Adaptive and Context-Awae Pivacy Pesevation Schemes Exploiting Use Inteactions in Pevasive Envionments Gautham Pallapa*, Maio Di Fancesco t *, and Sajal K. Das* *Cente fo Reseach in Wieless Mobility and Netwoking Univesity of Texas at Alington E-mail: {gpallapa,das} @uta.edu t Depatment of Compute Science and Engineeing Aalto Univesity School of Science E-mail: maio.di.fancesco@aalto.fi Abstact-In a pevasive system, uses have vey dynamic and ich inteactions with the envionment and its elements, including othe uses. To efficiently suppot uses in such envionments, a high.level epesentation of the system (namely, context) is usually exploited. Howeve, since pevasive envion ments ae inheently people'centic, context might consist of sensitive infomation. As a consequence, pivacy concens aise, especially in tems of how to contol infomation disclosue to thid paties (e.g., othe uses). In this pape we popose context awae appoaches to pivacy pesevation in wieless and mobile pevasive envionments. Specifically, we design two schemes: (i) to educe the inteactions between the use and the system, and (ii) to exploit the inteactions between diffeent uses. Both of ou solutions ae adaptive, thus suitable fo dynamic scenaios. In addition, ou schemes equie limited computational and stoage esouces, so that they can be implemented on esouce constained pesonal and sensing devices. We apply ou solutions to a smat healthcae scenaio, and show that ou schemes not only effectively potect the use pivacy, but also significantly educe the inteactions with the system, thus impoving the use expeience. Keywods Pevasive systems, context awaeness, pivacy pesevation, use inteactions, smat envionments. I. INTRODUCTION Technological advances and the widespead adoption of both sensos and pesonal devices, such as smatphones and PDAs, ae making pevasive systems and the Intenetof-things a eality [1]. This plethoa of devices not only make possible infomation access "eveywhee at anytime", but, moe significantly, also suppot daily activities and occupations of people seamlessly [2]. Pevasive systems would not exist without people. Convesely, people would not use systems which ae obtusive, difficult to use, o which imply isks not popotionate to thei benefits [3]. Hence, it is impotant to conside use inteactions in the design of pevasive systems [4]. Smat envionments epesent a specific instance of pevasive systems whee people suoundings ae enhanced though sensing and actuation capabilities, thus impoving the use expeience [5]. One fundamental aspect hee is that these systems ae intelligent, so that they acquie and apply knowledge about the envionment and its actos autonomously [6]. This is needed due to a numbe of factos. Fist, the inteactions between diffeent devices and people need to be abstacted and intepeted in ode to obtain meaningful decisions and actions. In fact, the aw data themselves might be too many and complex. Second, since smat envionments ae centeed aound use needs, the inteaction with people is supposed to be so natual that it cannot even be noticed [7]. Howeve, these inteactions, which also involve diffeent infomation souces, ae usually vey dynamic and complex. Hence, some effot is equied to take autonomous decisions, as well as to adapt to uses as they inteact with the envionment [8]. One of the foundations of pevasive systems and smat envionments is the so called context, defined as the cicumstances o backgound elements which (help to) detemine the meaning of an event o the occuence of specific pattens. In most cases, context infomation is peoplecentic, hence it may consist of sensitive infomation which may lead to secuity and pivacy issues. In this pape, we focus on pivacy, defined as the claim of an individual to allow o deny, accoding to cetain constaints, disclosue of pesonal infomation to thid paties [9]. Note that thid paties ae not only othe people, but also entities (e.g., applications o povides) which could potentially exploit context infomation to povide sevices. This makes the poblem even moe challenging [5, Chapte 1]. Most of the appoaches to pivacy pesevation in pevasive envionments which have aleady poposed in the liteatue focus on eithe location pivacy [10] o anonymization [11, 12]. Hee, we athe quantify the pivacy associated with context infomation, as in [13], whee a pivacy value denotes how much the use is willing to shae the elated infomation with othe actos in the system. Howeve, in contast to [13], we specifically addess dynamic scenaios involving even multiple uses. To a cetain extent, ou appoach is simila to [14], whee an access-ights gaph stuctue was exploited to decide how specific context infomation could be accessed. Indeed, ou solution does not pefom access contol, but athe deive the pivacy of context infomation moe natually fom use inteactions. In this aticle, we popose two context-awae appoaches to pivacy pesevation in wieless and mobile pevasive envionments. Specifically, we intoduce a hybid scheme to educe the inteactions between the use and the system. 978-1-4673-1239-4/12/$31.00 2012 IEEE
