for addresses on newsgroups and only about 4\% was the case for addresses used for a newsletter subscription, (4) Regarding the development of email addresses? attractiveness for spammers over time, the service ?web sites? features a negative linear relationship, whereas the service ?Usenet? hows a negative exponential relationship. (5) Only 1.54\% of the spam emails showed an interrelation between the topic of the spam email and that of the location where the recipient?s address was placed, so that spammers are assumed to send their emails in a ?context insensitive? manner. The results of the empirical analysis motivate the need for the protection of email addresses through obscuration. We analyze this need by formulating requirements for address obscuring techniques and we reveal to which extent today?s most relevant approaches fulfill these requirements.}}, author = {{Schryen, Guido}}, journal = {{Computers & Security}}, keywords = {{Address-obfuscating techniques, email, empirical analysis, honeypot, security by design, security by obscurity, spam}}, number = {{5}}, pages = {{361--372}}, publisher = {{Elsevier}}, title = {{{The Impact that Placing Email Addresses on the Internet has on the Receipt of Spam ? An Empirical Analysis}}}, volume = {{2}}, year = {{2007}}, } @inproceedings{5659, abstract = {{Spam e-mails have become a serious technological and economic problem. So far we have been reasonably able to resist spam e-mails and use the Internet for regular communication by deploying complementary anti-spam approaches. However, if we are to avert the danger of losing the Internet email service as a valuable, free, and worldwide medium of open communication, anti-spam activities should be performed more systematically than is done in current, mainly heuristic, anti-spam approaches. A formal framework within which the modes of spam delivery, anti-spam approaches, and their effectiveness can be investigated, may encourage a shift in methodology and pave the way for new, holistic anti-spam approaches. This paper presents a model of the Internet e-mail infrastructure as a directed graph and a deterministic finite automaton, and draws on automata theory to formally derive the modes of spam delivery possible. Finally the effectiveness of anti-spam approaches in terms of coverage of spamming modes is assessed.}}, author = {{Schryen, Guido}}, booktitle = {{39th Annual Hawaii International Conference on System Sciences}}, title = {{{A formal approach towards assessing the effectiveness of anti-spam procedures}}}, year = {{2006}}, } @article{5660, author = {{Schryen, Guido}}, journal = {{IATAC IAnewsletter}}, number = {{3}}, pages = {{22--25}}, publisher = {{United States Department of Defense}}, title = {{{A honeypot for the exploration of spammers' behaviour}}}, volume = {{8}}, year = {{2005}}, } @inproceedings{5661, abstract = {{Spam has become one of the most annoying and costly phenomenon in the Internet. Valid e-mail addresses belong to the most valuable resources of spammers, but little is known about spammers? behavior when collecting and harvesting addresses and spammers? capabilities and interest in carefully directed, consumer-oriented marketing have not been explored yet. Gaining insight into spammers? ways to obtain and (mis)use e-mail addresses is useful in many ways, e.g. for the assessment of the effectiveness of address obscuring techniques and the usability and necessity of hiding e-mail addresses on the Internet. This paper presents a spam honeypot project in progress addressing these issues by systematically placing e-mail addresses in the Internet and analyzing received e-mails. The honeypot?s conceptual framework, its implementation, and first empirical results are presented. Finally, an outlook on further work and activities is provided.}}, author = {{Schryen, Guido}}, booktitle = {{Proceedings of the 6th IEEE Information Assurance Workshop}}, keywords = {{Spam, ham, e-mail, honeypot, address obscuring technique, address taxonomy}}, pages = {{37--41}}, publisher = {{Westpoint}}, title = {{{An e-mail honeypot addressing spammers' behavior in collecting and applying addresses}}}, year = {{2005}}, } @inproceedings{5765, abstract = {{Voting via the Internet has become a feasible option for political as well as non-political ballots. However, there are many obstacles which have to be overcome, especially legal restrictions have to be transformed into technical and security solutions. The article starts with a brief presentation of advantages and disadvantages of Internet ballots and presents application fields and pilot schemes. Then, technological security aspects are derived due to democratic basic principles. Especially the applied voting procedures are critical in security terms. Hence, the most relevant cryptographic protocols are presented and their drawbacks and shortcomings are identified. However, this article does not propose a new voting protocol. Beyond fixing cryptographic procedures for ballots, more elements are to be specified, e.g. responsibilities and rights of involved authorities or security precautions regarding hardware and software. For this reason, a structural security framework for electronic voting systems is presented which can be used for their composition and analysis.