This document discusses privacy and security considerations in multi-modal user interface modeling for social media. It provides background on the interdisciplinary nature of this area and motivates the need to address privacy and security early in the software development process. It then analyzes requirements for a "SocialTV" case study, outlines an approach using security modeling standards and the Eclipse platform, and provides an example security model. Current implementation details of a security modeling editor are described along with initial user experiences and plans for future work.

1. Privacy
and
Security
in
Mul1-­‐modal
User
Interface
Modeling
for
Social
Media
Mohamed
Bourimi1,3,
Ricardo
Tesoriero2,
Pedro
G.
Villanueva2,
Fa<h
Karatas1,
Philipp
Schwarte1
1University
of
Siegen,
Chair
for
IT
Security,
Germany
2Compu1ng
Systems
Department.
University
of
Cas1lla-­‐La
Mancha,
Spain
3FernUniversität
in
Hagen,
Coopera1ve
Systems
Group,
Germany

2. Overview
§ Background
and
Mo2va2on
§ Problem
Statement(s)
§ Requirements
Analysis
§ Proposed
Approach
§ Example
§ Eclipse
Security
Model
Editor
§ Future
Work
and
Conclusion

3. Background
and
Mo2va2on
§ Interdisciplinary
research
becoming
more
important
in
the
area
of
Social
Media
(Modeling):
1. Human-­‐Comupter
Interac2on
(HCI)
è
Usability
Engineering
2. Groupware
and
Social
SoQware
è
Distributed
Systems
SoQware
Engineering
Suppor2ng
Collabora2on
3. Privacy
and
Security
Engineering
§ Modeling
as
one
of
the
important
steps
in
the
SoQware
Engineering
Process
could
help
in
considering
the
requirements
:
• Early
Enforcement
(Bourimi
et
al.
AFFINE
methodology,
HCSE2010)
• Adequately
by
considering
social
factors,
too!
(which
is
not
part
of
other
business
domains)

4. Abuses,
risks
and
threats
when
using
Social
Media!
§ Scandals
are
becoming
ordinary
(due
to
accidental
or/and
inten2onal
abuses)
with
fatal
consequences
in
some
situa2ons!!
§ Iden2fica2on
remains
possible
with
an
error
rate
of
just
12%
(Narayanan&Shama2kov
2009)
§ Many
other
examples
for
loosing
privacy
and
evolving
risks
and
threats
..

5. Problem
Statement(s)
§ General
problem
statement:
Improving
the
modeling
of
systems
suppor<ng
social
interac<on
in
general
(considering
all
involved
research
fields
togetherè
Targe<ng
Synergy
Effect)
§ Specific
problem
statement
(here):
Using
standard(s)
for
efficient
support
of
generated
user
interfaces
by
considering
mul<-­‐modality
(Web,
Mobile,
Desktop
etc.)
when
using
social
media
systems
(e.g.,
for
evalua<on
based
research,
frequent
provision/adap<on
of
prototypes
is
needed!)

6. Requirements
Analysis:
„SocialTV
Case
Study“
§ “Perfect
Labor”
in
our
case:
SocialTV
interdisciplinary
project
running
since
2009
(presented
@SocialCom
2010)
èhQp://www.uni-­‐siegen.de/T5/itsec/forschung/projekte/socialtv.html

7. Requirements
Analysis:
Further
Gathered
Requirements
§ R1:
Reflec2ng
realis2c
SocialTV
situa2ons
(individual
and
group
interac2ons)
§ R2:
Allowing
for
flexible
parallel
interac2on
of
the
involved
people
§ R3:
Flexibility
in
terms
of
costs
emerging
from
adapta2ons
to
new
situa2ons
and
tests
§ R4:
Suppor2ng
thereby
secure
and
privacy-­‐
preserving
interac2on

8. Approach
§ Approach
is
based
on
same
technologies
we
use
for
development
of
context-­‐aware
applica2ons
for
ubiquitous
compu2ng
environments
using
the
Model-­‐Driven
Architecture
(MDA):
• Metamodling
and
UsiXML
(Cameleon
Reference
Framework)
• Eclipse
• For
Security/Privacy
è
Security
Metamodel
(next
slide)

9. Approach
§ For
Security/Privacy
è
Metamodel
oriented
to
PriS
(2008):
- Principals
(user
model)
- Resources
(domain
model)
- Ac2vi2es
(task
model)

10. Solu2on
sa2sfying
our
requirements
(R1-­‐R4)

11. Approach:
Security
Metamodel
and
DSL

12. Example
Security model

13. Current
State:
Security
Modeling
Editor
§ Developed
using
the
Eclipse
plahorm
as
a
plugin
• EMF
• GMF
§ As
consequence
• Metamodels
in
ECORE
format
• Models
in
XMI
(OMG
standard
for
model
representa2ons)
§ Main
Advantage
• Genera2on
of
a
plahorm
independent
security
models
§ OCL
Model
Valida2on
(i.e.
Aiributes)
§ MOFScript
(Model
2
Text
transforma2on)

14. First
Results
(Modeling)
§ In
total,
we
conducted
interviews,
walkthroughs
and
collected
first
usage
experiences
of
the
current
modeling
framework
(including
the
first
primi2ve
version
of
the
Security
Metamodeling
Eclipse-­‐based
Editor)
with
21
par2cipants
from
the
educa2onal
and
industrial
field
§ We
are
currently
suppor2ng
various
widgets
such
as
fields
for
entering
different
data
(e.g.,
username
and
password),
combo
boxes,
etc.
(Official
Status
will
be
announced
this
week
in
a
presenta2on
for
OMG)

15. Experiences
(for
Current
Status)
§ Requirements
resulted/s2ll
resul2ng
mainly
from
interdisciplinary
research
projects
è
Students
and
researchers
working
together
in
academic
evalua2on!
§ We
received
wishes
for
improvements
from
industrial
contacts
and
partners
in
other
projects
è
Interac2ve
TV
por2ng
(s2ll
needing
access
to
special
HW
suppor2ng
our
technologies
such
as
TVs
suppor2ng
HTML5
or
Android
Plahorm)

16. Future
work
and
conclusion
§ Future
work
is
primarily
focused
on:
• Improving
the
Security
Metamodel
by
adding
itera2vely
further
security
and
privacy
requirements!
• Improving
the
used
Security
Metamodling
Editor
for
easing
the
modeling
of
related
design/modeling/
development
tasks
§ This
needs
improving
the
underlying
UsiXML
framework
which
is
in
evolu2on
for
the
moment
for
mee2ng
standards
(OMG
/
W3C
proposals
submiied!)

17. Thank you for
your attention!
Privacy
and
Security
in
Mul1-­‐modal
User
Interface
Modeling
for
Social
Media
Bourimi@wiwi.uni-­‐siegen.de
Mohamed.Bourimi@fernuni-­‐hagen.de