We also pesent an appoach based on use behavio which is capable to exploit the inteactions between diffeent uses and the envionment. Both of ou solutions ae adaptive, thus suitable fo dynamic scenaios. In addition, ou schemes equie limited computational and stoage esouces, so that they can be implemented on esouce-constained pesonal and sensing devices. We apply ou solutions to a smat healthcae scenaio, and show that ou schemes can effectively potect use pivacy. Futhemoe, we show by simulation that ou poposed appoaches also significantly impove the use expeience, in tems of educed numbe of explicit inteactions with the system. The est of the pape is oganized as follows. Section II intoduces the efeence system achitectue and the consideed pivacy model. Section III poposes two schemes fo pivacy pesevation, which ae then evaluated in Section IV. Finally, Section V concludes the pape. Context Rules Context States Figue I. Context Manage Pivacy Manage Rule Evaluation Engine Context Gathee Sensing Devices Remote Sevices Pivacy Detemination Access Contol Tansaction Log Components of a pivacy and context-awae pevasive system I II. PRELIMINARIES In this section we will fist pesent the fundamental concepts behind ou poposed adaptive pivacy pesevation schemes, then we will intoduce the system achitectue. A. System Model and Refeence Achitectue We denote a pevasive envionment E consisting of a set of n esouces as E = {Tl' T2,..., Tn}. Each esouce coesponds to eithe a sensing unit (e.g., a senso measuing tempeatue o a camea) o an attibute made available by a (emote) sevice (e.g., weathe foecast o taffic infomation). Resouces ae chaacteized by means of context elements ei fo i = 1,...,n, each containing the basic infomation needed by the system: a esouce ID, the associated data, and a timestamp. We define a context as a collection of context elements. To avoid ambiguity, and since the state of the system can be deived depending on the context infomation, we will efe to a specific context as context state. Moe in detail, a context state Cj is defined as a set of m context elements such that Cj = {el' e2,..., em}, whee m :::; n. Context states ae pocessed accoding to use o system-defined context ules. These fundamental elements ae managed by the system though to the components shown in Figue I. Specifically, a context manage is used to handle context infomation. The context manage is made of two diffeent subsystems: (i) a context gathee which etieves the esouces, builds the context elements, and associates them to context states; and (ii) a ule engine which evaluates the context ules and updates the state of the system accodingly. In ode to keep tack of the cuent state, the system stoes both the context ules and the context states in databases which ae made available to the diffeent components. Pivacy-pesevation is accomplished by means of a pivacy manage, which associates pivacy infomation with the diffeent context states and ensues pope access to sensitive infomation. The pivacy manage maintains a tansaction log, which is used to update the pivacy of the diffeent context states accoding to specific policies. The application component contains the diffeent use applications which can take advantage of the pivacy-pesevation sevice. In addition, it compises intefaces fo configuing the diffeent components of the system, including the pivacy settings and the context ules. In the following subsection, we will intoduce the pivacy model used in the est of the pape. We will assume that the context manage is aleady available - e.g., by using the solution in [15] - and focus on the pivacy manage instead. B. Pivacy Repesentation and Management In ou scheme we associate a pivacy value with each element in the system, epesenting the elated amount of pivacy [13]. The pivacy value w is chosen among the set L of the pivacy levels allowed by the system. Moe specifically, we assume that I levels ae defined, so that L = 0, f,, ll l, I} and 0 :::; w :::; 1 is used as the weight fo the diffeent elements. Pivacy values associated with context elements ei and context states Cj ae denoted as w(ei) and w(cj), espectively. In addition to those individual pivacy values, a global pivacy setting 7 is also defined. The global pivacy setting summaizes how context infomation is to be shaed o potected by the use. Pivacy management is pefomed as follows. Fist, pivacy values fo context elements and context states ae detemined. Second, those values ae evaluated with espect to the global pivacy setting each time a context infomation is equested. If the cuent global pivacy setting allows to disclose the context infomation, then the elated context elements ae shaed with the equesting paty. Othewise they ae denied, and eventually the use is pompted fo additional actions, e.g., allow a (tempoay) exception o change the cuent state so that such a equest can be satisfied.
