an end-user tailorable generic framework for privacy ... › files › published ›...

Appl Math Inf Sci7 No 6 2137-2148 (2013) 2137

Applied Mathematics amp Information SciencesAn International Journal

httpdxdoiorg1012785amis070604

An End-user Tailorable Generic Framework forPrivacy-preserving Location-based Mobile Applications

Dhiah el Diehn I Abou-Tair1lowast Mohamed Bourimi2 Ricardo Tesoriero3 Marcel Heupel2 Dogan Kesdogan2 and BerndUeberschar4

1 School of Informatics and Computing German Jordanian UniversityAmman Jordan2 Chair for IT Security Privacy and Trust of the University of Siegen Siegen Germany3 Computing Systems Department University of Castilla-La Mancha Albacete Spain4 GMA Association for Marine Aquaculture Hafentorn 3 25761 Busum Germany

Received 15 Mar 2013 Revised 18 Jul 2013 Accepted 19 Jul 2013Published online 1 Nov 2013

Abstract In this paper we discuss the emerging need for supporting end-user tailorability and privacy with respect to collaborativelocation-based applications in mobile environments We present a genericprivacy-preserving framework for supporting such end-usertailorability on both user interface and server-side ends The requirements were compiled from various use cases of collaborativelocation-based scenarios from various projects and related literature The outcome results of this work demonstrates the feasibilityof our proposed framework by means of an iOS based prototype applied to previous iAngle and iFishWatcher research projects Thesignificance of this prototype that it allows different communities to define their own points of interest in a generic manner Additionallythe distributed architecture can be tailored according to user privacy requirements

Keywords Location-aware applications end-user tailorability mobile computing location privacy location-based services

1 Introduction

Mobility aspects are becoming more important than everand affect many directions of our professional as well asleisure lives This includes also academic research sincemany communities leverage the usage of mobile devicesin order to identify endangered animals [10] or to compileoccurrence records of existing species1 Latter is the casein our on-going project concerned with the developmentof mobile applications for angling communities tosupport sustainable management of aquatic resources andbiodiversity research (see below) By this means locationcontext information plays a key role in used mobileapplications eg in defining community-specific pointsof interest (POI)

In general location-aware applications areexperiencing a widespread usage in our private life (egFoursquare Google Latitude etc) As location andmobile computing converge in different form ofapplications it becomes a need to study

1 httpwwwwiwiuni-siegendeitsecprojekteiangleindexhtml

location-based-aware applications and services anewEspecially in our new digital age such a study should bewith emphasis on privacy then privacy is the most-citedcriticism for mobile pervasive and ubiquitous computing[11] Further the way in which existing applications andservices are constructed show the need to a genericframework that supports end-user tailorability as weobserved in our case

This work aims at constructing a generic frameworkfor location-based mobile applications and services Thefocus is to support end-user tailorability by combiningtwo conceptual approaches and a corresponding userinterface (UI) The UI supports end-users in defining andmanaging their own POI by using their preferreddistributed architecture according to their privacypreference With this the same framework can be re-usedby different communities (not just our anglingcommunity) by adaptingtailoring it to their specific POIand related categories that can be created at-runtime andthis in a flexible and easy way

The remainder of this paper is structured as followsThe next two sections discuss background information

lowast Corresponding author e-maildhiahaboutairgjuedujo

ccopy 2013 NSPNatural Sciences Publishing Cor

2138 D Abou-Tair et al An End-user Tailorable Generic Framework

and address the phase of gathering requirements SectionIV compares our work to related work while section Vpresents our conceptual approach Section VI discussesthe implementation of the prototype and the paper isconcluded in section VII

2 Projectsrsquo Background Information

The end-user tailorability and privacy needs we address inthis work were identified in the ongoing work of theinter-disciplinary iAngle and iFishWatcher projects at ourUniversity and collaborating institutes The iAngleproject itself emerged as a spin-off from the EU projectPICOS2 which deals with privacy and identitymanagement in mobile communities PICOS followed auser centered and scenario based proceeding for elicitingthe gathered needs and requirements (such as userexperience interviews and questionnaires) for twodifferent mobile communities (the Angling Communityand the Gamer Community) The Angling Community isbuilt by recreational anglers who explore water bodiesand coastal areas even the unproductive and thoseinaccessible to commercial fisheries to an extent that isunattainable by scientific projects They spend enormoustime and effort investigating fish communities In recentyears there has been much effort through initiatives suchas OBIS3 and GBIF4 to compile occurrence records ofexisting species and to make these records availableonline in a standardized format including the distributionof finfish on a global scale (see Figure1) Suchoccurrence records derived from surveys and inventoriesprovide the essential baseline data for monitoring changescaused by factors such as human usage of biologicalresources (eg fisheries) habitat conversion climatechange and help in determining in-country priorities onspecies conservation There is no doubt that informationon global species diversity is necessary to supportwell-informed decision making at the global level yetinformation critical to such decisions are not availablereadily [8]

In order to encourage angler to share their data forscientific examination FishBase the global onlineinformation system about fish established theFishWatcher facility several years ago FishWatcher is aplace where angler and other fish watcher can uploadtheir catch data and observations However the numbersof records shared has been disappointing over the lifetimeof the project The lack of willingness exhibited couldhave been that their records would become visible to theentire community ie anglers did not consider uploadingtheir data simply because they did not want to disclose itor attract commercial fishing boats to their favouritefishing spots Nevertheless the call for improved