}}, author = {{Schryen, Guido}}, booktitle = {{37th Annual Hawaii International Conference on System Sciences}}, title = {{{Security Aspects of Internet Voting}}}, year = {{2004}}, } @article{5662, abstract = {{Spam als unerwünschte Massen-E-Mail hat die Grenze von der Belästigung zur ökonomischen Relevanz längst überschritten. Ihr relativer Anteil am gesamten, weltweiten E-Mail-Aufkommen stieg in den vergangenen Jahren auf mehr als 50% im Jahr 2003. Es entstehen jährlich volkswirtschaftliche Schäden in Milliardenhöhe. Zur Bekämpfung des Spam-Problems werden neben gesetzlichen Regelungen vor allem technische Lösungen eingesetzt, bei denen das Blockieren und Filtern von E-Mails in praktisch eingesetzten Anti-Spam-Systemen dominieren. Dieser Artikel führt in die Spam-Problematik ein und beschreibt, bewertet und klassifiziert die derzeit bedeutendsten Verfahren zur Bekämpfung von Spam.}}, author = {{Schryen, Guido}}, journal = {{Wirtschaftsinformatik}}, keywords = {{Spam, E-Mail, Spoofing, Blockieren, Filtern, Lightweight Mail Transfer Agent Authentication Protocol (LMAP)}}, number = {{4}}, pages = {{281--288}}, publisher = {{Springer}}, title = {{{Effektivität von Lösungsansätzen zur Bekämpfung von Spam}}}, volume = {{46}}, year = {{2004}}, } @inproceedings{5663, abstract = {{Spam as unsolicited e-mail to a large number of recipients is known to ecome an increasingly disturbing and costly issue of electronic business and internet traffic. Mainly technical-oriented approaches are applied with a focus on blocking, filtering, and authentication mechanisms based on the domain name system. They come along with different drawbacks and have all low effectiveness in common. The article sketches these approaches, shows its limitations, and proposes an account-based approach where the number of e-mails per day and account is restricted.}}, author = {{Schryen, Guido}}, booktitle = {{Proceedings of the IADIS International Conference WWW/Internet 2004. vol. 2}}, editor = {{Isaias, Pedro}}, keywords = {{e-mail, spam, filtering, blocking, LMAP, SMTP account}}, pages = {{937--940}}, publisher = {{IADIS Press}}, title = {{{Fighting Spam: Motivating an Account-based Approach}}}, year = {{2004}}, } @inproceedings{5664, abstract = {{Remote Internet voting systems still suffer from many security problems which rely on the clients, the servers, and the network connections. Denial-ofservice attacks and viruses still belong to the most challenging security issues. Projects and studies like the ?Voting Technology Project? of CALTECH and MIT or SERVE of the US Department of Defense set up to gain experience evidence many of the notional weaknesses of current Internet voting systems.}}, author = {{Schryen, Guido}}, booktitle = {{Workshop of the ESF TED Programme}}, pages = {{121--131}}, title = {{{How Security Problems Can Compromise Remote Internet Voting Systems}}}, year = {{2004}}, } @inbook{5666, author = {{Schryen, Guido}}, booktitle = {{Digitale Teilung - digitale Integration : Perspektiven der Internetnutzung}}, editor = {{Gehrke, Gernot}}, pages = {{45--51}}, publisher = {{KOPAED-Verlag}}, title = {{{Neulich am Hotspot - Bringt Mobiles Internet die Menschen ins Netz?}}}, year = {{2004}}, } @book{5629, author = {{Schryen, Guido and Herstell, Jan and Schoenen, Markus}}, publisher = {{Deutscher Universitäts-Verlag}}, title = {{{Online Marktforschung im Mittelstand: Analyse von Konsumentenverhalten in 3D-Internet-Welten}}}, year = {{2003}}, } @article{5630, author = {{Schryen, Guido and Herstell, Jan}}, journal = {{IM : die Zeitschrift für Information Management und Consulting}}, number = {{2}}, pages = {{74--77}}, publisher = {{Information Multimedia Communication (IMC)}}, title = {{{Online-Marktforschung - Analyse von Konsumentenverhalten in virtuellen Umgebungen, in: Information Management & Consulting, 18,2}}}, volume = {{18}}, year = {{2003}}, } @inbook{5667, abstract = {{Voting via the Internet is part of electronic government and electronic democracy. However, there are many obstacles which have to be overcome, especially legal restrictions have to be transformed into technical and security solutions. In the first part the article discusses advantages and disadvantages of Internet elections, shows different application fields, and presents important international pilot schemes (political and business ones). in the second part, due to democratic basic principles, technological security aspects are worked out.