III. ADAPTIVE PRIVACY PRESERVATION In the pevious section we have (implicitly) chaacteized the status of the system at a specific instant. The esulting chaacteization can also be thought as a snapshot of the system at a given time. In ode to tack the dynamics of the system, we extend the basic model to time-vaying pocesses by intoducing the time vaiable t. As a esult, we will denote as w(ei, t), w(gj, t), and n(t) the context elements, context states, and the global pivacy setting of the system at time t, espectively. We define the state of the system at a given time t as a session, denoted as S(t). If context ules do not change with time, the state of the system is univocally identified by the set of context elements and context states, along with the coesponding pivacy levels and the global pivacy setting. If the pivacy value of context states can also be deived accoding to a cetain policy, then the state of the system is uniquely detemined just by the context elements and thei weights, which we denote as S(t) = {w(el, t), w(e2, t),..., w(em, tn. In the following, we will assume that the context ules ae statically defined, so that we can chaacteize a session only on the basis of the weighted context elements. A. A Hybid Appoach to Pivacy Pesevation In this section we will pesent a hybid appoach to pivacy pesevation, in the sense that the poposed scheme exploits both use inteactions and automatic detemination of pivacy values associated with context states, based on the context elements. Let us conside, without loss of geneality, a scenaio whee two! uses Us and U inteact within a session. Specifically, use Us is shaing some infomation accoding to some pivacy settings, and use U is equesting some infomation, descibed in tems of the set of context elements G(t) = {el(t), e2(t),..., e(tn. We now descibe how ou scheme, executed at the use Us, esults in shaing the elevant (context) infomation with the use U while peseving the desied level of pivacy. We assume that a global pivacy setting n(t) is available, fo instance as specified by the use Us. We also assume that the pivacy values (i.e., weights) of the context elements w (ei, t) ae available. In ode to detemine if the equest can be satisfied, the system compaes the pivacy of the context states to the global pivacy setting, i.e., w(g,t) = Lw(ei,t)::; n(t) (1) i=l whee is the numbe of context elements in the equest G(t). If Expession (1) is satisfied, then the use Us is 1 Session involving multiple uses can always be efeed to as a set of paiwise sessions between one use shaing infomation and anothe use equesting a context. Algoithm 1: Scheme based on a hybid appoach input: equest G(t) = {el(t), e2(t),..., e(tn 4l 3 else constuct the decision tee; 5 obtain Gs(t); 1 if L =l w(ei, t). Xi ::; n(t) then 2 L infom use of the session G(t); 6 infom use of the session Gs(t); 7 quey pemissions fo elements of G(t) \ Gs(t); notified of the coesponding session, and of which infomation has been shaed. Othewise, the use is pompted fo action, i.e., allow o deny the disclosue of the elated context infomation. Ou goal hee is to keep the system as autonomous as possible, thus educing the numbe of inteactions with the use to the minimum extent. To this end, we ty to maximize the numbe of context elements which can satisfy the equest, in tems of the constaint in Expession (1). It is easy to show that this can be mapped to a 0-1 knapsack poblem [16], which can be fomulated as follows: max L w(ei, t). Xi (2) i=l i=l Xi E {a,l} whee Xi is a binay value which denotes if the context element ei(t) is included in the context infomation which can be automatically shaed, accoding to the cuent global pivacy setting. The 0-1 knapsack poblem can be solved though linea pogamming [17]. Howeve, to educe the computational equiements, in ou scheme we used a geedy appoach based on a decision tee. Let Gs(t) be the set of shaeable context elements esulting fom Expession (2). Then the use Us is infomed of the coesponding session Gs(t), and asked fo pemission to shae the emaining context elements which do not belong to Gs(t), i.e., the elements in G(t) \ Gs(t). The hybid appoach is illustated by Algoithm 1. The poposed appoach has a numbe of advantages. In fact, if Expession (1) is satisfied, the use Us is just infomed of the session, and no futhe action is needed. Othewise, the use Us has to appove the shaing of a limited numbe of context elements. This oveall educes the numbe of both queies and use pompts, thus allowing a smoothe inteaction with the pevasive envionment. In addition, the use expeience is impoved since the system allows to know at a glance the context elements that have been shaed, as well as to modify the pivacy levels of the context elements.
