Show simple item record

dc.contributor.authorMahadewa, K
dc.contributor.authorZhang, Y
dc.contributor.authorBai, G
dc.contributor.authorBu, L
dc.contributor.authorZuo, Z
dc.contributor.authorFernando, D
dc.contributor.authorLiang, Z
dc.contributor.authorDong, JS
dc.description.abstractWith many trigger-action platforms that integrate Internet of Things (IoT) systems and online services, rich functionalities transparently connecting digital and physical worlds become easily accessible for the end users. On the other hand, such facilities incorporate multiple parties whose data control policies may radically differ and even contradict each other, and thus privacy violations may arise throughout the lifecycle (e.g., generation and transmission) of triggers and actions. In this work, we conduct an in-depth study on the privacy issues in multi-party trigger-action integration platforms (TAIPs). We first characterize privacy violations that may arise with the integration of heterogeneous systems and services. Based on this knowledge, we propose Taifu, a dynamic testing approach to identify privacy weaknesses from the TAIP. The key insight of Taifu is that the applets which actually program the trigger-action rules can be used as test cases to explore the behavior of the TAIP. We evaluate the effectiveness of our approach by applying it on the TAIPs that are built around the IFTTT platform. To our great surprise, we find that privacy violations are prevalent among them. Using the automatically generated 407 applets, each from a different TAIP, Taifu detects 194 cases with access policy breaches, 218 access control missing, 90 access revocation missing, 15 unintended flows, and 73 over-privilege access.
dc.publisherAssociation for Computing Machinery
dc.publisher.placeNew York, NY, United States
dc.relation.ispartofconferencenameISSTA 2021: 30th ACM SIGSOFT International Symposium on Software Testing and Analysis
dc.relation.ispartofconferencetitleISSTA 2021: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis
dc.relation.ispartoflocationVirtual, Denmark
dc.subject.fieldofresearchInformation systems
dc.titleIdentifying privacy weaknesses from multi-party trigger-action integration platforms
dc.typeConference output
dc.type.descriptionE1 - Conferences
dcterms.bibliographicCitationMahadewa, K; Zhang, Y; Bai, G; Bu, L; Zuo, Z; Fernando, D; Liang, Z; Dong, JS, Identifying privacy weaknesses from multi-party trigger-action integration platforms, ISSTA 2021: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2021, pp. 2-15
gro.hasfulltextNo Full Text
gro.griffith.authorBai, Guangdong
gro.griffith.authorDong, Jin-Song

Files in this item


There are no files associated with this item.

This item appears in the following Collection(s)

  • Conference outputs
    Contains papers delivered by Griffith authors at national and international conferences.

Show simple item record