Privacy  and  Security  in    Mul1-­‐modal  User  Interface  Modeling    

for  Social  Media  Mohamed  Bourimi1,3,  Ricardo  Tesoriero2,  Pedro  G.  Villanueva2,  Fa<h  Karatas1,  Philipp  Schwarte1    

 1University  of  Siegen,  Chair  for  IT  Security,  Germany  

2Compu1ng  Systems  Department.  University  of  Cas1lla-­‐La  Mancha,  Spain  

3FernUniversität  in  Hagen,  Coopera1ve  Systems  Group,  Germany  

Overview  

§  Background  and  Mo2va2on  §  Problem  Statement(s)  §  Requirements  Analysis  §  Proposed  Approach  §  Example  §  Eclipse  Security  Model  Editor  §  Future  Work  and  Conclusion  

Background  and  Mo2va2on  §  Interdisciplinary  research  becoming  more  important  in  the  

area  of  Social  Media  (Modeling):  1.  Human-­‐Comupter  Interac2on  (HCI)  è  Usability  

Engineering  2.  Groupware  and  Social  SoQware  è  Distributed  Systems  

SoQware  Engineering  Suppor2ng  Collabora2on  3.   Privacy  and  Security  Engineering    

§  Modeling  as  one  of  the  important  steps  in  the  SoQware  Engineering  Process  could  help  in  considering  the  requirements  :  •  Early  Enforcement  (Bourimi  et  al.  AFFINE    methodology,  HCSE2010)  

•  Adequately  by  considering  social  factors,  too!  (which  is  not  part    of  other  business  domains)  

Abuses,  risks  and  threats  when  using  Social  Media!  

§  Scandals  are  becoming  ordinary  (due  to    accidental  or/and  inten2onal  abuses)  with    fatal  consequences  in  some  situa2ons!!  

§  Iden2fica2on  remains  possible  with  an  error    rate  of  just  12%  (Narayanan&Shama2kov    2009)    

§  Many  other  examples  for  loosing  privacy  and    evolving  risks  and  threats  ..  

Problem  Statement(s)  

§  General  problem  statement:  Improving  the  modeling  of  systems  suppor<ng  social  interac<on  in  general  (considering  all  involved  research  fields  togetherè  Targe<ng  Synergy  Effect)  

§  Specific  problem  statement  (here):  Using  standard(s)  for  efficient  support  of  generated  user  interfaces  by  considering  mul<-­‐modality  (Web,  Mobile,  Desktop  etc.)  when  using  social  media  systems  (e.g.,  for  evalua<on  based  research,  frequent  provision/adap<on  of  prototypes  is  needed!)  

Requirements  Analysis:  „SocialTV  Case  Study“  

§  “Perfect  Labor”  in  our  case:  SocialTV  interdisciplinary  project  running  since  2009  (presented  @SocialCom  2010)  èhQp://www.uni-­‐siegen.de/T5/itsec/forschung/projekte/socialtv.html  

Requirements  Analysis:  Further  Gathered  Requirements  

§  R1:    Reflec2ng  realis2c  SocialTV  situa2ons  (individual  and  group  interac2ons)  

§  R2:    Allowing  for  flexible  parallel  interac2on  of  the  involved  people  

§  R3:    Flexibility  in  terms  of  costs  emerging  from  adapta2ons  to  new  situa2ons  and  tests  

§  R4:    Suppor2ng  thereby  secure  and  privacy-­‐preserving  interac2on  

Approach  

§  Approach  is  based  on  same  technologies  we  use  for  development  of  context-­‐aware  applica2ons  for  ubiquitous  compu2ng  environments  using  the  Model-­‐Driven  Architecture  (MDA):  •  Metamodling  and  UsiXML    (Cameleon  Reference  Framework)  

•  Eclipse  •  For  Security/Privacy  è  Security    Metamodel  (next  slide)  

   

Approach  

§  For  Security/Privacy  è  Metamodel  oriented  to  PriS  (2008):  - Principals  (user  model)  - Resources  (domain    model)  - Ac2vi2es  (task  model)  

   

Solu2on  sa2sfying  our  requirements  (R1-­‐R4)  

Approach:  Security  Metamodel  and  DSL  

Example  

Security model

Current  State:  Security  Modeling  Editor  

§  Developed  using  the  Eclipse  plahorm  as  a  plugin  •  EMF    •  GMF  

§  As  consequence  •  Metamodels  in  ECORE  format  •  Models  in  XMI  (OMG  standard  for  model  representa2ons)  

§  Main  Advantage  •  Genera2on  of  a  plahorm  independent  security  models  

§  OCL  Model  Valida2on  (i.e.  Aiributes)  §  MOFScript  (Model  2  Text  transforma2on)  

First  Results  (Modeling)  

§  In  total,  we  conducted  interviews,  walkthroughs  and  collected  first  usage  experiences  of  the  current  modeling  framework  (including  the  first  primi2ve  version  of  the  Security  Metamodeling  Eclipse-­‐based  Editor)  with  21  par2cipants  from  the  educa2onal  and  industrial  field  

§  We  are  currently  suppor2ng  various  widgets  such  as    fields  for  entering  different  data  (e.g.,  username  and  password),  combo  boxes,  etc.  (Official  Status  will  be  announced  this  week  in  a  presenta2on  for  OMG)    

Experiences  (for  Current  Status)  

§  Requirements  resulted/s2ll  resul2ng  mainly  from  interdisciplinary  research  projects  è  Students  and  researchers  working  together  in  academic  evalua2on!    

 §  We  received  wishes  for  improvements  from  industrial  contacts  and  partners  in  other  projects  è  Interac2ve  TV  por2ng  (s2ll  needing  access  to  special  HW  suppor2ng  our  technologies  such  as  TVs  suppor2ng  HTML5  or  Android  Plahorm)  

Future  work  and  conclusion  

§  Future  work  is  primarily  focused  on:  •  Improving  the  Security  Metamodel  by  adding  itera2vely  further  security  and  privacy  requirements!  

•  Improving  the  used  Security  Metamodling  Editor  for  easing  the  modeling  of  related  design/modeling/development  tasks  

§  This  needs  improving  the  underlying  UsiXML  framework  which  is  in  evolu2on  for  the  moment  for  mee2ng  standards  (OMG  /  W3C  proposals  submiied!)  

Privacy  and  Security  in    Mul1-­‐modal  User  Interface  Modeling    

for  Social  Media    

Bourimi@wiwi.uni-­‐siegen.de    

Mohamed.Bourimi@fernuni-­‐hagen.de            

Thank you for your attention!