B. Pivacy Pesevation Based on Use Behavio So fa we have chaacteized pivacy management by efeing to a session which occus between two uses. Howeve, inteactions within a pevasive envionment usually have ecuing pattens, mainly elated to locations, activities, and also social inteactions between uses. As a consequence, pivacy pesevation can be futhe enhanced by explicitly consideing these aspects in the design of pivacy management schemes. Specifically, the use behavio can be embedded in the pivacy pesevation scheme. The main idea behind ou appoach is to exploit the histoy of inteactions between uses and the envionment in ode to obtain the amount of pivacy associated with specific equests. Now, the histoy can be built on the basis of the individual context equests, so that thee is a diect mapping between the equesting use and the queied context state. Howeve, this would equie stoing a lage amount of data, since a single equest can consist of any subset of the context elements as they ae defined in the system. In ode to educe both implementation complexity and stoage equiements, we athe associate the histoy infomation with individual context elements, so that the coesponding solution is suitable to esouce-constained pesonal and sensing devices, and then extend it to context equests. Let us ecall that we ae consideing the scenaio whee a use Us is shaing context infomation with othes accoding to a cetain global pivacy setting. We also assume that the use Us eceives a equest of context infomation in the fom G(t) = {e1(t), e2(t),...,e(t)} by some othe use Uk. Let us also define as n(ei(t), Uk) the numbe of times the context element ei(t) has been shaed between Us and Uk, and n(uk) as the total numbe of sessions between Us and Uk. Thus, we can obtain the pobability that the context element Ci is shaed with use Uk as: - n(ei(t), Uk) P ( e,.( t ) I Uk ) - --'-N--'--'----'- Ln(Uj) j=l whee N is the total numbe of uses which have equested context infomation to (i.e., which have aleady had sessions with) Us in the past. A context element ei in G is shaed if the coesponding pobability is above the aveage shaing pobability fo all elements in the equest, i.e., 1 P(ei(t) I Uk) - L P(ej(t) I Uk) (4) j=l whee is the numbe of context elements in the equest. Expession (4) is evaluated fo all context elements in the equest. Those which satisfy the constaint ae added to the set of shaed context elements Gs(t). If all context elements can be disclosed, i.e., Gs(t) == G(t), then they ae automatically shaed and the use is just infomed of the session. Othewise, the use is pompted to allow o Algoithm l 2: Scheme based on use behavio 1 foeach element ei in G fom Uk do P ( (t)1 ) -'-- n(ei(t),uk). 2 e, Uk "--- L:f=l n(uj), 3 if P(ei(t) I Uk 2:;=1 P(ej(t) I Uk) then 4 L add ei to Gs, infom use of session Gs; s 6 if G(t) =f=. Gs(t) then 7 l quey pemissions fo elements in G(t) \ Gs(t); 8 update Gs with the new pemissions; 9 foeach element ei in Gs do if ei has been shaed then 10 l 11 L n(ei(t), Uk) n(ei(t), Uk) + 1; 12 n(uk) n(uk) + 1; disallow the shaing of the context elements in Gs(t) \ G(t), as aleady discussed in Section III-A. The appoach based on use behavio is illustated by Algoithm 2. IV. EVALUATION In this section we will evaluate the pefomance of the poposed appoaches to pivacy pesevation in pevasive envionments though simulation. In addition to the hybid and the use behavio schemes, we will also conside the system-centic appoach intoduced in [13] fo compaison puposes. In ode to evaluate the diffeent schemes, we will conside the following metics: Shaing efficiency, defined as the atio between the numbe of context elements automatically shaed (i.e., IGsi) to the total numbe of context elements in a equest (i.e., IGi). We conside the aveage value of the shaing efficiency fo diffeent equests duing a simulation. Numbe of queies, defined as the aveage numbe of pompts to the use (i.e., IGl-IGsi). Numbe of opeations, defined as the aveage numbe of opeations needed to evaluate whethe a context element can be shaed o not. Fo the system-centic appoach, they ae mapped to the numbe of opeations needed to update the Context-Pivacy Gaph (CPG) [13]. Clealy, the fist two metics quantify the use expeience. In fact, the moe the numbe context elements that can be automatically shaed, the fewe the numbe of inteactions with the use; the same applies to the numbe of queies. In the est of the section we will fist pesent the simulation setup, and then the expeimental esults.