2 httpwwwpicos-projecteu3 httpwwwiobisorg4 httpwwwgbifde

Fig 1 Occurrence records by fish watcher

communication and better understanding of the differentperspectives among fishery scientists managers and therecreational fishing sector has been identified as apressing need in recreational fisheries managementthroughout the world [5] Our innovative approach toimprove recreational angler participation in science andresearch makes use of the latest smart phonetechnologies We have introduced two new mobile anglerapplications for the iPhone and a client for Androidsmartphones providing features specifically designed forthe angling community (this paper however deals merelywith the iPhone client) The major objectives of our workare to support the mobilization of the catch record datafrom the angling community for scientific purposes TheiOS-based iFishWatcher mobile application is a catchdiary and a social community client for iOS devices suchas iPhone iPad or iPod Touch It covers two main focusareas namely management of user catches andinteraction among members of the mobile anglingcommunity using a secure and decentralised architecturewhich could be also used in a centralised way To achievecatch management functionality the iFishWatcherapplication makes use of two different resources (1) theFishBase database which provides rich information aboutfish since the user is actively supported in creating newcatch diary entries based on the scientific information inFishBase5 and (2) the iFishWatcher server

In a catch report the user typically provides thecommon name physical attributes (size and weight) andtakes a picture of the catch that is saved on the device andin cases where the angler wants to share his catch recorduploaded to the server The catch information includingthe geo-location of the fishing spot obtained by thedevices sensor can be shared either with a limitednumber of buddies or the entire community (see Figure2)Since this may result into privacy respecting concerns wehave also included the possibility to set the locationmanually in order to blur the userrsquos actual position Thesecond resource the iFishWatcher Server provides onlineaccess for management of personal profiles catch diariesand the collaborative mobile Location-Based Services(LBS) eg the fishing spot facility Users may run their

5 httpwwwfishbaseorghomehtm


Appl Math Inf Sci7 No 6 2137-2148 (2013) wwwnaturalspublishingcomJournalsasp 2139

own server in their respective community so that they areable to administer transmission data on their own(members building a trustworthy sub-community) or justuse a global instance of the server that is managed by athird party In order to support the aforementionedfeatures the server makes use of three key technologiesas described in [2]

1The Spring and the Spring Roo framework that isproviding support for all user profile and catch diaryrelated tasks and automatically creates Web-Interfacesfor the basic operations that help user to manage hisdata online using the browser of his choice

2RESTful a web services capable of sending andreceiving JSON formatted data over HTTPS Thisway we ensure that encrypted data is transferred withthe least possible amount of overhead that is animportant issue regarding privacy security andusability since it is reducing response times by farand thus makes the App usable even in areas with badsignal strength and low speed internet connectivityUsing these services the user can upload locallysaved catches to the server or download all of hiscatches that are present on the server what enablesmulti device usage

3The third key technology is the XMPP frameworknecessary for collaborative scenarios (see chatexample in Figure3 a) Users register an account witha server and are able to use multiple accounts withdifferent servers sharing data with the respectivecommunity (eg removing catches in Figure3 b)Utilizing the XMPP protocol one is able to providechat functionality as well as catch and geo-locationdata exchange between users who added each other toso called buddy lists (see Figure3 c) Users can statean individual privacy level by definingbuddy-by-buddy rules that restrict access to theirlocation and online status If data exchange ispermitted users can see the catches of their friendsand can track a users location as well as the locationof their friends fishing spots using the built-in GoogleMaps facility

The main difference points between PICOS and iAngleare represented in Table1

Further information about the iFishWatcher projectand related research (eg enhancements with respect toprivacy advisory on mobile devices described in [3]) canbe found at the websitewwwifishwatcherorg(iAngledemo videos and up-coming functions)

3 Problem and Requirements Analysis

Early in the design and implementation phases of theiAngle prototype it became clear that a generic solutionsupporting different kinds of POI could reducedevelopment costs The same observation wasexperienced while building the 2nd PICOS Community

Fig 2 Selected catch functionality in iFishWatcher

Fig 3 Selected collaboration examples in iFishWatcher

Prototype [16] which addressed the requirements of theGamer community Server-side functionality could bere-used when generic POI are supported While anglersare interested in watercourses and fishing spots gamerswant to see Internet cafe locations and WiFi spots on theirmobile clients Manipulation functionalities such asadding removing or editing these POI stay the same fordifferent communities However only the members of agiven community could appropriately define their(context-related) POI Non-angling people for their owntarget scenarios (teaching staff and students at ourUniversity who tested the iAngle prototype) alsoexplicitly requested this For this purpose we identifiedthe requirementto support end-user tailorability withrespect to different POI with a generic mobile frameworkby considering the usability of providing it (High-levelrequirement 1 - HLR1)

The second HLR is taken from the iAngle andiFishWatcher projects This project is part of theFishWatcher6 project based on the previous iAngleproject A requirement for supporting differentcommunity schemes was identified For instance theusers asked for having a global data server that could beused by all angler communities in different countries

6 iFishWatcherhttpifishwatcherorg



Table 1 Comparaison between iAngle and PICOS

Aspect PICOS iAngle

Architecture Server-centric Allows fordecentralization

Server-side ampSoftware

Subset of HP OpenCall (PHP and notavailable)

Spring-basedserver

Anonymous usage Signing in requested passive usagepossible

IdentityManagement

Root identity +various partialidentities

Simplepseudonyms(Communityrequested)

Mobile Client ampSoftware

Nokia Music Xpressrunning with Java onSymbian OS

iPhone SDK3x

Simple navigationamp improvementsrelated to enteringdata

Limited interactivitydue to Java

Good supportof iPhone SDK

whereas each country provides just a localcommunication and awareness server for the membersSince users of the same community differently interpretprivacy we identified the requirementof enhancingprivacy by enabling end-user tailorability of thecommunication and data sharing schemes they intend(High-level requirement 2 - HLR2)

