print page

Master's Thesis

Rules And Permissions For Location-Based Services


As more and more web services become available, users have to manually filter wanted services from unnecessary ones. Using a web browser a list of bookmarks can be used as filter. For smartphones the list of installed apps can be thought of as a filter. In both cases the user has first to find and bookmark/install wanted services.

Providing services which are relevant for users due to their physical location is a research topic at the Institute of Telematics. The idea is to develop an application framework which can bring arbitrary services to users and automatically offer a filtered list of services. It is assumed that a client is able to locate itself. Emphasis is put on indoor location-based services (LBS), e.g., services a building could offer to its residents and guests.

Work description

Given that a list of relevant (and close) services is provided by a server to a client, one main task of this work is to analyze and evaluate what kind of permissions are useful in order to protect services from unwanted usage.

First, a list of LBS containing a broad set of possible use cases should be created. Then a list of user groups as well as a set of appropriate user privileges and permission shall be compiled and evaluated. Most likely a classical security concept with users and groups will not suffice, as the position of a person should influence the security clearance, e.g., some external person (guest) should not able to switch on the light in your house, unless he is already inside; a user - even though a registered one - should not be able to call the elevator, unless he is close. As a result a security concept shall be designed which is suited for indoor LBS for smartphones.

The second main aspect of this work is to outline and evaluate rules for periodic or sporadic execution of services, i.e., after a client registered for a service the service, provider actively contacts the client triggered by a timer or external events. For this purpose existing, available rule engines are to be evaluated and compared. It is also to be analyzed whether and how the previous designed security concept may be included in rule engine.

Finally, a well suited rule engine has to be chosen to implement a proof of concept application. It should be a client-server-architecture written in Java where the client may be an Android app. At least two different kinds of LBS have to be implemented. One could be an information service for a draw-a-number-system: When the client enters the waiting area, he is asked whether to draw a number. On each incrementation of the current waiting-number the client application is notified. Depending on the geometric distance to the waiting room the application tells its user to return immediately or keeps silence. Giving a second example, a warning service for unauthorized opening of a door may be implemented: After registering for the service, the client is informed each time the door opened. If the client detects that its user is not in the vicinity of the door it raises the alarm.

Start date 2. May 2013
End date 4. November 2013
Documents Flyer
Supervisor Dr.-Ing. Julian Ohrt