Table I DETAILED RESULTS FOR SPECIFIC USERS IN THE SIMULATION Use 7 Sessions lel Numbe of Queies Use behavio Hybid 0.5 10 4 I 2 0.6 20 8 2 3 U2 0.7 30 16 4 5 0.8 40 21 6 9 0.9 50 33 8 15 0.5 10 4 3 6 0.6 20 7 3 9 U3 0.7 3u 12 4 13 0.8 40 19 5 17 0.9 50 23 7 21 0.5 10 5 1 3 u.6 2u 11 I 4 U4 0.7 30 18 4 9 0.8 40 22 7 11 u.9 50 37 11 23 0.5 10 6 2 1 0.6 20 14 3 6 U5 0.7 30 23 4 11 0.8 40 31 6 18 0.9 50 39 8 27 A. Simulation Setup We evaluated the diffeent schemes by using a custom simulato witten in Java. In detail, we ceated context elements and ules accoding to a smat healthcae scenaio [18]. We used the JBoss Entepise Business Rules Management System [19] to ceate and manage the context-awae ulesets. We vaied the numbe of pivacy levels fom 3 to 6, in ode to incopoate even complex pivacy settings. Futhemoe, we geneated 100 uses accoding to diffeent J2ME Mobile Infomation Device Pofiles (MIDP) [20]. The size of context equests is unifomly distibuted between 0 and 50 fo each session, and the global pivacy setting 71 is between 0.5 and 0.9. Unless othewise specified, the total numbe of context elements in the system is set to 100. B. Simulation Results We show in Figue 2a the shaing efficiency fo the hybid and the use behavio-based appoaches as a function of the equest size. In ode to make the compaison moe fai, we focused only on the esults fo 71 = 0.9. Fom the figue we can see that the use behavio-based appoach has a highe shaing efficiency than the hybid scheme. This happens because it is not actually constained by the global pivacy setting 71, but it athe depends on use inteactions. As a esult, the use behavio-based scheme can bette follow the pefeence of uses as it changes duing time, thus allowing moe elements to be shaed on the aveage. Also note that the hybid appoach obtains a good shaing efficiency (moe than 75% on the aveage), which tends to incease as the size of the equest inceases as well. We now focus on the numbe of queies as a function of the numbe of sessions (i.e., the numbe of context equests), as illustated in Figue 2b. In this case, we also conside diffeent values of the global pivacy setting. Clealy, both schemes ae affected by the global pivacy setting, and the use behavio-based appoach always esults in a lowe numbe of queies. This is patly elated to the shaing efficiency, as aleady shown above. It is wothwhile emphasizing that, when the context size is small, the numbe of queies is vey low fo both appoaches, thus esulting in an acceptable numbe of pompts to the use, even when the global pivacy setting is modeate (i.e., 71 = 0.5). We epot in Table I detailed esults fo 4 sample uses U2,.., U5 equesting contexts to use Ul (the uses wee andomly selected among all uses available in the system). Finally, we show in Figue 2c the numbe of opeations equied by the poposed schemes and the system-centic appoach in [13] as a function of the context equest size. Note that, fo the hybid and use behavio-based schemes, the numbe of opeations is measued on the basis of the numbe of queies. The hybid appoach needs to build and pase the decision tee, while the use behavio-based appoach needs to go though the histoy of use inteactions. Even though it is difficult to keep all vaiables into consideations when compaing the diffeent schemes, it clealy emeges that the ovehead of system-centic appoach is significant, especially when compaed to the two schemes poposed in this pape. This happens because the Context-Pivacy-Gaph has to be e-evaluated (i.e., the diffeent weights have to be eassigned) and its size inceases quickly with the size of the equested contexts. In conclusion, ou schemes ae quite efficient since they equest the low numbe of pompts to the use, and they also have limited ovehead due to the associated numbe of opeations. The appoach based on the use behavio pefoms bette than the hybid scheme, since it can exploit the histoy of use sessions. v. CONCLUSION In this pape we have poposed two context-awae schemes fo pivacy pesevation in pevasive envionments. In one case, we have exploited a hybid appoach to minimize use inteventions in shaing context infomation. In the othe case, we have leveaged use behavio to automate shaing of context elements to diffeent uses. Finally, we evaluated the pefomance of ou solutions in tems of the use expeience. Simulation esults have shown that ou schemes ae effective in educing the numbe of pompts and queies, especially when inteactions among diffeent uses ae taken into consideation. Futhemoe, ou solutions ae adaptive and have low esouce demands; as a consequence, they ae appopiate to dynamic envionments, and also suitable fo implementation on pesonal as well as sensing devices. We ae cuently woking on incopoating social pattens into ou pivacy pesevation appoach.