4 Comparison to Related Work

One way of reacting on emerging changes is to allow fortailorability Henderson defined tailoring asrdquothe technicaland human art of modifying the functionality oftechnology while the technology is in use in the fieldrdquo[9]Bannon argues thatrdquothere will always be a need for someform of tailoring in order to fit a system into anyparticular settingrdquo[1] When developing socio-technicalsystems and applications satisfying user needs andrequirements is even more difficult than in the context ofsingle-user application development To achieve thetask-technology fit7[18] different approaches suggestdifferent levels of tailorability Thereby the tailorabilitylevel varies from supporting customisation extension orintegration [13] up to tailoring the collaboration or thedevelopment process of the socio-technical system itself[6][17] Further tailorability is directly related toNon-Functional Requirements (NFRs) in the case ofintegration or indirectly such as in the case ofcustomisation (ie usability concern) or extension (iearchitectural concern) In the following discussion we

7 Proper matching between the task and technological support

address how most prominent mobile applications aresupporting tailorability in their provided location-relatedfunctionality

Foursquare8 is a social network designed for mobiledevices supporting GPS It allows registered users toconnect with other people and track their locationrdquoCheck insrdquo at venues are rewarded with user points etcand can also be posted on Facebook9 and Twitter10Foursquare rewards active users by granting them ranksdepending on their number of check-ins at venues Withincreasing rank the userrsquos authorizations increase as wellExamples for such additional authorizations are edittingvenue info adjusting venue position (latitude andlogitude) and adding categories to venues

Google Places11 integrates with Google Maps as wellas Google+ and offers mainly information aboutbusinesses of all kinds Business owners can create anentry for their location free For mobile workers or due toprivacy concerns of people working from home it is alsopossible to specify not an exact location but an area ofoperation instead

Other services like eg Qype12 and Yelp13 focus onthe rating and review of locations like restaurants shopsetc Location information can be maintained by businessowners themselves or by site visitors In the second casemoderator approval is necessary The service SCVNGR14

is a location-based game platform In order to get pointsusers are encouraged not just to visit certain places butalso to perform challenges there which are being createdby other users This can be eg to take a picture oranswer a riddle etc Geoloqui15 offers a framework tobuild location-based applications It offers functionalitieslike tracking or definition of areas triggering an event Itis also possible to search in their POI database or createand store own private POIs messages etc on theirservers

Related to security and privacy needs Palen andDourish [15] mention that some level of informationdisclosure is needed to sustain social engagementHowever most available socio-technical systems haveeither a server-centric architecture or auser-centricclient-centric architecture User-centricapproaches are not sufficient and suitable for socialsettings since the exchange of information is the base ofsuch settings Server-centric approaches imply that theserver is the central point of information exchange Suchapproaches do not fully eliminate accidental or intentionalrisks and threats which can arise through the analysis orreconstruction of personal information and interaction

8 httpswwwfoursquarecom9 httpwwwfacebookcom

10 httptwittercom11 httpwwwgooglecomplaces12 httpwwwqypecom13 httpwwwyelpcom14 httpwwwscvngrcom15 httpsgeoloqicom



traces The building of a userrsquos fully-fledged profileremains possible at least through the judicial authoritieswhich enforce for example service providers to allowdispute resolution means in order to recognise frauds

PrimeLife continues the work that has been done inPRIME and tried to tackle substantial new privacychallenges such as protecting privacy in collaborativescenarios and virtual communities by providing a privacypolicy language and mechanism to handle access controland to process privacy policy and compare them with userprivacy preferences [19] Our approach differs fromidentity management systems such as PRIME andPrimeLife in that it does not hinge on an identitymanagement system ndasheven if it is considered astrustworthy

Furthermore service providers impose their privacypolicies to overcome privacy-related issues They enforcetheir business models and interests that are based onprivate information and social interaction disclosureEven though a service provider applies differentprivacy-enhancing mechanisms such as anonymization(ie through removing sensitive data like namesaddresses etc) there is still space for improvementssince anonymization does not realize privacy and theservice user must trust the service provider In Narayananand Shmatikov [14] it was shown that users could bere-identified across high popular distinct social networkslike Facebook Flickr MySpace or Twitter with an errorrate of just 12 An interesting approach unifyingcentralized as well as decentralized aspects can be foundin [4] Bourimi et al [4] present a decentralizedgroup-centric approach which empowers the users tohost their environmental system needed for collaborativesettings instead of hosting it on a central server Thus theend-users have the full control over their data Thecommunication between different groups will be ensuredover the main platform of the system The user who hostsa surrounding node can share data with other groupswithout losing the control over his data Bourimi et al [4]approach builds the starting point for parts in ourrequirements analysis

In summary to our best knowledge none of thesurveyed mobile applications and approaches supports thedefinition of end usersrsquo own spots beyond predefinedcategories Further no application fulfils our two mainrequirements the on-the-fly definition of communicationandor data servers as well as a flexible identitymanagement concept

5 Approach

Our approach is a combination of two conceptualapproaches as well as a corresponding user interface Thisinterface supports end-users in defining and managingtheir own POI for their shared workspaces by using theirpreferred distributed architecture (ie global clientserveror group centric etc) according to their privacy

preference In order to fulfil the identified requirementsHLR1 and HLR2 our approach includes

