% % This file was created by the TYPO3 extension % bib % --- Timezone: UTC % Creation date: 2025-02-19 % Creation time: 02-09-41 % --- Number of references % 5 % @Article { 2024_welten_pasta, title = {PASTA-4-PHT: A Pipeline for Automated Security and Technical Audits for the Personal Health Train}, journal = {arXiv}, year = {2024}, month = {12}, day = {2}, abstract = {With the introduction of data protection regulations, the need for innovative privacy-preserving approaches to process and analyse sensitive data has become apparent. One approach is the Personal Health Train (PHT) that brings analysis code to the data and conducts the data processing at the data premises. However, despite its demonstrated success in various studies, the execution of external code in sensitive environments, such as hospitals, introduces new research challenges because the interactions of the code with sensitive data are often incomprehensible and lack transparency. These interactions raise concerns about potential effects on the data and increases the risk of data breaches. To address this issue, this work discusses a PHT-aligned security and audit pipeline inspired by DevSecOps principles. The automated pipeline incorporates multiple phases that detect vulnerabilities. To thoroughly study its versatility, we evaluate this pipeline in two ways. First, we deliberately introduce vulnerabilities into a PHT. Second, we apply our pipeline to five real-world PHTs, which have been utilised in real-world studies, to audit them for potential vulnerabilities. Our evaluation demonstrates that our designed pipeline successfully identifies potential vulnerabilities and can be applied to real-world studies. In compliance with the requirements of the GDPR for data management, documentation, and protection, our automated approach supports researchers using in their data-intensive work and reduces manual overhead. It can be used as a decision-making tool to assess and document potential vulnerabilities in code for data processing. Ultimately, our work contributes to an increased security and overall transparency of data processing activities within the PHT framework.}, tags = {health}, DOI = {10.48550/arXiv.2412.01275}, author = {Welten, Sascha and Kindermann, Karl and Polat, Ahmet and G{\"o}rz, Martin and Jugl, Maximilian and Neumann, Laurenz and Neumann, Alexander and Lohm{\"o}ller, Johannes and Pennekamp, Jan and Decker, Stefan} } @Inproceedings { 2024-buildsys-breyer-transferstudy, title = {Investigating Domain Bias in NILM}, year = {2024}, month = {11}, day = {6}, pages = {333-336}, url = {www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-breyer-transferstudy.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 11th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation (BuildSys 2024), Hangzhou, China}, language = {en}, ISBN = {979-8-4007-0706-3/24/11}, DOI = {10.1145/3671127.3699532}, reviewed = {1}, author = {Breyer, Justus and Jauhari, Sparsh and Glebke, Ren{\'e} and Alizai, Muhammad Hamad and Stroot, Markus and Wehrle, Klaus} } @Inproceedings { 2024-kunze-civic, title = {In-Situ Model Validation for Continuous Processes Using In-Network Computing}, year = {2024}, month = {5}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-kunze-civic.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 7th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '24)}, DOI = {10.1109/ICPS59941.2024.10639999}, reviewed = {1}, author = {Kunze, Ike and Scheurenberg, Dominik and Tirpitz, Liam and Geisler, Sandra and Wehrle, Klaus} } @Poster { 2024-dahlmanns-sul, title = {Poster: Trusted Execution Environment-basierte Sicherheit für digitale Umspannwerke}, year = {2024}, month = {3}, day = {5}, number = {19}, tags = {ven2us}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-dahlmanns-slt.pdf}, organization = {VDE ETG/FNN-Tutorial 2024 Schutz- und Leittechnik, March 05-06, 2024, Leipzig, Germany}, event_place = {Leipzig, Germany}, event_name = {VDE ETG/FNN-Tutorial 2024 Schutz- und Leittechnik}, event_date = {March 05-06, 2024}, reviewed = {1}, author = {Dahlmanns, Markus and Wark, Andreas and Genzel, Carl-Heinz and Wehrle, Klaus} } @Article { 2024_pennekamp_supply-chain-survey, title = {An Interdisciplinary Survey on Information Flows in Supply Chains}, journal = {ACM Computing Surveys}, year = {2024}, month = {2}, day = {1}, volume = {56}, number = {2}, abstract = {Supply chains form the backbone of modern economies and therefore require reliable information flows. In practice, however, supply chains face severe technical challenges, especially regarding security and privacy. In this work, we consolidate studies from supply chain management, information systems, and computer science from 2010--2021 in an interdisciplinary meta-survey to make this topic holistically accessible to interdisciplinary research. In particular, we identify a significant potential for computer scientists to remedy technical challenges and improve the robustness of information flows. We subsequently present a concise information flow-focused taxonomy for supply chains before discussing future research directions to provide possible entry points.}, keywords = {information flows; data communication; supply chain management; data security; data sharing; systematic literature review}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-pennekamp-supply-chain-survey.pdf}, publisher = {ACM}, ISSN = {0360-0300}, DOI = {10.1145/3606693}, reviewed = {1}, author = {Pennekamp, Jan and Matzutt, Roman and Klinkm{\"u}ller, Christopher and Bader, Lennart and Serror, Martin and Wagner, Eric and Malik, Sidra and Spi{\ss}, Maria and Rahn, Jessica and G{\"u}rpinar, Tan and Vlad, Eduard and Leemans, Sander J. J. and Kanhere, Salil S. and Stich, Volker and Wehrle, Klaus} }