skip to main content
10.1145/3576915.3624376acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
poster

Poster: Data Minimization by Construction for Trigger-Action Applications

Published: 21 November 2023 Publication History

Abstract

Trigger-Action Platforms (TAPs) enable applications to integrate various devices and services otherwise unconnected. Recent features of TAPs introduce additional sources of data such as queries in IFTTT. The current TAPs, like IFTTT, demand that trigger and query services transmit excessive amounts of user data to the TAP. To limit the data to what is actually necessary for the execution to comply with the principle of data minimization, input services should send no more than the necessary data. LazyTAP proposes a new paradigm of data minimization by construction in TAPs, introducing a novel perspective for data collection from input services. While the existing push-all approach of TAPs entails coarse-grained data over-approximation, LazyTAP pulls input data on-demand at the level of attributes, once accessed by the app execution. Thanks to the fine granularity provided by LazyTAP, multiple trigger and query services can be naturally minimized while the behavior of app executions is preserved. In addition, a great benefit of LazyTAP is being seamless for third-party app developers. By leveraging laziness, LazyTAP defers computation and proxies objects to load necessary remote data behind the scenes. Our evaluation study on app benchmarks shows that on average LazyTAP improves minimization by 95% over IFTTT and by 38% over minTAP, with a tolerable performance overhead. This poster goes into further details about LazyTAP and elaborates on its prototype implementation.

References

[1]
Mohammad M. Ahmadpanah, Daniel Hedin, and Andrei Sabelfeld. 2023. LazyTAP implementation and benchmarks. https://www.cse.chalmers.se/research/group/security/lazytap/.
[2]
Mohammad M. Ahmadpanah, Daniel Hedin, and Andrei Sabelfeld. 2023. LazyTAP: On-Demand Data Minimization for Trigger-Action Applications. In S&P. IEEE, 3079--3097.
[3]
Thibaud Antignac, David Sands, and Gerardo Schneider. 2017. Data Minimisation: A Language-Based Approach. In SEC.
[4]
Yunang Chen, Mohannad Alhanahnah, Andrei Sabelfeld, Rahul Chatterjee, and Earlence Fernandes. 2022. Practical Data Access Minimization in Trigger-Action Platforms. In USENIX Security.
[5]
CPRA 2020. California Privacy Rights Act (CPRA). https://oag.ca.gov/privacy/.
[6]
GDPR 2018. General Data Protection Regulation (GDPR). Art. 5 Principles relating to processing of personal data. https://gdpr-info.eu/art-5-gdpr/.
[7]
IFTTT 2023. If This Then That. https://ifttt.com.
[8]
IFTTT. 2023. IFTTT's Glossary: Query. https://platform.ifttt.com/docs/glossary.
[9]
IFTTT. 2023. Service API requirements. https://platform.ifttt.com/docs/api_ref erence.
[10]
IFTTT. 2023. The art of the query. https://ifttt.com/developer_blog/the-art-of-the-query.
[11]
IFTTT app 2023. Get a morning reminder about your first meeting daily. https: //ifttt.com/connections/WHQ7AjWP.
[12]
IFTTT app 2023. Saturday movie night recommendations with Samsung Smart-Things and Trackt. https://ifttt.com/applets/jUy5if7H.
[13]
Microsoft Power Automate 2023. https://powerautomate.microsoft.com.
[14]
Zapier 2023. https://zapier.com.

Index Terms

  1. Poster: Data Minimization by Construction for Trigger-Action Applications

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
    November 2023
    3722 pages
    ISBN:9798400700507
    DOI:10.1145/3576915
    Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 21 November 2023

    Check for updates

    Author Tags

    1. data minimization
    2. lazy computation
    3. trigger-action platforms

    Qualifiers

    • Poster

    Funding Sources

    • WASP
    • SSF

    Conference

    CCS '23
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

    Upcoming Conference

    CCS '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 156
      Total Downloads
    • Downloads (Last 12 months)115
    • Downloads (Last 6 weeks)9
    Reflects downloads up to 17 Jan 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media