(1) With the aim of meeting the runtime end-usertailorability requirement (HLR1) further concreterequirements were identified An example of suchrequirement could be the interoperability and a flexibleidentity management system The advantage of a flexibleidentity management system lies in the fact that such asystem acts in the background and supports the changingprocess of the different server-side components in orderto use them with other identities without losing therelationships to the context at the client levelFurthermore the used server-side POI collaborationcomponents (eg for awareness communication or datasharing) have to seamlessly support this switching ofidentities originating from the same client These furtherconcrete requirements are addressed for a specificprototypic implementation in the following section

(2) The system architecture used to support the socialinteraction allows the separation of different componentsto be used in a given social settingcontext (HLR2) Sothe end-users are able to adapt the used servercomponents by themselves (eg communicationawareness or POI data sharing) according to their privacyneeds from the same application at runtime withoutrestarting the system or client application It will becarried out by enabling the user to choose the servercomponents needed for the social interaction (eg byentering their URLs) Furthermore the end-users have thepossibility to use ad-hoc servers set up by trusted people

The server is used to administrate the applicationsettings for the generic POI environment Now we onlysupport one rdquoapplicationrdquo per installation but this will beenhanced in the future to support multiple applications inone server installation The application administratorconfigures the application The administrator can uploadan applications image set the description imprint for theapplication and edit additional information In our casethe customisation is specialized for iPhone applicationbut it can be more generalized for other mobile devices aswell The administrator has the opportunity to customizethe generic POI objects so that the application supportsseveral types of POI Therefore the administrator needsto generate those customs POI by adding a POI name anicon and (in the future) actions that are associated withthat POI In addition the custom POI can have additionalfields attached to them which will be connected to thespecific POI For displaying purposes on the mobiledevices HTML templates can be associated to the POIEach rdquoapplicationrdquo supports the use of groups which canbe shared by users These groups can be public or privateand allow POI to be attached to these groups Each groupcan have multiple users attached to them Users are ableto create groups and POI through REST services whichare used by the mobile application

Scenario 1 - Create new POIA new POI is created by tabbing on the plus button in theupper left corner ([create poi]) It is positioned in the



middle of the screen but can be moved via drag and dropafterwards The POI is created with default values forname description and type This enables the user toquickly add a POI with minimum effort If the user tabson the POI a callout-bubble appears which displays thename and type of the POI The POI can be customized byclicking on the blue button on the right of the bubble

Scenario 2 - Aggregate POITo aggregate POI the user first has to create the POI hewants to aggregate (see scenario one) and open the POIcustomisation window for the super-POI The POIcustomisation window enables the user to set a name anddescription for the POI change its type share the POIwith other users and add sub-POI to the current POI Ifthe user tabs on the rdquoManage Sub-POIrdquo button he canchoose multiple POI from a list

Scenario 3 - Filter POIThe user can choose which types of POI he wants to seeon the Map by tabbing on the rdquoFilter iconsrdquo button in themap view [create poi] In a list of POI types he then canswitch the desired types on or off

51 Generic POI data model

In order to formalize the POI representation we havedefined the meta-model depicted in Fig4 using theEcore16 dialect of MOF17 It shows the abstract syntax ofthe language that is used by the server to model the POIinformation

Fig 4 Abstract syntax of server-side representation for POI inEcore dialect

The Model is divided into two main aspects theMaps and POIMetadata While Maps represent thelocation context ofPOI the POIMetadata defines themetadata related to the information thatPOI represent APOIMetadata is defined in terms ofPOITypes thatrepresent the metadata of information that is related to aPOI The POIType is defined as a Composite [7] to

16 httpwwweclipseorgmodelingemftproject=ecoretools17 httpwwwomgorgspecMOF

Fig 5 Meta model defining DefaultMetadata and POIMetadata

support the definition of complex metadata and the reuseof metadata definition

Figure 5 depicts a model that defines (a) theDefaultMetadataPOIMetadata for the GermanyMapTherefore theDefaultMetadataPOIMetadata definestheDefaultPOITypeComposedTypethat is subsequentlydefined by theTitle and theDescription AtomicTypesbacked by the rdquojavalangStringrdquo class defined by the classattribute Besides theDefaultPOIType defines theGPSLocationComposedTypedefined by theLongitudeand Latitude AtomicTypes backed by therdquojavalangDoublerdquo class defined by theclassattribute Ascan be seen in Fig5 all POITypes are refined at thePOIMetadata level to encourage reuse Thus theGermanyMAP defines theSiegen EssenandBerlin POIthat manage the information defined by theDefaultPOITypethat is contained by theDefaultMetadataPOIMetadata

One of the goals of the system is the propagation ofnew metadata through the POI definition Figure6 showshow the addition of theRemark metadata in theDefaultPOITypeComposedType is propagated throughtheSiegen EssenandBerlin POI

511 Enhancement of Privacy by Enabling End-UserTailorability of the Distributed Architecture (HLR2)

We decided to use a group centric architecture with twolightweight servers This server can be easily installed ona home computer or other hardware from the users



Fig 6 Example for addition of Remark metadata in Default-POIType

Fig 7 Overall architecture of the prototype

themselves if the user does not trust the owner of thepublic server and wants to have full control over his userdata Additionally it allows the formation ofsub-communities The sub-communities can restrictaccess to their data so that only members of thecommunity can access it The two servers we used iniAngle are the eJabbered Server for communication andlocation publishing and a retrofitted CURE Server [12]mainly containing the database of watercourses andfishing spots However additionally involved in theregistration process to support unlinkabilty ofcommunication data and user identities Since theretrofitted CURE supports ubiquitously in form of

decentralised group-centric servers we developed manydecentralised solutions The iAngle client can be set touse an eJabberd server locally installed by the usersthemselves (members building a trustworthy subcommunity) [3] However the central communityAnglersBase is still being developed in PICOS[BU3] andthere is at the moment no possibility to share data at amore global level as described in [3] Currently theiAngle server is playing the role of the AnglersBaseAnother important aspect in our approach is the fact thatno sensitive user information is stored on a server Thedata like location information email etc are stored on theown mobile device and only sent to authorised contacts inan encrypted message We might have a slightly increasedcommunication traffic compared to other architectureswhere the data is uploaded to a server but the userpossesses full control about his personal data all the timeThe pseudonyms used for entering the iAngle serverwhere watercourses and precise as well as blurred spotsare stored are very different from the eJabberd accountsWith this the observability and linkability of the users aremade difficult especially by seperating thecommunication as well as awareness functionality fromthe collaborative LBS scenarios