}}, author = {{Schryen, Guido}}, booktitle = {{Proceedings of the IADIS International Conference WWW Internet 2003. vol. 2}}, keywords = {{Internet Voting, Online polls, E-Democracy, Security}}, pages = {{1017--1021}}, publisher = {{IADIS Press}}, title = {{{E-Democracy: Internet Voting}}}, year = {{2003}}, } @inproceedings{5668, abstract = {{Zusammenfassung: Im Rahmen des E-Governments werden zunehmend Internetwahlen diskutiert. Der Beitrag diskutiert zunächst die Vor- und Nachteile derartiger Wahlen und zeigt Anwendungsgebiete sowie durchgeführte Pilotprojekte im politischen wie auch wirtschaftlichen Bereich auf. Im Rahmen eines Anforderungssystems werden anschließend aus demokratischen Wahlgrundsätzen sicherheitstechnologische Anforderungen herausgearbeitet. Zu deren Adressierung werden kryptographischen Wahlkonzepte herangezogen, von denen die wichtigsten vorgestellt werden. Aufgrund der Komplexität der Anforderungslandschaft wird ein sicherheitstechnologisches Strukturmodell vorgestellt, das insbesondere dazu dient, die Sicherheit(skomponenten) eines Wahlsystems systematisch mit den Anforderungen abzugleichen. Der Artikel schließt mit einem Ausblick auf notwendige Untersuchungen.}}, author = {{Schryen, Guido}}, booktitle = {{6. Internationale Tagung Wirtschaftsinformatik}}, keywords = {{Internet-Wahlen, E-Democracy, Sicherheit, Kryptographie}}, pages = {{937--956}}, title = {{{Internet-Wahlen}}}, year = {{2003}}, } @inproceedings{5620, abstract = {{Bei der Online-Marktforschung lässt sich mit Hilfe virtueller 3D-Welten das Konsumentenverhalten beobachten. Da die Struktur der dabei anfallenden Daten multidimensional ist und die marktforschungsrelevanten Anfragen eine hohe OLAP-Affinität aufweisen, wurde hierzu im Rahmen des Forschungsprojekts Benevit ein Data Warehouse konzipiert und realisiert. Im Rahmen einer Standardisierung der Protokollierung von Konsumentenaktivitäten und deren prototypischen Realisierung erwies sich der Data Warehouse/OLAP-Ansatz zur Speicherung, Analyse und Präsentation der Marktforschungsdaten als adäquates Instrumentenbündel.}}, author = {{Schryen, Guido and Schoenen, Markus}}, booktitle = {{Data Warehousing 2002}}, pages = {{103--119}}, title = {{{Data Warehouse in der Marktforschung - Analyse von Benutzeraktivitäten in virtuellen Welten}}}, year = {{2002}}, } @article{5623, abstract = {{Mit dem elektronischen Papier wird in der Displayforschung ein neuer materialtechnologischer Ansatz verfolgt: Elektronisches Papier besteht aus einer dünnen, flexiblen Folie, in der farbige Pigmente mittels elektrischer Felder ausgerichtet werden. Die Vorteile gegenüber traditionellen Technologien wie beispielsweise LCD-Displays bestehen zum einen in niedrigeren Herstellungskosten (niedrigere Produktionskosten und geringere Materialkosten) und einem geringeren Gewicht. Zum anderen entsteht eine bessere Lesbarkeit, da sich Reflexion, Kontrast und mögliche Betrachtungswinkel verbessern bzw. vergrößern. Diese Potenziale können bei Anzeigetafeln, Computerdisplays und mobilen Endgeräten ausgeschöpft werden. Mit der Eigenschaft, fast beliebige Materialien als Trägermedium zu verwenden, öffnet sich auch die Anwendungsmöglichkeit des biegsamen, elektronischen Mediums für Zeitungen und Zeitschriften. Die US-Unternehmen E Ink und Gyricon Media bieten eine zunehmend größere Produktpalette mit elektronischem Papier an.}}, author = {{Schryen, Guido and Karla, Jürgen}}, journal = {{Wirtschaftsinformatik}}, keywords = {{Elektronisches Papier, Elektronische Tinte, E Ink, Gyricon Media, Displays, Mobile Endger{\}}, number = {{6}}, pages = {{567--574}}, publisher = {{Springer}}, title = {{{Elektronisches Papier - Display-Technologie mit weitem Anwendungsspektrum}}}, volume = {{44}}, year = {{2002}}, } @article{5669, author = {{Schryen, Guido}}, journal = {{i-com. Zeitschrift für interaktive und kooperative Medien}}, number = {{3}}, pages = {{36--37}}, publisher = {{Oldenbourg; de Gruyter}}, title = {{{Elektronische Zeitung - das Erbe Gutenbergs?}}}, year = {{2002}}, } @book{5670, author = {{Schryen, Guido}}, publisher = {{Deutscher Universitäts-Verlag}}, title = {{{Komponentenorientierte Softwareentwicklung in Softwareunternehmen: Konzeption eines Vorgehensmodells zur Einführung und Etablierung}}}, year = {{2001}}, }