1.0O----;:=====il 201 i= = ----- 095 = tl S O.90 ",,0.85 c:)?;' 5j 0.80 0 0.75. ' co 070. ;jj 0.65 = 5 E ::> z G-() Use behavio (11'=0.9) l!t-6 Use behavio (:11"=0.7) [3- J Use behavio (:11"=0.5) G -0 Hybid (11'=0.9) b -(:j Hybid (11'=0.1) [3 oq Hybid (71"=0.5) U> 510 -., e! 80 o 60 Q).0 40 z 06 120 22 24 26 28 Size of equested context (10,1) 30 15 20 25 30 35 40 45 50 Numbe of sessions between uses 10 15 20 Size of equested context (10,1) 25 (a) (b) (c) Figue 2. Shaing efficiency (a) and numbe of queies (b) as a function of ICl; numbe of opeations (c) as a function of ICl. ACKNOWLEDGEMENTS This wok has been patially suppoted by NSF Gants IIS-I064460 and CNS-II50 192. The authos would like to thank Na Li fo he valuable feedback. BIBLIOGRAPHY [1] J. Buckley, "Fom RFID to the Intenet Of Things: Pevasive Netwoked Systems," Euopean Commission Diectoate "Netwok and Communication Technologies", Tech. Rep., 2006. [Online]. Available: ftp://ftp.codis.euopa.eu/pub/istldocs/ka4/ au_conf670306_buckley _en. pdf [2] U. Hansmann, L. Mek, M. S. Nicklous, and T. Stobe, Pevasive Computing: The Mobile Wold, 2nd ed. Spinge-Velag, August 2003. [3] D.-H. Shin, "Ubiquitous computing acceptance model & end use concen about secuity, pivacy and isk," Intenational Jounal of Mobile Communications, vol. 8, no. 2, pp. 169-186, 2010. [4] S. Poslad, Ubiquitous Computing: Smat Devices, Envionments and Inteactions, 1st ed. Wiley, 2009. [5] D. 1. Cook and S. K. Das, Smat Envionments: Technology, Potocols and Applications. Wiley- Intescience, 2004. [6] --, "How smat ae ou envionments? an updated look at the state of the at," Pevasive and Mobile Computing, vol. 3, no. 2, pp. 53-73, 2007. [7] M. Weise, "The compute fo the twenty-fist centuy," Scientific Ameican, pp. 94-100, Septembe 1991. [8] G. M. Youngblood, D. J. Cook, and L. B. Holde, "Managing adaptive vesatile envionments," Pevasive and Mobile Computing, vol. 1, no. 4, pp. 373-403, 2005. [9] A. Westin, Pivacy and Feedom, 5th ed. Atheneum, 1967. [10] A. R. Beesfod and F. Stajano, "Location pivacy in pevasive computing," IEEE Pevasive Computing, vol. 2, no. 1, pp. 46-55, 2003. [11] 1. I. Hong, 1. D. Ng, S. Ledee, and J. A. Landay, "Pivacy isk models fo designing pivacy-sensitive ubiquitous computing systems," in DIS '04: Poceedings of the 5th confeence on Designing inteactive systems, 2004, pp. 91-100. [12] c. Conelius, A. Kapadia, D. Kotz, D. Peebles, M. Shin, and N. Tiandopoulos, "AnonySense: Pivacyawae people-centic sensing," in Poc. of the 2008 Intenational Confeence on Mobile Systems, Applications, and Sevices (MobiSys), June 2008, pp. 211-224. [13] G. Pallapa, N. Roy, and S. K. Das, "A scheme fo quantizing pivacy in context-awae ubiquitous computing," in Intelligent Envionments 2008, let 4th Intenational Confeence on, July 2008, pp. 1-8. [14] U. Hengatne and P. Steenkiste, "Avoiding pivacy violations caused by context-sensitive sevices," Pevasive and Mobile Computing, vol. 2, no. 4, pp. 427-452, 2006, special Issue on PeCom 2006. [15] N. Roy, G. Pallapa, and S. K. Das, "A middlewae famewok fo ambiguous context mediation in smat healthcae application," in WIMOB '07: Poc. of the Thid IEEE Confeence on Wieless and Mobile Computing, Netwoking and Communications, 2007, p. 72. [16] H. Kellee, U. Pfeschy, and D. Pisinge, Knapsack Poblems, 1st ed. Spinge, 2004. [17] S. Matello and P. Toth, Knapsack poblems: algoithms and compute implementations. New Yok, NY, USA: John Wiley & Sons, Inc., 1990. [18] G. V. Pallapa, "A pivacy enhanced situation-awae middlewae famewok fo ubiquitous computing envionments," Ph.D. dissetation, The Univesity of Texas at Alington, 2010. [Online]. Available: http://hdl.handle.netil 0106/4867 [19] The Dools Poject, "JBoss Entepise Business Rules Management System," http://jboss.og/dools, 2010. [20] Sun Micosystems/Oacle, "Mobile Infomation Device Pofile," http://java.sun.com/poducts/midp/ oveview.html, 2010.