Fig 8 Tailoring the distributed architecture by setting the usedserver components

Fig 9 Flexible and tailorable overall distributed architecture



By setting different values in the mobile App settings(see Figure8) for the used servers one could becomedifferent distributed architecture allowing so for tailoringit to the respective end-usersrsquo privacy needs (meaningfulconstellations depicted in Figure9)

6 Implementation

We implemented our approach for supporting a mobileAngling Community with privacy and collaboration needsrelated to location-based services We built an iPhonebased prototype based on our conceptual architectureintroduced in [3] which allows for different levels ofcentralisation and decentralization see Figure9 Here wedescribe how the end-user can adjust (adapt) thedistributed architecture in order to reach hisher privacyneeds related to communication and awareness on the onehand as well as shared data expectations on the otherhand We achieve this goal by enabling the user toconfigure the application architecture individually on theclient-side (see Figure8) Depending on the userrsquosconfiguration there are several architectures possible Inthe following we will introduce three possibilities

Figure 10(a) shows a client-server architecture withthe server being central for all users Communicationawareness and data sharing is global in this configurationand therefore privacy is a global concern The typical userof this configuration has no or just a minor interest inprivacy This model is also widely used by todayrsquos socialnetworks The next possibility is presented in Figure10(b) In this case all users share their data globallywhile communication and awareness aspects are handledgroup-centric This model allows sharing contentspublicly while respecting the userrsquos privacy Finally thethird configuration (see Fig10(c)) is very group-centricData is shared on the group-level and furthermorecommunication and awareness are handled on thegroup-level The usage of XMPP with the help of theeJabberd server as a communication and awareness servergranted the interoperability while CURE is used as ashared artefacts server The end-users machine can hostboth the ubiquitous CURE (including an eJabberd server)[4] and as well as further ad-hoc setup eJabberd servers(ca 12 MB) If the client switches for the first time to aneJabberd instance the client application will createtemporary identities and uses them In the case of CUREwe enforce the user to enter the correct credentialsthrough a separate UI Since we only retrofitted theCURE implementation the provided implementationdetails correspond to those described in [4]

61 Server implementation

The server part of the application is in charge ofmanaging POIs information The server manipulates twodifferent types of information related to POIs

ndashThe POI meta-informationndashThe POI information

While the POI meta-information defines the informationto be stored according to the type of POI to be describedthe POI information describes the POI itself according tothe description provided by the POI meta-informationHowever both types of information are processed in thesame way through three different layers

1The Apache Tomcat Server2The Eclipse runtime environment3The MySQL database management system

The Figure11depicts how the information is processedamong these layers

Fig 11 Server software architecture

62 Apache Tomcat Server

The first layer is in charge of providing clients withinformation through the network using the HTTPprotocol To carry out this task we employed an ApacheTomcat Server18 which implements the Java Servlettechnology19 Each operation performed by clients on thesystem is processed by a Servlet which implements aREST web service This Servlet is in charge of processingparameters and call the operations to be performed by thesecond layer in order to process the information To carry

18 httptomcatapacheorg19 httpwwworaclecomtechnetworkjavaindex-jsp-135475html



(a) Server-centricarchitecture

(b) Architecture for group-centriccommunication

(c) Group-centric architecture (awarenesscommunication and shared data)

Fig 10 The three different architecture approaches [3]

out this task the Apache Tomcat Server is initializedaccording to the following code that is part of theContextListener class

package usiseclistenersimport usisecpersistenceUsisecDBStart

public class ContextListener implementsServletContextAttributeListenerServletContextListener Overridepublic void contextInitialized

(ServletContextEvent arg0)UsisecDBStart instance = new UsisecDBStart()instancedoStartDB()arg0getServletContext()setAttribute(instanceinstance)

Once the application context is initialized with theinstance of the Eclipse runtime environment(UsisecDBStart) the Servlet maps the operation to beperformed and processes HTTP parameters Then it callsthe operation to be performed on the Eclipse runtimeenvironment (ie theaddPOI operation) The followingcode shows how this process is carried outpackage usisecservletspublic class AddPoiData extends HttpServlet

Overrideprotected void doGet(HttpServletRequest req

HttpServletResponse resp) throws ServletExceptionIOException

Idem doPostOverrideprotected void doPost(HttpServletRequest req


UsisecDBStart instance = (UsisecDBStart)getServletContext()getAttribute(instance)

Get HttpServletResponse writer Process parametersjavautilMapltEAttribute Objectgt values

= instancegetPOIMetadata()

for (EAttribute attr valueskeySet()) valuesput(attr reqgetParameter(attrgetName()))

Calls Eclipse runtime operationinstanceaddPOI(values) Generate REST response by asking the instance Close HttpServletResponse writer

