Is It Safe to Share Your Files? An Empirical Security Analysis of Google Workspace Add-ons
File version
Author(s)
Wang, K
Wang, H
Bai, G
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)
Date
Size
File type(s)
Location
Singapore, Singapore
License
Abstract
The increasing demand for remote work and virtual interactions has heightened the usage of business collaboration platforms∼(BCPs), with Google Workspace as a prominent example. These platforms enhance team collaboration by integrating Google Docs, Slides, Calendar, and feature-rich third-party applications (add-ons). However, such integration of multiple users and entities has inadvertently introduced new and complex attack surfaces, elevating security and privacy risks in resource management to unprecedented levels. In this study, we conduct a systematic study on the effectiveness of the cross-entity resource management in Google Workspace, the most popular BCP. Our study unveils the access control enforcement in real-world BCPs for the first time. Based on this, we formulate the attack surfaces inherent in BCPs and conduct a comprehensive assessment, pinpointing three vulnerability types leading to distinct attacks. An analysis of 4,732 marketplace add-ons reveals that approximately 70% are potentially vulnerable to these attacks. We propose robust countermeasures to improve BCP security, urging immediate action and setting a foundation for future research.
Journal Title
Conference Title
WWW '24: Proceedings of the ACM Web Conference 2024
Book Title
Edition
Volume
Issue
Thesis Type
Degree Program
School
Publisher link
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement
Item Access Status
Note
Access the data
Related item(s)
Subject
Persistent link to this record
Citation
Wan, L; Wang, K; Wang, H; Bai, G, Is It Safe to Share Your Files? An Empirical Security Analysis of Google Workspace Add-ons, WWW 2024 - Proceedings of the ACM Web Conference, WWW '24: Proceedings of the ACM Web Conference 2024, 2024, pp. 1892-1901