63 Eclipse Runtime Environment

The second layer is based on an Eclipse20 runtimeenvironment which hosts the model instances to bemanipulated by the Servlets hosted in the Apache TomcatServer Model instances represent instances of themeta-model meta-classes represented in Figure4 To dealwith the creation and modification of these modelinstances we have used the Eclipse Modeling Framework(EMF) 21 which runs in the Eclipse runtime environmentBy default the persistence of model instances are stored inXML using the XMI (XML Metadata Interchange)format 22 This way of storing information may be usefulfor single threaded applications however it is not theright choice in multi-threaded environment as the webenvironment Therefore we have used the Teneopersistence framework to support model storage usingdatabase management systems Teneo23

is a database persistence solution for EMF usingHibernate 24 or EclipseLink 25 It supports automaticcreation of EMF to Relational Mappings EMF Objectscan be stored and retrieved using advanced queries (HQLor EJB-QL)

20 httpwwweclipseorg21 httpwwweclipseorgemf22 httpwwwomgorgspecXMI23 httpwwweclipseorgmodelingemftproject=teneoteneo24 httpwwwhibernateorg25 httpwwweclipseorgeclipselink



Thus the following code shows how the EclipseRuntime Environment processes the request using theEMF

package usisecpersistencepublic class UsisecDBStart

Initialization

public void addPOI

(javautilMapltEAttribute Objectgt values) Session session = sessionFactoryopenSession()Transaction tx = sessiongetTransaction() Starts a transaction create a libraryand make it persistenttxbegin()Query qry = sessioncreateQuery(from Model)Listltgt list = qrylist() Retrieves the model (root)Model model = (Model) listget(0) Creates a POIPOI poi = UsisecFactoryeINSTANCEcreatePOI() Retrieves parametersfor (MapEntryltEAttribute Objectgt entry

valuesentrySet())poieSet(entrygetKey() entrygetValue())

Saves POI informationsessionsave(poi) Adds a new POI to the modelmodelgetPois()add(poi) at commit the objects will be present in the

databasetxcommit() and close of this should actually be donein a finally blocksessionclose()

Finally the third layer is implemented by the MySQL26

Relational Database Management System

64 Advantages of this approach

As result of this implementation we have achieved amulti-platform approach for lightweight clients

One advantage of this approach is the runtimeupdating mechanism due to the meta-modellingconception of the system In a traditional approach youhave to modify domain classes in order to add newmeta-information to the system for instance followingthe scenario described on Section51 (Figures5 and 6)you have to manually add the ldquoremarkrdquo attribute to thePOI type adjust database table fields accordinglyre-compile and restart the system in order to reloadclasses

However the use of the EMF jointly with the Teneoframework allows the modification of themeta-information in the same way we modify instanceinformation achieving a runtime reflection system

Thus the type of a POI (POIType) is linked to thePOI instance which is treated as simple informationitself consequently the variation of the POITypemodifies the POI itself Therefore no recompilation orrestart is needed when meta-information is modified26 httpwwwmysqlcom

As we have mentioned before the use of the EMFjointly with the Teneo framework allows transactionaloperations on models which provides the system withreliability and efficiency when dealing with informationstorage

The multi-layer approach also allows developers tochange the database management system easily becauseTeneo abstracts the persistence layer from the EMFframework Besides this approach allows developers tochange the Servlet implementation because the EMF runsindependently from the web container being used

7 Conclusions and Future Work

This work motivated and presented a generic frameworkfor end-user tailorability of the UI as well as server-sidefor POI functionality by considering privacy aspects Weidentified the need for supporting end-user tailorabilitybased on performed analysis of various use cases relatedto collaborative location-based scenarios in mobilesettings from different projects The two high-levelrequirements identified in this paper are related tosupporting generic POI and end-user privacy needs byallowing for tailorbility We demonstrated the feasibilityof the generic framework for collaborative mobileapplications and services that support privacy-respectinglocation-based scenarios by means of an iOS basedprototype being used in the iAngle and iFishWatcherprojects The iOS based mobile App communicates with ageneric meta model at the server-side supporting thecreation of POI at-runtime (here by using Eclipsersquosmetamodeling framework) Our prototype allowsdifferent communities to define their own points ofinterests in a generic manner (at-runtime) bysimultaneously supporting group collaborationfunctionality (eg communication awareness etc)Thereby the distributed architecture can also be tailoredaccording to privacy needs

Our work goes beyond related work Future work willfocus on improving the end usersrsquo tailorabilitycapabilities so that lay users are empowered to easygenerate their specific community Apps by using ourgeneric framework For instance the same framework canbe re-used by other communities (not just our AnglingCommunity) and its UI can be tailored to use otherpictures and icons by keeping the location-based andcollaborative functionality unchanged This work begansince some weeks to perform ethnographic labevaluations for detecting crucial usage points (ie criticalpoints for user experience) One of the main point is toprovide support for good tailorability user experience inthe next versions



Acknowledgement

We acknowledge support by the DeutscheForschungsgemeinschaft (DFG) under grant KE12133-1 Further support was provided by the EU FP7project digitalme funded by the EC(FP72007 2013)under grant no 257787

References

[1] Liam J Bannon Customization and tailoringof software systemsthinking about the context oftinkering and tailoring InCustomizing softwaresystems 4ndash8 (1992)

[2] M Bourimi B Ueberschaer E GanglbauerD Kesdogan T Barth J Dax and M HeupelBuilding usable and privacy-preserving mobilecollaborative applications for real-life communitiesA case study based report InInformation Society(i-Society) 2010 International Conference on 435ndash442 (2010)

[3] M Bourimi J Ossowski Dhiah el Diehn I Abou-Tair S Berlik and D Abu-Saymeh TowardsUsable Client-Centric Privacy Advisory for MobileCollaborative Applications based on BDDs In4thIFIP International Conference on New TechnologiesMobility and Security (NTMS) Paris France 7-10(2011)

[4] Mohamed Bourimi Falk Kuhnel Jorg M HaakeDhiah el Diehn I Abou-Tair and Dogan KesdoganTailoring collaboration according privacy needs inreal-identity collaborative systems InCRIWG 110ndash125 (2009)

[5] M Dedual O Sague Pla R Arlinghaus A ClarkeK Ferter P Geertz Hansen D Gerdeaux F HamesS J Kennelly A R Kleiven A Meraner andB Ueberschr Communication between scientistsfishery managers and recreational fishers lessonslearned from a comparative analysis of internationalcase studiesFisheries Management and Ecology 20(2-3) 234ndash246 (2013)

[6] Alejandro Fernandez Jorg M Haake and AdeleGoldberg Tailoring group work InCRIWG 232ndash244(2002)

[7] Erich Gamma Richard Helm Ralph Johnson and JohnVlissides Design Patterns - Elements of ReusableObject-Oriented Software Addison-Wesley Longman(1995)

[8] Chandra Prasad Giri Surendra Shrestha Timotthy WForesman and Ashbindu Singh Global biodiversitydata and information (2009)

[9] Austin Henderson Tailoring mechanisms in threeresearch technologies InProceedings of Group rsquo97(1997)

[10] Hal Hodson Smartphones make identifyingendangered animals easyNew Scientist (2013)

[11] Jason I Hong and James A Landay An architecturefor privacy-sensitive ubiquitous computing InMobiSys rsquo04 Proceedings of the 2nd internationalconference on Mobile systems applications andservices New York NY USA 177ndash189 (2004)

[12] Stephan Lukosch and Mohamed Bourimi Towardsan enhanced adaptability and usability of web-based collaborative systemsInternational Journalof Cooperative Information Systems Special Issueon rsquoDesign Implementation of Groupware 467ndash494(2008)

[13] Anders Moslashrch Three levels of end-user tailoringcustomization integration and extensionMIT Press51ndash76 (1997)

[14] Arvind Narayanan and Vitaly Shmatikov De-anonymizing social networks 173ndash187 (2009)

[15] Leysia Palen and Paul Dourish Unpacking rdquoprivacyrdquofor a networked world InCHI rsquo03 Proceedings of theSIGCHI conference on Human factors in computingsystems New York NY USA ACM Press 129ndash136(2003)

[16] PICOS Consortium D62b - Community ApplicationPrototype (2010)

[17] Till Schummer A Pattern Approach for End-UserCentered Groupware Development Schriften zuKooperations- und Mediensystemen - Band 3 JOSEFEUL VERLAG GmbH Lohmar - Koln (2005)

[18] Robert Slagter Dynamic groupware servicesmodular design of tailorable groupware PhD thesisUniversity of Twente (2004)

[19] Slim Trabelsi Gregory Neven and Dave RaggettPrivacy and Identity Management in Europe for LifeReport on design and implementation Technicalreport PrimeLife Consortium (2011)



Dhiahel Diehn I Abou-Tairis an assistant professor at theGerman-Jordanian UniversityHe received his PhDfrom the group of Databaseand Software Engineeringat the University of SiegenGermany During his PhDDr Abou-Tair conductedresearch about the adoption

of privacy laws and regulations in information systemsthrough an ontology-based approach He has wideexpertise in the fields of domain analysis ontologydevelopment database modelling integration ofheterogeneous software systems and development of webbased information systems Dr Abou-Tair was a postdoctorate researcher at the Chair of IT-Security at theUniversity of Siegen and has been involved with anumber of EU and German-funded research projects

Mohamed Bourimigraduated from the Universityof Dortmund in 2002 andholds a degree in computerscience Diplom-Informatikerwith distinction) Mohamedis working now as a researchassistant at the IT Securitychair at University of Siegensince 2009 He contributed asdeveloper consultant as well

as technical project leader to various German and EUresearch and industrial projects He owns more than 30international scientific publications and is certified inScrum ITIL v3 and in IBM Enterprise Technologies andMainframes Currently Mohamed is mainly contributingto the EU FP7 digitalme project as leader of WP4concerned with the development of digitalme TrustPrivacy and Security Infrastructure

Ricardo Tesorierois professor at ComputingSystems DepartmentUniversity of Castilla LaMancha (UCLM) AlbaceteSpain He got a degreein computer science in 2005at the National Universityof La Plata Buenos AiresArgentina a master degreein Advanced Information

Technologies in 2008 at the UCLM and a PhD incomputer science in 2009 at the UCLM too He ismember of the Interactive Systems Everywhere ResearchGroup of the Albacete Research Institute of InformaticsHis teaching and research areas are Software Engineering

and Human-Computer Interaction (HCI) He is co-authorof more than 50 publications in journals book chaptersand international congress proceedings His researchinterests are model-driven architectures HCI andcontext-aware computing

Marcel Heupelgraduated from the Universityof Siegen with a degreein information systems (DiplWirtsch Inf) with mainfocus on anonymity supportat application level andits usability Currently he is aPhD student at the IT SecurityChair at Siegen After hisgraduation he contributed to

more than 10 publications until now being first in authorof four of them Before he graduated he has alreadyGerman national and international publications related tothese anonymity topics as co-author He is currentlycontributing in the EU FP7 funded project digitalme

Dogan Kesdoganholds the Chair of IT-Securityat the Universitat RegensburgHis primary fields of researchare security and privacywith the goal to provide atheoretical background for thedevelopment implementationand evaluation of security andprivacy-enhancing protocolsHe is a graduate of the

Aachen University of Technology where he has alsoreceived his doctoral degree and habilitation in computerscience He has held faculty and industrial positions atUniversity of Siegen NTNU Norway RWTH AachenVU University Amsterdam otelo communicationsGmbH and IBM Thomas J Watson Research Center

BerndUeberschar is a marinebiologist with the focuson sustainable managementof fish resources aquacultureonline information systemsand the human dimensionsof recreational fisheries Hewas a research partner in thePICOS-Project and developednew privacy concepts for

angling communities assisted in the translation of theseconcepts into mobile online communities for recreationalangler and supervised a series of field trials where relatedapplications for smartphones were tested


Introduction

Projects Background Information

Problem and Requirements Analysis

Comparison to Related Work

Approach

Implementation

Conclusions and Future Work


and address the phase of gathering requirements SectionIV compares our work to related work while section Vpresents our conceptual approach Section VI discussesthe implementation of the prototype and the paper isconcluded in section VII

2 Projectsrsquo Background Information

The end-user tailorability and privacy needs we address inthis work were identified in the ongoing work of theinter-disciplinary iAngle and iFishWatcher projects at ourUniversity and collaborating institutes The iAngleproject itself emerged as a spin-off from the EU projectPICOS2 which deals with privacy and identitymanagement in mobile communities PICOS followed auser centered and scenario based proceeding for elicitingthe gathered needs and requirements (such as userexperience interviews and questionnaires) for twodifferent mobile communities (the Angling Communityand the Gamer Community) The Angling Community isbuilt by recreational anglers who explore water bodiesand coastal areas even the unproductive and thoseinaccessible to commercial fisheries to an extent that isunattainable by scientific projects They spend enormoustime and effort investigating fish communities In recentyears there has been much effort through initiatives suchas OBIS3 and GBIF4 to compile occurrence records ofexisting species and to make these records availableonline in a standardized format including the distributionof finfish on a global scale (see Figure1) Suchoccurrence records derived from surveys and inventoriesprovide the essential baseline data for monitoring changescaused by factors such as human usage of biologicalresources (eg fisheries) habitat conversion climatechange and help in determining in-country priorities onspecies conservation There is no doubt that informationon global species diversity is necessary to supportwell-informed decision making at the global level yetinformation critical to such decisions are not availablereadily [8]

In order to encourage angler to share their data forscientific examination FishBase the global onlineinformation system about fish established theFishWatcher facility several years ago FishWatcher is aplace where angler and other fish watcher can uploadtheir catch data and observations However the numbersof records shared has been disappointing over the lifetimeof the project The lack of willingness exhibited couldhave been that their records would become visible to theentire community ie anglers did not consider uploadingtheir data simply because they did not want to disclose itor attract commercial fishing boats to their favouritefishing spots Nevertheless the call for improved

2 httpwwwpicos-projecteu3 httpwwwiobisorg4 httpwwwgbifde

Fig 1 Occurrence records by fish watcher

communication and better understanding of the differentperspectives among fishery scientists managers and therecreational fishing sector has been identified as apressing need in recreational fisheries managementthroughout the world [5] Our innovative approach toimprove recreational angler participation in science andresearch makes use of the latest smart phonetechnologies We have introduced two new mobile anglerapplications for the iPhone and a client for Androidsmartphones providing features specifically designed forthe angling community (this paper however deals merelywith the iPhone client) The major objectives of our workare to support the mobilization of the catch record datafrom the angling community for scientific purposes TheiOS-based iFishWatcher mobile application is a catchdiary and a social community client for iOS devices suchas iPhone iPad or iPod Touch It covers two main focusareas namely management of user catches andinteraction among members of the mobile anglingcommunity using a secure and decentralised architecturewhich could be also used in a centralised way To achievecatch management functionality the iFishWatcherapplication makes use of two different resources (1) theFishBase database which provides rich information aboutfish since the user is actively supported in creating newcatch diary entries based on the scientific information inFishBase5 and (2) the iFishWatcher server

In a catch report the user typically provides thecommon name physical attributes (size and weight) andtakes a picture of the catch that is saved on the device andin cases where the angler wants to share his catch recorduploaded to the server The catch information includingthe geo-location of the fishing spot obtained by thedevices sensor can be shared either with a limitednumber of buddies or the entire community (see Figure2)Since this may result into privacy respecting concerns wehave also included the possibility to set the locationmanually in order to blur the userrsquos actual position Thesecond resource the iFishWatcher Server provides onlineaccess for management of personal profiles catch diariesand the collaborative mobile Location-Based Services(LBS) eg the fishing spot facility Users may run their

5 httpwwwfishbaseorghomehtm



















Aspect PICOS iAngle




Spring-basedserver


IdentityManagement





iPhone SDK3x






















5 Approach


































6 Implementation









































Initialization

public void addPOI



















Acknowledgement


References




































Introduction




Approach

Implementation



















Aspect PICOS iAngle




Spring-basedserver


IdentityManagement





iPhone SDK3x






















5 Approach


































6 Implementation









































Initialization

public void addPOI



















Acknowledgement


References




































Introduction




Approach

Implementation







5 Approach


































6 Implementation









































Initialization

public void addPOI



















Acknowledgement


References




































Introduction




Approach

Implementation




























6 Implementation









































Initialization

public void addPOI



















Acknowledgement


References




































Introduction




Approach

Implementation





























Initialization

public void addPOI



















Acknowledgement


References




































Introduction




Approach

Implementation



Acknowledgement


References




































Introduction




Approach

Implementation

















Introduction




Approach

Implementation


an end-user tailorable generic framework for privacy ... › files › published ›...

Documents